Outlook Anywhere not working

amlydiate
amlydiate used Ask the Experts™
on
Hi All,

I've just set up a new 2008 SBS Server and exchange seems to be working fine internally, and indeed OWA is working fine externally.  I'm having a problem however with Outlook Anywhere.  When I try and set up an external Outlook client to use Exchange I am adding the remote.domain.co.uk into the proxy settings in Outlook and I am being prompted for username/password but I can't seem to resolve username to internal Exchange domain name.  I've tried pretty much all possible combinations of servername/domain/servername servername/domain e.t.c. but whatever I do I can't resolve the username.  I've gone to testexchangeconnectivity and run the RPC test and all the steps passed apart from the very last one which says:

SSL mutual authentication with the RPC proxy server is being tested.
Verification of mutual authentication failed.

Can anyone please shed some light as to where I'm going wrong?

Thanks

Adam
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Alan HardistyCo-Owner
Top Expert 2011

Commented:
Have you purchased a 3rd party SSL certificate and installed it or are you using the Exchange generated one?

Much easier with a 3rd party one!

Godaddy are the cheapest for SAN / UCC (multi-name) certificates.

Author

Commented:
Yep got a multi-domain UCC cert from Godaddy, could it be a prob with the names I used when creating the cert? from memory used remote.domain.co.uk, servername.domain.co.uk, autodiscover.co.uk, servername, owa.domain.co.uk

Author

Commented:
sorry meant autodiscover.domain.co.uk
Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

Alan HardistyCo-Owner
Top Expert 2011

Commented:
You need at least the following names in the certificate:
mail.domainname.co.uk or remote.domainname.co.uk
autodiscover.domainname.co.uk
internalservername.internaldomain.local
internalservername
Without those names, Exchange will not work properly.
Looks like you need to re-key your certificate and re-install it, then resolve the Private Key issue you will get when you install the new re-keyed certificate.
 

Commented:
what proxy you are using?
try to use IIS admin, change OWA directory security settings, disallow anynomus, choose basic authintication
Is the SSL certificate third party or it is self signed.
If it is self signed then install it in local machine and configure outlook and check.

Author

Commented:
Hi,

Not using proxy, OWA security settings were already set to disallow anonymous and basic authentication was the only one enabled.

SSL Cert is from GoDaddy, have checked the SAN's on the cert and they are as follows:

owa.domain.co.uk
servername.domain.co.uk
servername
autodiscover.domain.co.uk
remote.domain.co.uk

Pretty sure this might be an authentication issue but not clever enough to work out where...If anyone can help would be very grateful.

Thanks

Adam
Adam can you check the following:

If Outlook Anywhere is enabled, on clients computer make sure the settings are correct:

Connect to Microsoft Exchange using HTTP (checked) ->
Exchange proxy Settings -> https://webmail.yourdomain.com (is written) ->
Connect using SSL only (checked) -> Only connect to proxy servers that have this principal name in their ceritifcate (checked) -> msstd:webmail.yourdomain.com ->
Set authentication to Basic

On the server side locate -> Exchange Management console -> Server Cofiguration -> Clien Access -> Properties of your exchange server -> Outlook Anywhere -> Make youre you have your external host name written here "webmail.yourdomain.com" and Basic authentication is Set.

Make also sure that under IIS (on the exchange), sub category owa has been set for basic authenticaion
Alan HardistyCo-Owner
Top Expert 2011

Commented:
You do not have the following name in your certificate:
internalservername.internaldomain.local
This is needed for Exchange to function properly.
Re-key the certificate as follows:
owa.domain.co.uk
servername.domain.co.uk - replace with internalservername.internaldomain.local
servername
autodiscover.domain.co.uk
remote.domain.co.uk

 

Author

Commented:
Hi,

I can confirm the cert already had a SAN called internalservername.internaldomain.local

When I try to resolve the name in Outlook I just keep getting prompted for username and password. The domain is added automatically in front of the username but when I put the password in it just asks for username and password again and again.

Have put the settings into Outlook exactly as suggested in Juuso's post above.

Really would appreciate more help if poss

Thanks

Adam
Alan HardistyCo-Owner
Top Expert 2011

Commented:

Author

Commented:
Hi,

worked through Demazters article, only thing I hadn't done was enabling kernal mode authentication, did that but still no joy.  When I'm setting up outlook I am just using internal server name as the server, is that right?
Co-Owner
Top Expert 2011
Commented:
Yep - the internal servername is correct.
Have you tried the test site https://testexchangeconnectivity.com ?
It may highlight something obvious but overlooked.

Author

Commented:
I ran the Outlook over RPC test and all passed except the last one which said:

SSL mutual authentication with the RPC proxy server is being tested. Verification of mutual authentication failed

Author

Commented:
Checked an article on this error and it said that if the msstd name was different to the principal name of the exchange cert then this can trigger this error.  So I used EMS to set the msstd to owa.domain.co.uk (same as the server address and msstd I've entered in Outlook settings) and the same error still occurs and still can't resolve username to servername in Outlook

Author

Commented:
Thanks, certainly helped pinpoint which bit was failing.
So how did you solve it?

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial