SBS 2008 + Exchange 2007 + IIS Problem with OWA

you need to use /owa

exchange was the vdir for 2003
2007 uses owa

If RPC over http isn't working out of the box with SBS 2008/Exchange 2007 do you know of what I could check that may be wrong? I verified RPC over HTTP is installed on the SBS and that Outlook Anywhere is enabled within the ESM. I have the security certificate installed on both the server and the workstation that I am trying to configure for Outlook Anywhere.

I get an error that the exchange server must be online.

Outlook is configured for RPC over HTTP. I can connect to the OWA from outside, no issues there.

It was set to Default Web Site. This is the error I receive when I try to run the command.

WARNING: IIS://WIN2008SBS.habitat01.local/W3SVC/1/ROOT/Rpc was not found. Please make sure you have typed it correctly.

verify that rpc proxy is installed
in iis manager look under the sbs web applications site for a rpc virutal directory

Verified both

Can you test your RPC

http://www.testexchangeconnectivity.com/
Test for outlook anywhere and post back here.

thanks

i would go into server configuration and disable outlook anywhere
wait a few minutes then enable outlook anywhere

Results:
 
ExRCA is testing RPC/HTTP connectivity.
  The RPC/HTTP test failed.
   Test Steps
   Attempting to resolve the host name remote.mydomain.com in DNS.
  Host successfully resolved
   Additional Details
  IP(s) returned: x.x.x.x
 
 Testing TCP Port 443 on host remote.mydomain.com to ensure it is listening and open.
  The port was opened successfully.
 ExRCA is testing the SSL certificate to make sure it's valid.
  The SSL certificate failed one or more certificate validation checks.
 
 

Can you use a self signed cert with exchange 2007/Outlook anywhere? It should just be a matter of having the cert installed right?

you can, but your windows clients must install the cert to trust it

its better to go with UCC/SAN certs for exchange 2007, as you will need it for phones / outlook / rpc/https
You can get one from godaddy here
https://www.godaddy.com/ssl/ssl-certificates.aspx

add

mail.domain.com
autodiscover.domain.com
mail.domain.local
mail (exchange mail server name)

agree with sunnyc7
i was just answering your question if it was possible :)

I have the cert installed on the windows client that I have configured Outlook Anywhere for. Can you think of any other reason this wouldn't be working?

I did try to disable and re-enable Outlook Anywhere.

run this from the workstation where you have the cert installed.

RPCPing.exe -t ncacn_http -o RpcProxy=fqdn.yourdomain.com -P "testuser,yourdomain,testpassword" -I "testuser,yourdomain,testpassword" -H 1 -u 10 -a connect -F 3 -E -v -3 -R none -q

post back what you get.
whether you get a ping response or get error 87

i believe it is because it points the the default web site
can you try it again

Get-OutlookAnywhere | Set-OutlookAnywhere -Name "Rpc (SBS Web Application)"

endital1097,

I ran this command again:

get-outlookanywhere | fl

Even though it had given me the error when I tried to change it from "Default Website" it did make the change so that it reflects SBS Web Application now. I don't know if the server needs to be restarted but Outlook will still not connect.

sunnyc7,
yourdomain=internal domain? I did receive error 87.

It is using port 443 for the rpcping right? I don't have port 80 open in the firewall.

a) can you ping before you can rpcping ?

b) Restart service RPC client access
start > run > services.msc

c)
run this from exchange shell

get-outlookanywhere | fl IISAuthenticationMethods

IIS auth has to be basic and NTLM

a) Not sure what you mean here.

b) I don't have a RPC client access service. The RPC service doesn't allow me to restart it. I am logged into the server as an admin...Maybe thats normal behavior?

c) IISAuthenticationMethods: Basic was the result

set-OutlookAnywhere -IISAuthenticationMethods: Basic,Ntlm
set-outlookprovider EXPR -CertPrincipalName:remote.domain.com -server $null


where remote.domain.com is listed in your cert
is listed in your external DNS and points to your public IP
or is your primary MX

--
I meant can you ping the server first, before you try rpcping.

please run the commands above.

-
Can you restart the server @ RPC wont allow you to restart.

When I run the first command, I get prompted for Identity...What should I enter there?

This is the message I receive "cmdlet set-OutlookAnywhere at command pipeline position 1 Supply values for the following parameters:"

Yes I can ping the server and it does resolve correctly. I will restart the server as soon as I make sure I have successfully set the AuthenticationMethods

can you do this
get-outlookanywhere | fl

look for identity field and copy paste that within quotes below
then run it again.

set-OutlookAnywhere -identity:" " -IISAuthenticationMethods: Basic,Ntlm

It accepted it. I will reboot as soon as I can and post back with results.

I am out for the day.

Please post back here. We get alerts when you update the case.

have a good weekend.

when do you think you'll have a chance to reboot

After 5pm PST

thx

It still isn't working. Here are a few things I've noticed that may be causing my grief.

I tried to test the connection on the RPC virtual directory and here is the warning/error message I received. I don't know if this is normal behavior.

The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that <domain>\<computer_name>$ has Read access to the physical path. Then test these settings again.

Also,

I installed the cert on the workstation I am trying to configure Outlook Anywhere on but I noticed that within a few hours of installing the cert that I am once again given a security certificate warning when I browse to remote.mydomain.com. I've never had that happen before.