Solved

How do I implement Outlook Anywhere in Exchange 2007?

Posted on 2010-08-18
22
723 Views
Last Modified: 2012-05-10
Hi all,

I need to implement RPC over HTTPs (now called Outlook Anywhere) and I am having a bit of difficulty. Any help is greatly appreciated. We have a couple of users that work for the company but don't use an office computer, so it would be very helpful for them to be able to configure their external Outlook to connect to our Exchange server as OWA only gives web access to internal Outlook.

Here's some details:

RPC over HTTP Proxy is installed on the IIS server. Exchange is hosted on the same server. I believe it was installed automatically during the Essential Business Server Messaging Server installation process.
I purchased a SSL certificate through GoDaddy and users can access OWA with no problems or cert errors.
I went to https://testexchangeconnectivity.com and used a newly created domain test account to verify connectivity. I had to input the exchange settings manually, autodiscovery was not successful. After that, everything succeeded and the connectivity test was successful, however, when I configure a remote users' Outlook to connect to Exchange it will not connect. Outlook reports an error during setup: "The connection to the Microsoft Exchange Server is unavailable. Outlook must be online or connected to complete this action."

I am thinking that the issue is in IIS. There is the Default Site, with all of the virtual directories containing owa, oab, autodiscovery, exch, exchweb etc... and then there is another site called HTTP Redirect and it's only purpose seems to be to direct any HTTP requests to the OWA directory using HTTPS (when users navigate to http://email.domain they are redirected to https://email.domin/owa). I remember setting this up as part of a walkthrough on configuring OWA. Could this be the problem, as the rpc virtual directory cannot be accessed using the external exchange URL?

Let me know if you need any more information. I look forward to your input!
0
Comment
Question by:CoSmismgr
  • 11
  • 5
  • 4
  • +2
22 Comments
 
LVL 5

Expert Comment

by:kpoochi
Comment Utility
0
 
LVL 27

Expert Comment

by:davorin
Comment Utility
The settings in outlook are the same as for internal users, but before you check (try to resolve) username on exchange server you have to configure advanced settings (exchange proxy settings).
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_23786450.html
You have also to install certificate from owa site - this is first step.
0
 
LVL 6

Expert Comment

by:Shack-Daddy
Comment Utility
If TestExchangeConnectivity.com succeeds in connecting, there isn't usually a configuration problem on the server. At that point it's most often a matter of making sure things are right on the client.

Because the test gives you the ability to ignore certificates, it's possible that the client is failing on the cert and the test isn't telling you that. Did you choose to ignore certs? The other option might be that the client is configured to use NTLM instead of Basic auth. Have you tested with both? Normally I try to use Basic, although other people use NTLM of other reasons.
0
 
LVL 5

Author Comment

by:CoSmismgr
Comment Utility
kpoochi, thank you I will refer to those articles later.

davorin, I went to the OWA site, and imported the certificate successfully. Nothing seems to have changed. I already have the proxy settings configured in the Outlook profile as per the link you gave me.

Shack-Daddy, I tried NTLM and Basic with the same result.

When I click on "Check Name" in the first outlook Exchange Server Settings window, I am continually prompted with a login. No matter how I enter the credentials it just keeps coming back up. I have tried test@domain, domain\test, test, domain.local\test, exchange_server\test for username (the account I am working with is named test) and nothing works.
0
 
