jjoz
asked on
Outlook Anywhere 2007 - always get prompted for credentials and cannot connect ?
Hi All,
I'm trying to publish my Exchange Server 2007 SP1 Outlook Anywhere feature, but how come I can only reach the stage where my Outlook client get prompted for credentials and can never login ?
I've made sure that the url in https is the same as my Activesync as well since we are already opening port 443 and SSL - SAN certificate already got:
activesync.domain.com
autodiscover.domain.com
Any help please ?
Thanks
I'm trying to publish my Exchange Server 2007 SP1 Outlook Anywhere feature, but how come I can only reach the stage where my Outlook client get prompted for credentials and can never login ?
I've made sure that the url in https is the same as my Activesync as well since we are already opening port 443 and SSL - SAN certificate already got:
activesync.domain.com
autodiscover.domain.com
Any help please ?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
but then I get this error from my browser if i go to the activesync.domain.com/rpc:
Technical Information (for support personnel)
Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)
Technical Information (for support personnel)
Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)
Fix it internally then externally...
The SAN certificate should has the following names :
mail.domain.com ( where mx points to mail.domain.com)
autodiscover.doamin.com
server-name ( net-bios name, for example server2)
How did you configure outlook anywhere on the server side ?
The SAN certificate should has the following names :
mail.domain.com ( where mx points to mail.domain.com)
autodiscover.doamin.com
server-name ( net-bios name, for example server2)
How did you configure outlook anywhere on the server side ?
i see , yes it's the same certificate no need for additional one.
and yes the configuration for the ISA Server in this article are still valid for the TMG Server.please verify it
http://www.msexchange.org/tutorials/Outlook-Anywhere-2007-ISA-Server-2006.html
and yes the configuration for the ISA Server in this article are still valid for the TMG Server.please verify it
http://www.msexchange.org/tutorials/Outlook-Anywhere-2007-ISA-Server-2006.html
By posting this , I do hope that it will lead you in finding your answers. I'm trying to lead you.
1. What is the architechure of your exchange setup?
2. What is the url of owa and url used to publish and enable outlook anywhere?
3. What is the common name of the public certificate?
4. Have you imported the public certificate to your TMG2010?
5. Have you created the web listener for outlookanywhere correctly to match the certificate?
6. Please test using https://www.testexchangeconnectivity.com and tell us errors shown
1. What is the architechure of your exchange setup?
2. What is the url of owa and url used to publish and enable outlook anywhere?
3. What is the common name of the public certificate?
4. Have you imported the public certificate to your TMG2010?
5. Have you created the web listener for outlookanywhere correctly to match the certificate?
6. Please test using https://www.testexchangeconnectivity.com and tell us errors shown
ASKER
here's the result guys,
does that means I need to register the autodiscover.domain.com in my ISP and ask them to have SRV entry as well ?
does that means I need to register the autodiscover.domain.com in my ISP and ask them to have SRV entry as well ?
Testing RPC/HTTP connectivity.
The RPC/HTTP test failed.
Test Steps
ExRCA is attempting to test Autodiscover for bigboss@domain.com.
Testing Autodiscover failed.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service couldn't be contacted successfully by any method.
Test Steps
Attempting to test potential Autodiscover URL https://domain.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name domain.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 203.5.75.110
Testing TCP port 443 on host domain.com to ensure it's listening and open.
The specified port is either blocked, not listening, or not producing the expected response.
Tell me more about this issue and how to resolve it
Additional Details
A network error occurred while communicating with the remote host.
Exception details:
Message: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 203.5.75.110:443
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Sockets.TcpClient.Connect(String hostname, Int32 port)
at Microsoft.Exchange.Tools.ExRca.Tests.TcpPortTest.PerformTestReally()
Attempting to test potential Autodiscover URL https://autodiscover.domain.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name autodiscover.domain.com in DNS.
The host name couldn't be resolved.
Tell me more about this issue and how to resolve it
Additional Details
Host autodiscover.domain.com couldn't be resolved in DNS Exception details:
Message: The requested name is valid, but no data of the requested type was found
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Dns.GetAddrInfo(String name)
at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostAddresses(String hostNameOrAddress)
at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTest.PerformTestReally()
.
Attempting to contact the Autodiscover service using the HTTP redirect method.
The attempt to contact Autodiscover using the HTTP Redirect method failed.
Test Steps
Attempting to resolve the host name autodiscover.domain.com in DNS.
The host name couldn't be resolved.
