Solved

Get Exchange 2010 Outlook Anywhere clients to use http/RPC first on fast networks.

Posted on 2010-09-24
26
4,416 Views
Last Modified: 2012-05-10
We seem to get stuck on a problem regarding how Outlook Internet clients connect to CAS/HUB
servers.
According to Technet article:
http://technet.microsoft.com/en-us/library/bb123683.aspx, we have set the
ServerExclusiveConnect value on
Set-OutlookProvider EXPR -OutlookProviderFlags:ServerExclusiveConnect
Outlook test automatic configuration gives the value: <ServerExclusiveConnect>on</ServerExclusiveConnect>
on the protocol Exchange HTTP
However the Outlook profile has not checked the actual settings in proxy settings in the profile.
All our clients are Internet Clients and none are internal clients.
Any suggestions?
Thanks..
- Oddbjørn
0
Comment
Question by:dslsupport
  • 13
  • 7
  • 6
26 Comments
 
LVL 28

Expert Comment

by:sunnyc7
Comment Utility
get-outlookanywhere | fl
get-clientaccessserver | fl
get-autodiscovervirtualdirectory | fl
get-exchangecertificate | fl

Please post back.

thanks
0
 

Author Comment

by:dslsupport
Comment Utility
Everything else works in our system with external clients. Can you be a little more spesific about what information you need? We have 4 cas/hub servers and 8 mailbox servers. So the output will be pretty big.. thanks.
0
 
LVL 28

Expert Comment

by:sunnyc7
Comment Utility
I understand that your RPC/HTTPS is not working.
Have you identified the users, and their corresponding CAS and Mailbox servers ?

Step-1:
a) Test your RPC/HTTPS here - Outlook anywhere.
www.testexchangeconnectivity.com/

b) Check your CAS / Autodiscover / Outlookanywhere / Exchange cert config for servers which are not responding to RPC/HTTPS - using the cmdlets' above.

From the output of both + event logs we can get some idea @ where things are failing.

thanks
0
 

Author Comment

by:dslsupport
Comment Utility
I think you have misunderstood. Autodiscover works, Outook profiles are created, and the certificates are all ok. But we want the autodiscovered outlook clients to have the checkbox "on fast networkd, connect with http first, and then tcp" checked. This way, Outlook will not even try to connect via tcp at all, and outlook anywhere clients will connect faster. According to the Technet article I mentioned obove, the Set-OutlookProvider EXPR -OutlookProviderFlags:ServerExclusiveConnect
should have fixed that checkbox, but it doesn't. My question is why not.
0
 
LVL 28

Expert Comment

by:sunnyc7
Comment Utility
You are right. I think I mis-understood your question.
Let me go through the article again and i will post back.
0
 
LVL 28

Expert Comment

by:sunnyc7
Comment Utility
start > run > cmd
netstat -an > c:\list.txt

Can you give me that file.

thanks
0
 

Author Comment

by:dslsupport
Comment Utility
Which server? from a client? I'm really not sure you are heading in the right direction? https/RPC are working. The servers are responding very well.
If Outlook detects that you have a fast network, it will try to connect to the proxy server with tcp instead of what we want, to try the http/RPC first on fast network. If we set the checkbox manually in the proxy settings in Outlook profile at the client site, then Outlook will connect much faster. But we don't want every client to have to set this manually themselves, but get the checkbox checked as part of the Autodiscover function. This doesn't happen as supposed.  Do you have any idear why?
The netstat command only shows the ports the machine is connected to, or have open for connections.
0
 
LVL 28

Expert Comment

by:sunnyc7
Comment Utility
run it from the server where you have RPC/HTTPS configured - I'd say the CAS where you are running this.

