How do I implement Outlook Anywhere in Exchange 2007?
Hi all,
I need to implement RPC over HTTPs (now called Outlook Anywhere) and I am having a bit of difficulty. Any help is greatly appreciated. We have a couple of users that work for the company but don't use an office computer, so it would be very helpful for them to be able to configure their external Outlook to connect to our Exchange server as OWA only gives web access to internal Outlook.
Here's some details:
RPC over HTTP Proxy is installed on the IIS server. Exchange is hosted on the same server. I believe it was installed automatically during the Essential Business Server Messaging Server installation process.
I purchased a SSL certificate through GoDaddy and users can access OWA with no problems or cert errors.
I went to https://testexchangeconnectivity.com and used a newly created domain test account to verify connectivity. I had to input the exchange settings manually, autodiscovery was not successful. After that, everything succeeded and the connectivity test was successful, however, when I configure a remote users' Outlook to connect to Exchange it will not connect. Outlook reports an error during setup: "The connection to the Microsoft Exchange Server is unavailable. Outlook must be online or connected to complete this action."
I am thinking that the issue is in IIS. There is the Default Site, with all of the virtual directories containing owa, oab, autodiscovery, exch, exchweb etc... and then there is another site called HTTP Redirect and it's only purpose seems to be to direct any HTTP requests to the OWA directory using HTTPS (when users navigate to http://email.domain they are redirected to https://email.domin/owa). I remember setting this up as part of a walkthrough on configuring OWA. Could this be the problem, as the rpc virtual directory cannot be accessed using the external exchange URL?
Let me know if you need any more information. I look forward to your input!
I need to implement RPC over HTTPs (now called Outlook Anywhere) and I am having a bit of difficulty. Any help is greatly appreciated. We have a couple of users that work for the company but don't use an office computer, so it would be very helpful for them to be able to configure their external Outlook to connect to our Exchange server as OWA only gives web access to internal Outlook.
Here's some details:
RPC over HTTP Proxy is installed on the IIS server. Exchange is hosted on the same server. I believe it was installed automatically during the Essential Business Server Messaging Server installation process.
I purchased a SSL certificate through GoDaddy and users can access OWA with no problems or cert errors.
I went to https://testexchangeconnectivity.com and used a newly created domain test account to verify connectivity. I had to input the exchange settings manually, autodiscovery was not successful. After that, everything succeeded and the connectivity test was successful, however, when I configure a remote users' Outlook to connect to Exchange it will not connect. Outlook reports an error during setup: "The connection to the Microsoft Exchange Server is unavailable. Outlook must be online or connected to complete this action."
I am thinking that the issue is in IIS. There is the Default Site, with all of the virtual directories containing owa, oab, autodiscovery, exch, exchweb etc... and then there is another site called HTTP Redirect and it's only purpose seems to be to direct any HTTP requests to the OWA directory using HTTPS (when users navigate to http://email.domain they are redirected to https://email.domin/owa). I remember setting this up as part of a walkthrough on configuring OWA. Could this be the problem, as the rpc virtual directory cannot be accessed using the external exchange URL?
Let me know if you need any more information. I look forward to your input!
The settings in outlook are the same as for internal users, but before you check (try to resolve) username on exchange server you have to configure advanced settings (exchange proxy settings).
https://www.experts-exchange.com/questions/23786450/Connect-Outlook-2007-non-domain-client-To-Exchange-2003.html
You have also to install certificate from owa site - this is first step.
https://www.experts-exchange.com/questions/23786450/Connect-Outlook-2007-non-domain-client-To-Exchange-2003.html
You have also to install certificate from owa site - this is first step.
If TestExchangeConnectivity.c
Because the test gives you the ability to ignore certificates, it's possible that the client is failing on the cert and the test isn't telling you that. Did you choose to ignore certs? The other option might be that the client is configured to use NTLM instead of Basic auth. Have you tested with both? Normally I try to use Basic, although other people use NTLM of other reasons.
Because the test gives you the ability to ignore certificates, it's possible that the client is failing on the cert and the test isn't telling you that. Did you choose to ignore certs? The other option might be that the client is configured to use NTLM instead of Basic auth. Have you tested with both? Normally I try to use Basic, although other people use NTLM of other reasons.