Tell me more about this issue and how to resolve it
Additional Details
Host autodiscover.domain.com couldn't be resolved in DNS Exception details:
Message: The requested name is valid, but no data of the requested type was found
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Dns.GetAddrInfo(String name)
at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostAddresses(String hostNameOrAddress)
at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTest.PerformTestReally()
.
Attempting to contact the Autodiscover service using the DNS SRV redirect method.
ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.domain.com in DNS.
The Autodiscover SRV record wasn't found in DNS.
Tell me more about this issue and how to resolve it
yes brother , you need to have :
1- (A) Record mail.company.com
2- (MX) Record that point to mail.company.com
3- (CNAME) Record for autodicover.company.com that points to the IP address used for publishing the autodiscover (Probably the same IP of the above 'A' record mail.company.com).
4- i would recommend also to create a (PTR) Record for mail.company.com
1- (A) Record mail.company.com
2- (MX) Record that point to mail.company.com
3- (CNAME) Record for autodicover.company.com that points to the IP address used for publishing the autodiscover (Probably the same IP of the above 'A' record mail.company.com).
4- i would recommend also to create a (PTR) Record for mail.company.com
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
@ Sulimanw thanks for the correction mate
ASKER
ok, here's the update after running the test-outlookwebservices on my CAS server, I don't know why it gets error HTTP 500 even on my browser using https as well ?
is it supposed to be happening ?
is it supposed to be happening ?
Id Type Message
-- ---- -------
1003 Information About to test AutoDiscover with the e-mail address Administrator@domain.com.
1007 Information Testing server Excas02-VM.domainad.com with the published name https://Excas02-vm.domainad.com/EWS/Exchange.asmx & .
1019 Information Found a valid AutoDiscover service connection point. The AutoDiscover URL on this object is https://Excas02-VM.domainad.com/Autodiscover/Autodiscover.xml.
1006 Information The Autodiscover service was contacted at https://Excas02-VM.domainad.com/Autodiscover/Autodiscover.xml.
1016 Success [EXCH]-Successfully contacted the AS service at https://Excas02-vm.domainad.com/EWS/Exchange.asmx. The elapsed time was 46 milliseconds.
1015 Success [EXCH]-Successfully contacted the OAB service at https://Excas02-vm.domainad.com/EWS/Exchange.asmx. The elapsed time was 0 milliseconds.
1014 Success [EXCH]-Successfully contacted the UM service at https://Excas02-vm.domainad.com/UnifiedMessaging/Service.asmx. The elapsed time was 0 milliseconds.
1016 Information [EXPR]-The AS is not configured for this user.
1015 Information [EXPR]-The OAB is not configured for this user.
1014 Information [EXPR]-The UM is not configured for this user.
1013 Error When contacting https://mailsync.domain.com/Rpc received the error The remote server returned an error: (500) Internal Server Error.
1017 Error [EXPR]-Error when contacting the RPC/HTTP service at https://mailsync.domain.com/Rpc. The elapsed time was 31 milliseconds.
1006 Success The Autodiscover service was tested successfully.
1021 Information The following web services generated errors.
Contacting server in EXPR
Please use the prior output to diagnose and correct the errors
ASKER
yes, I have now added Autodiscover as CNAME to my ExCAS02 server in both external and internal DNS server, however this is now the final boss to defeat:
Any idea of what might be the case of this problem ?
Should I make all authentication basic in both Exchange CAS, IIS 7.0 and TMG 2010 ?
Checking the IIS configuration for client certificate authentication.
Client certificate authentication was detected.
Additional Details
[b]Accept/Require client certificates were found. Set the IIS configuration to Ignore Client Certificates if you aren't using this type of authentication[/b].
Any idea of what might be the case of this problem ?
Should I make all authentication basic in both Exchange CAS, IIS 7.0 and TMG 2010 ?
ASKER
Here are the settings of the Virtual directories that I have set at the moment:
OWA works internally
Activesync works both ways
OutlookAnywhere totally broken ?
OWA works internally
Activesync works both ways
OutlookAnywhere totally broken ?