Set-OutlookProvider EXPR -OutlookProviderFlags:ServerExclusiveConnect

the reason I am doing this:
a) TCP IP IPv4 will list out open ports for 6001-6004
b) I want to check if TCP IP v6 lists ports for 6001-6004
my guess is - it will list out only 6001-6002 for ipv6

and hence the failing.
0
 

Author Comment

by:dslsupport
Comment Utility
Again. If you have read my questions, maybe you would have understood what the problem is.
There is no problem with the CAS server. HTTP/RPC works as it supposed with the external Outlook Anywhere clients. There is No problem there.
The problem starts when the External clients try to connect to the CAS via TCP. We have not opened the ports for this connection in the firewalls, so we only want Outlook to connect via HTTP/RPC.
The Set-OutlookProvider EXPR -OutlookProviderFlags:ServerExclusiveConnect parameter should let Autodiscover function set the checkbox checed in the clients Outlook Proxy profile "Connect http/RPC first on FAST NETWORKS, and then try tcp). That way, Outlook will not even try to connect via TCP first, which it will not get connected anyway.
The only ports going trough the Firewall is HTTPS.. Therefore http/RPC needs to be the first way Outlook tries to connect. The default in Outlook is to try TCP first, and then http on fast networks.
0
 
LVL 11

Expert Comment

by:JuusoConnecta
Comment Utility
Dsl,

Basically you want all the client computers to have the "check" on their outlook clients "on fast networks, connect using HTTP first, then connect using TCP / IP ?

And I assume this is needed to be done via remote so all the administrators dont want to talk to every client computer and do this setting manually ?

Have I understood the Request properly ?
0
 
LVL 11

Expert Comment

by:JuusoConnecta
Comment Utility
If i remember this correctly do the following (though try first on ONE client computer)

Open regedit -> HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\RPC -> Create a REG_DWORD file with the name "EnableRPCtunnelingUI" if it already does not exist and set the value to 1
0
 

Author Comment

by:dslsupport
Comment Utility
Well, the problem is that this is a Hosted Exchange solution, so no users have their computers as members of the domain. No group policies can be applied for this change in the registry, and we cannot remote control two thousand user computers to set this in the registry.
And getting the users themselves to change the settings in the registry/outlook profile is not going to work either. Our hope was that Autodiscovery would take care of this, and the Set-OutlookProvider EXPR -OutlookProviderFlags:ServerExclusiveConnect is according to Microsoft the way to do it. The only problem is that that little checkbox is not getting checked by Autodiscovery service.
0
 
LVL 11

Expert Comment

by:JuusoConnecta
Comment Utility
0
Why do Marketing keep bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

 

Author Comment

by:dslsupport
Comment Utility
Thanks for your reply.
We have not specified any certs or servers in the outlookprovider. The reason for this is we have two differende loadbalanced CAS/HUB clusers servers with different names and certs. Setting the Server name like the cert common name will cause all clients to connect to the one load balansed cluster, and disregard the other. We are in a migration state between 2007/2010 servers.
Ref:
"Set-OutlookProvider EXPR -Server mail1.fourthcoffee.com

This setting will force all Outlook Anywhere clients, User1 and User2 to connect to the same CAS server mail1.fourthcoffee.com no matter where the user mailbox is located, preventing the Service Discovery to provide the best CAS.
"
0
 
LVL 11

Expert Comment

by:JuusoConnecta
Comment Utility
Sorry I did not quiet understand that...

You got clustered features within your hosted exchange organization. Do you have several loadbalancer for several clustered cas/hub ? Could you give me a more proper description of the exchange organization, function and if you have several other users/customers that you host exchange for as well ?

Im asking this since you stated that your in a migration state between 2007 and 2010. The clustering feature and loadbalancing are quiet different from exchange 2007 against exchange 2010. As well as the certificates for this.

I assume you will go with the option having CAS/HUB roles installed on exchange servers and the other half of your exchange servers will only hold the mailbox role (where you will create the database availability groups for disaster recovery?)

And have a Network Load Balancing for HUB/CAS role ?  (Or do you have all three roles, MB, CAS, HUB on each exchange server and use a hardware load balancer ?)

