Solved

Outlook Anywhere settings keep changing on Clients - Where can this be modified?

Posted on 2010-08-23
23
17,289 Views
Last Modified: 2012-05-10
Even after reviewing the Autodiscover settings to enter the settings correctly, it seems that my Outlook Anywhere settings for remote users keep resetting to the incorrect options.  When remote users on Outlook 2007 or 2010 have Outlook Anywhere manually configured as follows:
- Connect to MS Exchange using HTTP Enabled
- Use this URL to connect to my proxy server: 'http://mail.company.com'
- Only connect to proxy servers that have this principal name (unchecked)
- Authentication: basic

This is how it is setup manually and works great.  However after authenticating, if the person closes Outlook and opens it back up, it pulls in the default settings that seem to be somewhere on the server.  These settings also keep updating local clients (even though I try to disable Outlook Anywhere locally).  These settings are similar, however, it instead has:
- Use this URL to connect to my proxy server 'SERVERNAME01'
- Only connect to proxy servers that have this principal name in their cert 'mail.domain.com'

Obviously, they cannot see the actual servername to connect to this server since they are not in the local environment.  I cannot figure out where these settings are pulling from (AutoDiscover?  the Certificate?).

Any idea where this can be changed?
0
Comment
Question by:jaelae
  • 10
  • 7
  • 5
  • +1
23 Comments
 
LVL 8

Expert Comment

by:rr1968
ID: 33504816
Are you using SSL for mail.company.com?
0
 

Author Comment

by:jaelae
ID: 33505003
Yes. Connect using SSL is ticked off and thats what we use for mail.company.com
0
 
LVL 8

Expert Comment

by:rr1968
ID: 33505075
Then try this:
Enable connect using SSL only and check "only connect to proxy......."
In the edit box type: msstd:mail.company.com
Let me know how it goes...
0
 

Author Comment

by:jaelae
ID: 33505119
This cannot be done.  The problem is not that it won't connect.  I can add the settings so it connects to Exchange fine.  However, even after I input "msstd:mail.company.com" under the proxy server setting - as soon as I close Outlook and reconnect, it erases this and goes back to the default settings:
Use this URL: SERVERNAME01

Only connect to proxy server: mail.company.com
0
 
LVL 8

Expert Comment

by:rr1968
ID: 33505178
What happens when you recreate the Outlook profile from scratch? Does the setting revert back to server name?
0
 

Author Comment

by:jaelae
ID: 33505215
rr1968:

Yes.  THis is on every single Outlook install out there, this includes brand new installs, and existing installs.  I can create a new profile and this happens right away.  As soon as I create a profile internally, for example, I disable Outlook Anywhere since it is not necessary (I am local to the Exchange 2010 Server).

As soon as I close Outlook, and open it back up - these defaults are back.  There seems to be a setting somewhere that has these settings filled in and as soon as you connect to the server, it uses these settings.

0
 
LVL 8

Expert Comment

by:rr1968
ID: 33505310
Got it.
Did you check autodiscover configuration?
When outlook is open (with the servername) hold control key and click the outlook button on the taskbar and select "Test email autoconfiguration" and select all options and just enter email address of the user and click "Test"
Can you please publish the result? You may have to take snapshot, but remove server information by using tools like snag it, etc.
0
 
LVL 1

Expert Comment

by:syvaki-2
ID: 33505441
Hello,

Autodiscover rewrites values every 15 minutes or so.

Here's checklist:

check your Outlook Anywhere external hostname from EMC GUI (CAS Properties,Enable Outlook Anywhere). It should be mail.company.com. Is there SERVER01 now?

After that you can modify OutlookProvider.