LVL 28

Expert Comment

by:sunnyc7
Comment Utility
from exchange shell

get-webservicesvirtualdirectory | fl

output the results here
0
 
LVL 5

Author Comment

by:CoSmismgr
Comment Utility
get-webservicesvirtualdirectory | fl
RESULT:
InternalNLBBypassUrl : https://server.domain.local/ews/exch
ange.asmx
Name : EWS (Default Web Site)
InternalAuthenticationMethods : {Ntlm, WindowsIntegrated, Basic}
ExternalAuthenticationMethods : {Ntlm, WindowsIntegrated, Basic}
BasicAuthentication : True
DigestAuthentication : False
WindowsAuthentication : True
MetabasePath : IIS://server.domain.local/W3SVC/1/RO
OT/EWS
Path : C:\Program Files\Microsoft\Exchange Server\Clie
ntAccess\exchweb\EWS
Server : server
InternalUrl : https://email.domain/ews/exchange.as
mx
ExternalUrl :
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=EWS (Default Web Site),CN=HTTP,CN=Protocols,
CN=server,CN=Servers,CN=Exchange Administrative
Group (FYDIBOHF23SPDLT),CN=Administrative Grou
ps,CN=First Organization,CN=Microsoft Exchange,
CN=Services,CN=Configuration,DC=domain,DC=local
Identity : server\EWS (Default Web Site)
Guid : 0335516e-eb70-48d5-9c3a-4fcb6fa52b98
ObjectCategory : domain.local/Configuration/Schema/ms
-Exch-Web-Services-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchWebServices
VirtualDirectory}
WhenChanged : 4/22/2010 10:26:56 AM
WhenCreated : 3/1/2010 11:38:03 AM
OriginatingServer : domaincontroller.domain.local
IsValid : True
0
 
LVL 5

Author Comment

by:CoSmismgr
Comment Utility
Heading out for a bit, will check back later.
0
 
LVL 28

Expert Comment

by:sunnyc7
Comment Utility
Your external URL is blank
ExternalUrl :

get-webservicesvirtualdirectory | Set-webservicesvirtualdirectory -externalurl:"https://mail.domain.com/ews/exchange.asmx"

where mail.domain.com is your external FQDN

Browse to
"https://mail.domain.com/ews/exchange.asmx"
from IE

see if you get a login prompt

thanks
0
 
LVL 27

Expert Comment

by:davorin
Comment Utility
Is Outlook anywhere working correctly for your domain users when they are outside your company?
0
 
LVL 28

Expert Comment

by:sunnyc7
Comment Utility
Also
test it here after you make those changes
www.testexchangeconnectivity.com/

Test for outlook anywhere.

thanks
0
 
LVL 5

Author Comment

by:CoSmismgr
Comment Utility
Sage, I went ahead and applied that external URL command. I cannot test it yet, as something else has stopped working. Yesterday I was reading forums, articles etc. and followed a couple of guides to try and solve this, now my OWA is not working. I made a couple of changes in IIS, but I don't remember exactly what I did (yeah I know, I should have documented). So I guess I may have to open a new question to solve the OWA thing first. Once I can access it again, I will resume work on Outlook Anywhere.

Before changes made yesterday OWA was accessible externally and internally using http://email.domain.com and it would redirect to https://email.domain.com/owa. Now, it is accessible neither externally or internally using FQDN or netbios name. Something just seemed to completely break OWA site.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 5

Author Comment

by:CoSmismgr
Comment Utility
davorin, no I havent been able to connect anyone externally yet.
0
 
LVL 27

Expert Comment

by:davorin
Comment Utility
When you will solve your owa problem I would propose that you troubleshoot AO problem using following steps:
- Use a domain computer for testing, because on domain computers the correct certificates are installed automatically. You can check that by trying to access OWA - You should not get certificate warnings.
- Then you configure outlook on domain computer for outlook anywhere. You can test configuration using "outlook.exe /rpcdiag" from command prompt. (This article could be of some help even if it is for Exchange 2003: http://www.petri.co.il/testing_rpc_over_http_connection.htm).
- If the test will pass, you can try to access to OA from outside of your network.
- When everything will work fine, then you can try to connect non domain PC.
0
 
LVL 5

Author Comment

by:CoSmismgr
Comment Utility
Ok, so I have OWA back up, it was a very easy fix. I had stopped the default web site when changing authentication, and never restarted it X.X


I went ahead and configured my own Outlook account on the domain for OA and ran "outlook.exe /rpcdiag" from the command prompt. Here's the result window:

 Everything seems to connect as it should.

connect-20status.JPG
0
 
LVL 5

Author Comment

by:CoSmismgr
Comment Utility
I will attempt to setup OA from my home PC (not on domain) next and report back.
0
 
LVL 5

Author Comment

by:CoSmismgr
Comment Utility
Ok, I set up Outlook Exchange settings exactly as I did at work, and when I launch Outlook I am prompted to enter my username and password. I enter domain\username and my password and then receive the following error:

error.JPG
0
 
LVL 27

Accepted Solution

by:
davorin earned 250 total points
Comment Utility
This could be caused by two things - client misconfiguration (procedure is a little bit different as for domain client) or the way the exchange is connected to internet (firewall, DNS,...).
It would be nice if you have the option to try to connect to OA from outside with your domain computer. In this way you will eliminate one of two options.
At home do you get certificate warning if you go to your OWA site?
0
 
LVL 28

Assisted Solution

by:sunnyc7
sunnyc7 earned 250 total points
Comment Utility
cosmismgr
Check this guide on how to configure outlook clients with RPC/HTTPS
https://wiki.csuchico.edu/confluence/display/help/Outlook+2007+RPC+over+HTTP+Exchange+Access
0
 
LVL 5

Author Comment

by:CoSmismgr
Comment Utility
davorin; I have a laptop on the domain I will test with today externally.

sunnyc7; I followed that guide on the external computer that is not on the domain and I still get the same connection failure message.
0
 
LVL 5

Author Comment

by:CoSmismgr
Comment Utility
UPDATE

It is working! I changed the server settings in Outlook account setup to use the following:

Server: netbiosname.domain.local (before I was trying external.domain)
Username: mailbox name

Under connection state, selected "automatically detect connection state" checkbox.
Under proxy settings, cleared the checkbox to "Only connect to proxy servers that have this principal name in their certificate"


sunnyc, that guide you pointed me to showed me to clear the proxy setting checkbox. I think that was a big part of it.

davorin, your initial response was the closest to being the solution, however it ended up I had to configure external outlook slightly different than internal outlook in order to connect over HTTPS.

I will be splitting points to the two of you that followed up with me on this. Thank you so much for your assistance!
0
 
LVL 5

Author Closing Comment

by:CoSmismgr
Comment Utility
Final result: configuration in Outlook on external computer. Most guides direct to only connect to proxy server with the msstd name in certificate, which was innacurate in my case. Also, I used internal server name instead of external.
0
 
LVL 27

Expert Comment

by:davorin
Comment Utility
Glad you have solved your problem. The procedure for non domain clients should be a little bit different, but not the configuration. I had problems with non trusted self signed certificates and part "Do not click Check Name!"
Bellow are the instructions taken from SBS2008 RWW. Maybe it will be of some use for you.

To use Outlook via the Internet ensure that the following requirements have been met on the client computer:
- Verify that the computer is running Microsoft Windows XP Service Pack 1 or later
- Verify that Windows update Q331320 is installed on the computer (not required if you are running Windows XP Service Pack 2 or later)
- Verify that the computer is running Outlook 2003 or later
- Verify that the computer trusts the certificate used by the server
(Open Internet Explorer, and then in the address bar type: https://external.domain/owa
If the certificate is trusted, a certificate warning does not appear. If you use self signed certificate you must install also CA certificate)
Configuration:
Create new profile and add a new e-mail account. The Server Type dialog box appears.
Click Microsoft Exchange Server, and then click Next.
In the Microsoft Exchange Server box, type the local name of the Exchange server netbiosname.domain.local
In the User Name box, type the user name that you use to log on to the Remote Web Workplace. Do not click Check Name!
In the Exchange Server settings page, click More Settings.
On the Connection tab, under Exchange over the Internet, select Connect to my Exchange mailbox using HTTP, and then click Exchange Proxy Settings. The Exchange Proxy Settings dialog box appears.
Under Use this URL to connect to my proxy server for Exchange, type the following URL:
external.domain
Select Connect using SSL only, and then select Mutually authenticate the session when connecting with SSL.
In the Principal name for proxy server box, type the following text: msstd:external.domain
Select On slow networks, connect using HTTP first, then connect using TCP/IP.
Under Proxy authentication settings, select Basic Authentication.
Open Outlook and type your user name (in the format DOMAIN\user name) and password.
0

Featured Post

Want to promote your upcoming event?

Is your company attending an event or exhibiting at a trade show soon? Are you speaking at a conference? Spread the word by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
"Migrate" an SMTP relay receive connector to a new server using info from an old server.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
how to add IIS SMTP to handle application/Scanner relays into office 365.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now