More info! =]

regards
0
 

Author Comment

by:dslsupport
Comment Utility
We have one 2007 HUB/CAS Loadbalanced cluster with one certificate for all the users that are currently in the 2007 system. And another 2010 HUB/CAS loadbalanced cluster with another certificate for the other users currently hosted on 2010 server.
The MB roles are on another servers. For all the users domains that are connected to the 2010 system, the autodiscover dns record is pointing to the 2010 cas/hub servers, and for 2007 autodiscover for those user domains are connected to the 2007 cas/hub servers.
We have many user domains we are handling exchange for. Its a Hosted Exchange platform.
Autodiscover are working with everyone, the only thing is that little checkbox we want checked in every outlook profile with the clients that says "Connect first with http on fast networks, and then try tcp/ip.", is not getting checed. My understanding was that setting the outlookprovider flag parameter ServerExclusiveConnect instead of "none" that is default, would take care of this checkbox in the Outlook profiles for our clients. And this doesn't happen.
0
 
LVL 11

Expert Comment

by:JuusoConnecta
Comment Utility
Do you have a test environment where you can test this ?

I would like you to try these three options, to see if any of these works:

Set-OutlookProvider EXPR -OutlookProviderFlags:67 <-- Try this one first

Set-OutlookProvider EXPR -Server $null -CertPrincipalName msstd:extern.fqdn -OutlookProviderFlags:ServerExclusiveConnect

Set-OutlookProvider EXPR -Server $null -CertPrincipalName msstd:extern.fqdn -OutlookProviderFlags:67
0
 

Author Comment

by:dslsupport
Comment Utility
I've seen another article that had the outlookProviderFlags at 67.  and with this settings,  outlook profile actually checked the "use http first" option.
Are you sure this doesn't affect any other things?
Accordning to Microsoft the only options of the outlookProviderFlags are: None, and ServerExclusiveConnect.. Where did the 67 come from?
0
 
LVL 28

Expert Comment

by:sunnyc7
Comment Utility
Can you get your present settings first

Get-OutlookProvider | fl OutlookProviderFlags

Is this set to 67 or none

http://technet.microsoft.com/en-us/library/bb123683.aspx
0
 
LVL 11

Expert Comment

by:JuusoConnecta
Comment Utility
Personally I cannot see a difference on the client side regarding outlookproviderflags 67, i know microsoft official statement regarding this option is "None and ServerexclusiveConnect". You know, you learn a little here a little there when you work with exchange =]
0
 

Author Comment

by:dslsupport
Comment Utility
Unfortunantly, I cannot set the Certprinsipalname, because of the different autodiscover servers. 2 different certprinsipalnames, and two different CAS/HUB NLB clusters.
We don't have any test environment.
0
 

Author Comment

by:dslsupport
Comment Utility
I'll get back to this in the beginning of next week. Thanks for all the help so far. I'll let you know if the 67 attribute works next week.
Thanks.
0
 

Author Comment

by:dslsupport
Comment Utility
The OutlookProvider EXPR  is currently at ServerExclusiveConnect
0
 

Author Comment

by:dslsupport
Comment Utility
Unfortunatly this did not work. Then the status is the same as before. Any more suggestions?


[PS] C:\Windows\system32>Set-OutlookProvider -identity EXCH -OutlookProviderFlags:67
Cannot process argument transformation on parameter 'OutlookProviderFlags'. Cannot convert value "67" to type "Microsof
t.Exchange.Data.Directory.SystemConfiguration.OutlookProviderFlags" due to invalid enumeration values. Specify one of t
he following enumeration values and try again. The possible enumeration values are "None, ServerExclusiveConnect".
    + CategoryInfo          : InvalidData: (:) [Set-OutlookProvider], ParameterBindin...mationException
    + FullyQualifiedErrorId : ParameterArgumentTransformationError,Set-OutlookProvider
0
 
LVL 11

Expert Comment

by:JuusoConnecta
Comment Utility
Im afraid im ut of options at the moment, will check around later today if I get some spare time,

cheers
0
 

Accepted Solution

by:
dslsupport earned 0 total points
Comment Utility
It seems that Office 2010 and Outlook 2010 handles this issue better than Outlook 2007. In Outook 2010 the checkbox "Use http first on fast network" gets checked, but not in Outlook 2007.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
This video discusses moving either the default database or any database to a new volume.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now