ASKER
kpoochi, thank you I will refer to those articles later.
davorin, I went to the OWA site, and imported the certificate successfully. Nothing seems to have changed. I already have the proxy settings configured in the Outlook profile as per the link you gave me.
Shack-Daddy, I tried NTLM and Basic with the same result.
When I click on "Check Name" in the first outlook Exchange Server Settings window, I am continually prompted with a login. No matter how I enter the credentials it just keeps coming back up. I have tried test@domain, domain\test, test, domain.local\test, exchange_server\test for username (the account I am working with is named test) and nothing works.
davorin, I went to the OWA site, and imported the certificate successfully. Nothing seems to have changed. I already have the proxy settings configured in the Outlook profile as per the link you gave me.
Shack-Daddy, I tried NTLM and Basic with the same result.
When I click on "Check Name" in the first outlook Exchange Server Settings window, I am continually prompted with a login. No matter how I enter the credentials it just keeps coming back up. I have tried test@domain, domain\test, test, domain.local\test, exchange_server\test for username (the account I am working with is named test) and nothing works.
from exchange shell
get-webservicesvirtualdire
output the results here
get-webservicesvirtualdire
output the results here
ASKER
get-webservicesvirtualdire
RESULT:
InternalNLBBypassUrl : https://server.domain.local/ews/exch
ange.asmx
Name : EWS (Default Web Site)
InternalAuthenticationMeth
ExternalAuthenticationMeth
BasicAuthentication : True
DigestAuthentication : False
WindowsAuthentication : True
MetabasePath : IIS://server.domain.local/W3SVC/1/RO
OT/EWS
Path : C:\Program Files\Microsoft\Exchange Server\Clie
ntAccess\exchweb\EWS
Server : server
InternalUrl : https://email.domain/ews/exchange.as
mx
ExternalUrl :
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=EWS (Default Web Site),CN=HTTP,CN=Protocols
CN=server,CN=Servers,CN=Exchange Administrative
Group (FYDIBOHF23SPDLT),CN=Admin
ps,CN=First Organization,CN=Microsoft Exchange,
CN=Services,CN=Configurati
Identity : server\EWS (Default Web Site)
Guid : 0335516e-eb70-48d5-9c3a-4f
ObjectCategory : domain.local/Configuration/Schem
-Exch-Web-Services-Virtual
ObjectClass : {top, msExchVirtualDirectory, msExchWebServices
VirtualDirectory}
WhenChanged : 4/22/2010 10:26:56 AM
WhenCreated : 3/1/2010 11:38:03 AM
OriginatingServer : domaincontroller.domain.local
IsValid : True
RESULT:
InternalNLBBypassUrl : https://server.domain.local/ews/exch
ange.asmx
Name : EWS (Default Web Site)
InternalAuthenticationMeth
ExternalAuthenticationMeth
BasicAuthentication : True
DigestAuthentication : False
WindowsAuthentication : True
MetabasePath : IIS://server.domain.local/W3SVC/1/RO
OT/EWS
Path : C:\Program Files\Microsoft\Exchange Server\Clie
ntAccess\exchweb\EWS
Server : server
InternalUrl : https://email.domain/ews/exchange.as
mx
ExternalUrl :
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=EWS (Default Web Site),CN=HTTP,CN=Protocols
CN=server,CN=Servers,CN=Exchange Administrative
Group (FYDIBOHF23SPDLT),CN=Admin
ps,CN=First Organization,CN=Microsoft Exchange,
CN=Services,CN=Configurati
Identity : server\EWS (Default Web Site)
Guid : 0335516e-eb70-48d5-9c3a-4f
ObjectCategory : domain.local/Configuration/Schem
-Exch-Web-Services-Virtual
ObjectClass : {top, msExchVirtualDirectory, msExchWebServices
VirtualDirectory}
WhenChanged : 4/22/2010 10:26:56 AM
WhenCreated : 3/1/2010 11:38:03 AM
OriginatingServer : domaincontroller.domain.local
IsValid : True
ASKER
Heading out for a bit, will check back later.
Your external URL is blank
ExternalUrl :
get-webservicesvirtualdire
where mail.domain.com is your external FQDN
Browse to
"https://mail.domain.com/ews/exchange.asmx"
from IE
see if you get a login prompt
thanks
ExternalUrl :
get-webservicesvirtualdire
where mail.domain.com is your external FQDN
Browse to
"https://mail.domain.com/ews/exchange.asmx"
from IE
see if you get a login prompt
thanks
Is Outlook anywhere working correctly for your domain users when they are outside your company?
