Solved

Outlook Anywhere not configuring from outside the network

Posted on 2011-03-01
33
1,036 Views
Last Modified: 2012-06-27
I recently setup an Exchange server.   I have OWA working form both inside and outside the network.  While on the internal network I configured my Outlook client to communicate over HTTP and set the proxy address to mail.myco.com.   With it configured that way I can use Outlook both on the network and over the network.  

Now I would like to setup our external users the same way.  I tried to do a manual setup and use the same settings I used while connected to the network.  However when I click on the check names button or click next it prompts me for a username and password and will not accept anything I enter.  It just keeps prompting me for the log in information

Is there anything else i need to configure?
0
Comment
Question by:qvfps
  • 14
  • 12
  • 4
  • +3
33 Comments
 
LVL 4

Expert Comment

by:virtualxistance
Comment Utility
have you tried using domain\username or username@myco.com?
0
 

Author Comment

by:qvfps
Comment Utility
I have tried the following.  To connect while on the internal network it would be root-myco\username

username
domain.internal\username
externaldomain\username
domain.internal\email address
externaldomain\email address
0
 
LVL 9

Expert Comment

by:djpazza
Comment Utility
If your setup for ssl then the remote users will need the certificate installing on their machines
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
You can test Outlook Anywhere from www.testexchangeconnectiviy.com

What version of Exchange are you running? Have you tried Basic authentication under the Outlook HTTP proxy settings? Also are you using the "connect to servers with this principal name in their certificate" option? Try unticking that, at least for now.
0
 
LVL 15

Expert Comment

by:WalkaboutTigger
Comment Utility
Do you have the required Service Location (SRV) DNS records for your company's domain to facilitate auto-discovery on the public DNS servers?

http://support.microsoft.com/kb/940881

http://www.msexchange.org/tutorials/Uncovering-New-Outlook-2007-Discover-Service.html
0
 
LVL 3

Expert Comment

by:Zach2001
Comment Utility
What version of Outlook & Exchange ?

Launch outlook with the /rpcdiag switch whilst internal to ensure they are actually using RPC/HTTPS - sounds to me like they are falling back to RPC.

Can external clients connect alright to your webmail, via SSL without any certificate prompts ?

Have you remembered to install the rpc proxy ? (Sounds daft but it's always the last thing I remember to do!)
0
 

Author Comment

by:qvfps
Comment Utility
We are running Exchange 2010 and Outlook 2010.   OWA works fine with no certificate prompt.  Autodiscover was not configured externally which is why i was trying to set it up manually.  

I was using negotiate security which works on the computer which I setup internally.   And I am using the same computer to try and setup a new profile so there should be no problem witth the certificate since Outlook Anywhere already works on it.  I just can not setup any additional profiles.

I was using the current profile which works externally to try and create a new profile.  I copied all the settings and used them to create a new profile.  I just cannot get past the initial check name.

0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
Did you try changing the HTTP proxy auth to Basic?

Did you try unticking the "only connect to proxy servers with this principal name in their cert" tickbox?

Have you tried testing from www.testexchangeconnectivity.com to verify you are not getting an autodiscover response e.g. Like where you have a catchall for *.yourdomain.com so autodiscover.yourdomain.com actually resolves to an IP even though you don't want it to.
0
 

Author Comment

by:qvfps
Comment Utility
I ran the Outlook Anywhere connectivity test from www.testexchangeconnectivity.com and I received the following error

Testing HTTP Authentication Methods for URL https://mail.ddpsinc.com/rpc/rpcproxy.dll.
       The HTTP authentication test failed.

I tried to set the authentication method for Outllook Anywhere using the command
set-outlookAnywhere -ClientAuthenticationMethod  but it is prompting me for Identity.

How do I find out what the identity should be?  i tried servername\RPC  

Is there anywhere i can look that up?
0
 
LVL 3

Expert Comment

by:Zach2001
Comment Utility
Have you installed SP1 on Exchange 2010 ?  That breaks RPC/HTTPS ... simple fix changing authentication type, though.
0
 

Author Comment

by:qvfps
Comment Utility
I installed Exchange from the Disk below which includes SP1

SW_DVD9_NTRL_Exchange_Svr_2010_X64_MultiLang_1_ProdAct_wSP1_X17-13445.ISO
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
Try get-outlookanywhere to see the Identity
0
 
LVL 3

Expert Comment

by:Zach2001
Comment Utility
OK, negotiate doesn't work with SP1 afaik - just choose basic - safe enough with SSL but mean internal people may be prompted
0
 

Author Comment

by:qvfps
Comment Utility
I ran the get-OutlookAnwhere cmdlet and it says security is already set to basic.  On the Proxy settings I have set it to Basic but on the security tab the only options are NTLM/kerberos/Negotiate/smart card. I have tried both NTLM which works on the original profile and negotiate but It will not pass the check name.