"OutlookAnywhere"
Server Identity SSLOffloading ClientAuthenticationMethod IISAuthenticationMethods
------ -------- ------------- -------------------------- ------------------------
ExCAS02 ExCAS02\Rpc (Default Web Site) True Basic {Basic}
ExCAS03 ExCAS03\Rpc (Default Web Site) True Basic {Basic}
"AutodiscoverVirtualDirectory"
Server Identity InternalUrl ExternalUrl InternalAuthenticationMethods ExternalAuthenticationMethods BasicAuthentication DigestAuthentication WindowsAuthentication
------ -------- ----------- ----------- ----------------------------- ----------------------------- ------------------- -------------------- ---------------------
ExCAS02 ExCAS02\Autodiscover (Default Web Site) {Basic, Ntlm, WindowsIntegrated} {Basic, Ntlm, WindowsIntegrated} True False True
ExCAS03 ExCAS03\Autodiscover (Default Web Site) {Basic, Ntlm, WindowsIntegrated} {Basic, Ntlm, WindowsIntegrated} True False True
ExCAS02-DR ExCAS02-DR\Autodiscover (Default Web Site) {Basic, Ntlm, WindowsIntegrated} {Basic, Ntlm, WindowsIntegrated} True False True
"WebServicesVirtualDirectory"
Server Identity InternalNLBBypassUrl InternalUrl ExternalUrl InternalAuthenticationMethods ExternalAuthenticationMethods BasicAuthentication DigestAuthentication WindowsAuthentication
------ -------- -------------------- ----------- ----------- ----------------------------- ----------------------------- ------------------- -------------------- ---------------------
ExCAS02 ExCAS02\EWS (Default Web Site) https://ExCAS02.domainad.com/ews/exchange.asmx https://ExCAS02.domainad.com/EWS/Exchange.asmx {Ntlm, WindowsIntegrated} {Ntlm, WindowsIntegrated} False False True
ExCAS03 ExCAS03\EWS (Default Web Site) https://ExCAS03.domainad.com/ews/exchange.asmx https://ExCAS03.domainad.com/EWS/Exchange.asmx {Ntlm, WindowsIntegrated} {Ntlm, WindowsIntegrated} False False True
ExCAS02-DR ExCAS02-DR\EWS (Default Web Site) https://ExCAS02-DR.domainad.com/ews/exchange.asmx https://ExCAS02-DR.domainad.com/EWS/Exchange.asmx {Ntlm, WindowsIntegrated} {Ntlm, WindowsIntegrated} False False True
"OabVirtualDirectory"
Server Identity InternalUrl ExternalUrl InternalAuthenticationMethods ExternalAuthenticationMethods
------ -------- ----------- ----------- ----------------------------- -----------------------------
ExCAS02 ExCAS02\OAB (Default Web Site) http://ExCAS02.domainad.com/OAB {WindowsIntegrated} {WindowsIntegrated}
ExCAS03 ExCAS03\OAB (Default Web Site) http://ExCAS03.domainad.com/OAB {WindowsIntegrated} {WindowsIntegrated}
ExCAS02-DR ExCAS02-DR\OAB (Default Web Site) http://ExCAS02-DR.domainad.com/OAB {WindowsIntegrated} {WindowsIntegrated}
"ActiveSyncVirtualDirectory"
Server Identity InternalUrl ExternalUrl MobileClientCertificateAuthorityURL BasicAuthEnabled WindowsAuthEnabled ClientCertAuth InternalAuthenticationMethods ExternalAuthenticationMethods
------ -------- ----------- ----------- ----------------------------------- ---------------- ------------------ -------------- ----------------------------- -----------------------------
ExCAS02 ExCAS02\Microsoft-Server-ActiveSync (Default Web Site) https://ExCAS02.domainad.com/Microsoft-Server-ActiveSync https://Activesync.domain.com/Microsoft-Server-ActiveSync False True Ignore {} {}
ExCAS03 ExCAS03\Microsoft-Server-ActiveSync (Default Web Site) https://ExCAS03.domainad.com/Microsoft-Server-ActiveSync https://Activesync.domain.com/Microsoft-Server-ActiveSync True False Required {} {}
ExCAS02-DR ExCAS02-DR\Microsoft-Server-ActiveSync (Default Web Site) https://ExCAS02-DR.domainad.com/Microsoft-Server-ActiveSync https://Activesync.domain.com/Microsoft-Server-ActiveSync True False Required {} {}
ASKER
and here's the IIS 7 on Windows Server 2008 settings:
Autodiscover
Authentication Enabled: Basic, Windows
SSL Settings: Require SSL, Require 128-bit SSL
Client Certificates: Ignore
Microsoft-Server-ActiveSync
Authentication Enabled: Windows
SSL Settings: Require SSL, Require 128-bit SSL
Client Certificates: Ignore
Rpc
Authentication Enabled: Basic
SSL Settings: (None checked)
Client Certificates: Ignore
RpcWithCert
Authentication Enabled: (None Enabled)
SSL Settings: Require SSL, Require 128-bit SSL
Client Certificates: Ignore
ASKER
Oh, I didn't know about that ? I assume that this is the same certificate as the one that I use with my OWA (Thawte) so I don't install it.
I'm using Forefront TMG 2010 so is that still relevant ?