Also
test it here after you make those changes
www.testexchangeconnectivity.com/
Test for outlook anywhere.
thanks
test it here after you make those changes
www.testexchangeconnectivity.com/
Test for outlook anywhere.
thanks
ASKER
Sage, I went ahead and applied that external URL command. I cannot test it yet, as something else has stopped working. Yesterday I was reading forums, articles etc. and followed a couple of guides to try and solve this, now my OWA is not working. I made a couple of changes in IIS, but I don't remember exactly what I did (yeah I know, I should have documented). So I guess I may have to open a new question to solve the OWA thing first. Once I can access it again, I will resume work on Outlook Anywhere.
Before changes made yesterday OWA was accessible externally and internally using http://email.domain.com and it would redirect to https://email.domain.com/owa. Now, it is accessible neither externally or internally using FQDN or netbios name. Something just seemed to completely break OWA site.
Before changes made yesterday OWA was accessible externally and internally using http://email.domain.com and it would redirect to https://email.domain.com/owa. Now, it is accessible neither externally or internally using FQDN or netbios name. Something just seemed to completely break OWA site.
ASKER
davorin, no I havent been able to connect anyone externally yet.
When you will solve your owa problem I would propose that you troubleshoot AO problem using following steps:
- Use a domain computer for testing, because on domain computers the correct certificates are installed automatically. You can check that by trying to access OWA - You should not get certificate warnings.
- Then you configure outlook on domain computer for outlook anywhere. You can test configuration using "outlook.exe /rpcdiag" from command prompt. (This article could be of some help even if it is for Exchange 2003: http://www.petri.co.il/testing_rpc_over_http_connection.htm).
- If the test will pass, you can try to access to OA from outside of your network.
- When everything will work fine, then you can try to connect non domain PC.
- Use a domain computer for testing, because on domain computers the correct certificates are installed automatically. You can check that by trying to access OWA - You should not get certificate warnings.
- Then you configure outlook on domain computer for outlook anywhere. You can test configuration using "outlook.exe /rpcdiag" from command prompt. (This article could be of some help even if it is for Exchange 2003: http://www.petri.co.il/testing_rpc_over_http_connection.htm).
- If the test will pass, you can try to access to OA from outside of your network.
- When everything will work fine, then you can try to connect non domain PC.
ASKER
Ok, so I have OWA back up, it was a very easy fix. I had stopped the default web site when changing authentication, and never restarted it X.X
I went ahead and configured my own Outlook account on the domain for OA and ran "outlook.exe /rpcdiag" from the command prompt. Here's the result window:
Everything seems to connect as it should.
connect-20status.JPG
I went ahead and configured my own Outlook account on the domain for OA and ran "outlook.exe /rpcdiag" from the command prompt. Here's the result window:
Everything seems to connect as it should.
connect-20status.JPG
ASKER
I will attempt to setup OA from my home PC (not on domain) next and report back.
ASKER
Ok, I set up Outlook Exchange settings exactly as I did at work, and when I launch Outlook I am prompted to enter my username and password. I enter domain\username and my password and then receive the following error:
error.JPG
error.JPG
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
davorin; I have a laptop on the domain I will test with today externally.
sunnyc7; I followed that guide on the external computer that is not on the domain and I still get the same connection failure message.
sunnyc7; I followed that guide on the external computer that is not on the domain and I still get the same connection failure message.
ASKER
UPDATE
It is working! I changed the server settings in Outlook account setup to use the following:
Server: netbiosname.domain.local (before I was trying external.domain)
Username: mailbox name
Under connection state, selected "automatically detect connection state" checkbox.
Under proxy settings, cleared the checkbox to "Only connect to proxy servers that have this principal name in their certificate"
sunnyc, that guide you pointed me to showed me to clear the proxy setting checkbox. I think that was a big part of it.
davorin, your initial response was the closest to being the solution, however it ended up I had to configure external outlook slightly different than internal outlook in order to connect over HTTPS.
I will be splitting points to the two of you that followed up with me on this. Thank you so much for your assistance!
It is working! I changed the server settings in Outlook account setup to use the following:
Server: netbiosname.domain.local (before I was trying external.domain)
Username: mailbox name
Under connection state, selected "automatically detect connection state" checkbox.