From the Exchange Command Shell:

    Set-OutlookProvider EXPR -Server $null -CertPrincipalName msstd:mail.company.com

or

 Alternate Fix - Disable MSSTD checkbox in Outlook Anywhere (not recommended) in Powershell

    Set-OutlookProvider EXPR -Server $null -CertPrincipalName none (works for me)

Helps with Outlook 2007/Windows XP clients.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33509655
can you get me this

get-autodiscovervirtualdirectory | fl
get-clientaccessserver | fl

thanks
0
 

Author Comment

by:jaelae
ID: 33544053
rr1968 -

Sorry for the delay, I am responding to these messages now --
http://i35.tinypic.com/w16yj7.jpg - screen 1 from test e-mail autoconfig
http://i33.tinypic.com/2qvr09e.jpg - screen 2 from test e-mail autoconfig
0
 

Author Comment

by:jaelae
ID: 33544185
syvaki-2 -

I ran the Exchange shell command but this didn't help.  Also, I didn't try to disable the MSSTD checkbox but I am not sure if that would help.  A screenshot of the screen is below:
http://i38.tinypic.com/rh34tt.jpg

Now this is the correct setting, but as soon as I log out of Outlook, and go back in, this will default to "https://   SERVER01 "

Which is the big problem
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 28

Expert Comment

by:sunnyc7
ID: 33544209
Please let me know the results of this

get-autodiscovervirtualdirectory | fl
get-clientaccessserver | fl
0
 

Author Comment

by:jaelae
ID: 33544260
sunnyc7 -

results to these are below:
http://i35.tinypic.com/o8cw79.jpg
0
 
LVL 28

Accepted Solution

by:
sunnyc7 earned 500 total points
ID: 33544311
a) Your SCP is set from get-clientaccessserver
because this field is set
AutodiscoverinternalURI

b) Your autodiscoverfields are not set because these fields are empty

internal url
externalurl

get-autodiscovervirtualdirectory | set-autodiscovervirtualdirectory -internalurl:"https://mail.domain.local/autodiscover/autodiscover.xml"

get-autodiscovervirtualdirectory | set-autodiscovervirtualdirectory -externalurl:"https://mail.domain.com/autodiscover/autodiscover.xml"

Run these 2.

After this
a) your outlook clients will be set.
b) your external autodiscover URL will be set.

You have to ensure that your UCC/SAN cert has the following names

mail.domain.com (external)
autodiscover.domain.com (external)
mail.domain.local (internal FQDN)
mailservername (internal mail server)

try that and let me know.

0
 
LVL 8

Expert Comment

by:rr1968
ID: 33544519
Hi,
I see some inconsistency in the RPC and HTTP configuration for Outlook.
Before you do anything, can you enable Exchange Proxy settings on one WS?
Check the box "Only connect to Proxy......." and enter the next field: msstd:mail.yourdomain.com
save and restart outlook, if it resolves.

0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33546056
Let me know your thoughts on my post ?
0
 

Author Comment

by:jaelae
ID: 33546289
sunnyc7 -

I made these changes and I will be testing now on clients.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33546306
Thanks let me know how that goes.
0
 

Author Comment

by:jaelae
ID: 33588076
- This didn't completely work.  What it does is now the https:// URL to connect to my proxy is filled in with 'mail.company.com'.

Which is great.  However, under: 'Only connect to proxy servers that have this principal name in their certificate:' is filled in with "MSSTD://mail.company.com"

This does not work.  if I erase this and uncheck that box it works.  Is there a way to update this so nothing is filled into the principal name prompt?
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33590357
get-outlookprovider | fl

Please post back the output.
0
 

Author Comment

by:jaelae
ID: 33590997
sunnyc7 -
http://i54.tinypic.com/358v4vc.jpg

Please see the above link.  You will notice next to Certprincipalname - that is the field that gets filled in that should be blank in the Outlook client (well it should be blank because when I blank it out - it works).
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33591011
Are you testing RPC/HTTPS from within the lan or from home / outside ?
0
 

Author Closing Comment

by:jaelae
ID: 33635636
After testing onsome remote workstations, this has resolved the issue.
0

Featured Post

Why do Marketing keep bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

Join & Write a Comment

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now