I dont understand what is different if I set it up while connected to the network or outside the network.   I can log in successfully from outside the network if I configured it while on the internal network using NTLM for both the security and the proxy settings
0
 
LVL 3

Expert Comment

by:Zach2001
Comment Utility
It sounds like it's an rpc mapping issue which binds the netbios name to fqdn name... have you tried both FQDN and Netbiod names when attrempting to get names underlined ?
0
 
LVL 31

Accepted Solution

by:
MegaNuk3 earned 500 total points
Comment Utility
Where does it say basic? Under the defaultClientAuthMethod? If www.testexchangeconnectivity.com can't communicate with your server then new outlook anywhere profiles will have little hope...
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 31

Assisted Solution

by:MegaNuk3
MegaNuk3 earned 500 total points
Comment Utility
From an Internet machine open IE and put in
https://mail.ddpsinc.com/rpc/rpcproxy.dll
See if it comes up with a cert warning, it should prompt you for credentials and after you authenticate successfully it should show you a blank page.
0
 

Author Comment

by:qvfps
Comment Utility
I connected to https://mail.ddpsinc.com/rpc/rpcproxy.dll and connected using root-myco\username

I did not receive a cert warning and received a blank screen after I connected.
0
 

Author Comment

by:qvfps
Comment Utility
Below is the output from get-OutlookAnyWhere


RunspaceId                      : 52818e8a-adsn79y7d-j7yd-n77asjkoau7d
ServerName                      : myserver
SSLOffloading                   : False
ExternalHostname                : mail.myco.com
ClientAuthenticationMethod      : Basic
IISAuthenticationMethods        : {Basic}
XropUrl                         :
MetabasePath                    : IIS://myserver.root-myco.internal/W3SVC/1/ROOT/Rpc
Path                            : C:\Windows\System32\RpcProxy
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags         : {}
ExtendedProtectionSPNList       : {}
Server                          : myserver
AdminDisplayName                :
ExchangeVersion                 : 0.10 (14.0.100.0)
Name                            : Rpc (Default Web Site)
DistinguishedName               : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols,CN=myserver,CN=Servers,CN=Exchang
                                  e Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=myco,CN=Microsof
                                  t Exchange,CN=Services,CN=Configuration,DC=root-myco,DC=internal
Identity                        : myserver\Rpc (Default Web Site)
Guid                            : 52818e8a-adsn79y7d-j7yd-n77asjkoau7d
ObjectCategory                  : root-myco.internal/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
ObjectClass                     : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
WhenChanged                     : 2/22/2011 11:34:04 PM
WhenCreated                     : 2/22/2011 11:34:04 PM
WhenChangedUTC                  : 2/23/2011 4:34:04 AM
WhenCreatedUTC                  : 2/23/2011 4:34:04 AM
OrganizationId                  :
OriginatingServer               : myrootserver.root-myco.internal
IsValid                         : True
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
Are you putting the mail.myco.com value in as your external name in outlook and is that name on your cert?
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
As per the link already posted: http://support.microsoft.com/kb/940881 add a SRV record to your external DNS so outlook should autodiscover the correct settings instead of you putting them in manually.
0
 

Author Comment

by:qvfps
Comment Utility
On the certificate I have the following

mail.myco.com
www.mail.myco.com
root-myco.internal
myserver.root-myco.internal

When I connect with the profile that is working I use root-myco\username but I have tried
root-myco.internal\username and myserver.root-myco.internal\username as well on the new profile
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
Try the email address as the username
0
 

Author Comment

by:qvfps
Comment Utility
I have tried all of these

email address
root-myco\email address
root-myco.internal\email address
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
Add a SRV record to your external DNS so we can see if Outlook is picking up the settings at all
0
 

Author Comment

by:qvfps
Comment Utility
It will take some time to get it setup,  I will have to request someone else make the change.  

Since I am not using autodiscover should I realy need the srv records?
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
Well it will make your life a lot easier, if you want to add any more external clients in the future.
0
 

Author Comment

by:qvfps
Comment Utility
I dont what changed but I can connect now.

I pulled out a different PC and created a new profile and it connected with no problem.  I then went back to the one I was using, deleted the profile I was using and created a new one and connected with no problem.

I used the same settings i had already tried several times and it went through.
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
See if the test from www.testexchangeconnectivity.com now and see if that works too now.
0
 

Author Comment

by:qvfps
Comment Utility
The test fails on the same spot.  Trying to Ping the RPC server.  SInce our firewall blocks incoming Pings this is not a surprise.  
0
 

Author Comment

by:qvfps
Comment Utility
Thanks for all the replies.  I have setup almost all of the outside uses.  I have one who is having an issue but I will try and connect and set his up remotely.
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
Thanks for the points, what do you think happened to start it all working?
0
 

Author Comment

by:qvfps
Comment Utility
I wish I new exactly what resolved the issue.  When I finally got it to work I had not made any changes for a while, just checked all the settings and run as many different tests as I could to try and identify the issue.  .

I did discover that I can not change an existing profile to work with Outlook Anywhere  (HTTPS) I can only get it setup if I create a new profile.  

Originally I tried to change an existing profile so I would not have to resynchronize the mailbox.  When I could not get that to work I tried creating a new profile and eventually I deleted that one as well and created another one which worked.  

I appreciate the time and the suggestions.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
This video discusses moving either the default database or any database to a new volume.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now