Under proxy settings, cleared the checkbox to "Only connect to proxy servers that have this principal name in their certificate"
sunnyc, that guide you pointed me to showed me to clear the proxy setting checkbox. I think that was a big part of it.
davorin, your initial response was the closest to being the solution, however it ended up I had to configure external outlook slightly different than internal outlook in order to connect over HTTPS.
I will be splitting points to the two of you that followed up with me on this. Thank you so much for your assistance!
ASKER
Final result: configuration in Outlook on external computer. Most guides direct to only connect to proxy server with the msstd name in certificate, which was innacurate in my case. Also, I used internal server name instead of external.
Glad you have solved your problem. The procedure for non domain clients should be a little bit different, but not the configuration. I had problems with non trusted self signed certificates and part "Do not click Check Name!"
Bellow are the instructions taken from SBS2008 RWW. Maybe it will be of some use for you.
To use Outlook via the Internet ensure that the following requirements have been met on the client computer:
- Verify that the computer is running Microsoft Windows XP Service Pack 1 or later
- Verify that Windows update Q331320 is installed on the computer (not required if you are running Windows XP Service Pack 2 or later)
- Verify that the computer is running Outlook 2003 or later
- Verify that the computer trusts the certificate used by the server
(Open Internet Explorer, and then in the address bar type: https://external.domain/owa
If the certificate is trusted, a certificate warning does not appear. If you use self signed certificate you must install also CA certificate)
Configuration:
Create new profile and add a new e-mail account. The Server Type dialog box appears.
Click Microsoft Exchange Server, and then click Next.
In the Microsoft Exchange Server box, type the local name of the Exchange server netbiosname.domain.local
In the User Name box, type the user name that you use to log on to the Remote Web Workplace. Do not click Check Name!
In the Exchange Server settings page, click More Settings.
On the Connection tab, under Exchange over the Internet, select Connect to my Exchange mailbox using HTTP, and then click Exchange Proxy Settings. The Exchange Proxy Settings dialog box appears.
Under Use this URL to connect to my proxy server for Exchange, type the following URL:
external.domain
Select Connect using SSL only, and then select Mutually authenticate the session when connecting with SSL.
In the Principal name for proxy server box, type the following text: msstd:external.domain
Select On slow networks, connect using HTTP first, then connect using TCP/IP.
Under Proxy authentication settings, select Basic Authentication.
Open Outlook and type your user name (in the format DOMAIN\user name) and password.
Bellow are the instructions taken from SBS2008 RWW. Maybe it will be of some use for you.
To use Outlook via the Internet ensure that the following requirements have been met on the client computer:
- Verify that the computer is running Microsoft Windows XP Service Pack 1 or later
- Verify that Windows update Q331320 is installed on the computer (not required if you are running Windows XP Service Pack 2 or later)
- Verify that the computer is running Outlook 2003 or later
- Verify that the computer trusts the certificate used by the server
(Open Internet Explorer, and then in the address bar type: https://external.domain/owa
If the certificate is trusted, a certificate warning does not appear. If you use self signed certificate you must install also CA certificate)
Configuration:
Create new profile and add a new e-mail account. The Server Type dialog box appears.
Click Microsoft Exchange Server, and then click Next.
In the Microsoft Exchange Server box, type the local name of the Exchange server netbiosname.domain.local
In the User Name box, type the user name that you use to log on to the Remote Web Workplace. Do not click Check Name!
In the Exchange Server settings page, click More Settings.
On the Connection tab, under Exchange over the Internet, select Connect to my Exchange mailbox using HTTP, and then click Exchange Proxy Settings. The Exchange Proxy Settings dialog box appears.
Under Use this URL to connect to my proxy server for Exchange, type the following URL:
external.domain
Select Connect using SSL only, and then select Mutually authenticate the session when connecting with SSL.
In the Principal name for proxy server box, type the following text: msstd:external.domain
Select On slow networks, connect using HTTP first, then connect using TCP/IP.
Under Proxy authentication settings, select Basic Authentication.
Open Outlook and type your user name (in the format DOMAIN\user name) and password.
http://technet.microsoft.com/en-us/library/aa998934(EXCHG.80).aspx
http://technet.microsoft.com/en-us/library/cc179036.aspx