[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1077
  • Last Modified:

Outlook Anywhere not configuring from outside the network

I recently setup an Exchange server.   I have OWA working form both inside and outside the network.  While on the internal network I configured my Outlook client to communicate over HTTP and set the proxy address to mail.myco.com.   With it configured that way I can use Outlook both on the network and over the network.  

Now I would like to setup our external users the same way.  I tried to do a manual setup and use the same settings I used while connected to the network.  However when I click on the check names button or click next it prompts me for a username and password and will not accept anything I enter.  It just keeps prompting me for the log in information

Is there anything else i need to configure?
0
qvfps
Asked:
qvfps
  • 14
  • 12
  • 4
  • +3
2 Solutions
 
virtualxistanceCommented:
have you tried using domain\username or username@myco.com?
0
 
qvfpsAuthor Commented:
I have tried the following.  To connect while on the internal network it would be root-myco\username

username
domain.internal\username
externaldomain\username
domain.internal\email address
externaldomain\email address
0
 
djpazzaCommented:
If your setup for ssl then the remote users will need the certificate installing on their machines
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
MegaNuk3Commented:
You can test Outlook Anywhere from www.testexchangeconnectiviy.com

What version of Exchange are you running? Have you tried Basic authentication under the Outlook HTTP proxy settings? Also are you using the "connect to servers with this principal name in their certificate" option? Try unticking that, at least for now.
0
 
WalkaboutTiggerCommented:
Do you have the required Service Location (SRV) DNS records for your company's domain to facilitate auto-discovery on the public DNS servers?

http://support.microsoft.com/kb/940881

http://www.msexchange.org/tutorials/Uncovering-New-Outlook-2007-Discover-Service.html
0
 
Zach2001Commented:
What version of Outlook & Exchange ?

Launch outlook with the /rpcdiag switch whilst internal to ensure they are actually using RPC/HTTPS - sounds to me like they are falling back to RPC.

Can external clients connect alright to your webmail, via SSL without any certificate prompts ?

Have you remembered to install the rpc proxy ? (Sounds daft but it's always the last thing I remember to do!)
0
 
qvfpsAuthor Commented:
We are running Exchange 2010 and Outlook 2010.   OWA works fine with no certificate prompt.  Autodiscover was not configured externally which is why i was trying to set it up manually.  

I was using negotiate security which works on the computer which I setup internally.   And I am using the same computer to try and setup a new profile so there should be no problem witth the certificate since Outlook Anywhere already works on it.  I just can not setup any additional profiles.

I was using the current profile which works externally to try and create a new profile.  I copied all the settings and used them to create a new profile.  I just cannot get past the initial check name.

0
 
MegaNuk3Commented:
Did you try changing the HTTP proxy auth to Basic?

Did you try unticking the "only connect to proxy servers with this principal name in their cert" tickbox?

Have you tried testing from www.testexchangeconnectivity.com to verify you are not getting an autodiscover response e.g. Like where you have a catchall for *.yourdomain.com so autodiscover.yourdomain.com actually resolves to an IP even though you don't want it to.
0
 
qvfpsAuthor Commented:
I ran the Outlook Anywhere connectivity test from www.testexchangeconnectivity.com and I received the following error

Testing HTTP Authentication Methods for URL https://mail.ddpsinc.com/rpc/rpcproxy.dll.
       The HTTP authentication test failed.

I tried to set the authentication method for Outllook Anywhere using the command
set-outlookAnywhere -ClientAuthenticationMethod  but it is prompting me for Identity.

How do I find out what the identity should be?  i tried servername\RPC  

Is there anywhere i can look that up?
0
 
Zach2001Commented:
Have you installed SP1 on Exchange 2010 ?  That breaks RPC/HTTPS ... simple fix changing authentication type, though.
0
 
qvfpsAuthor Commented:
I installed Exchange from the Disk below which includes SP1

SW_DVD9_NTRL_Exchange_Svr_2010_X64_MultiLang_1_ProdAct_wSP1_X17-13445.ISO
0
 
MegaNuk3Commented:
Try get-outlookanywhere to see the Identity
0
 
Zach2001Commented:
OK, negotiate doesn't work with SP1 afaik - just choose basic - safe enough with SSL but mean internal people may be prompted
0
 
qvfpsAuthor Commented:
I ran the get-OutlookAnwhere cmdlet and it says security is already set to basic.  On the Proxy settings I have set it to Basic but on the security tab the only options are NTLM/kerberos/Negotiate/smart card. I have tried both NTLM which works on the original profile and negotiate but It will not pass the check name.

I dont understand what is different if I set it up while connected to the network or outside the network.   I can log in successfully from outside the network if I configured it while on the internal network using NTLM for both the security and the proxy settings
0
 
Zach2001Commented:
It sounds like it's an rpc mapping issue which binds the netbios name to fqdn name... have you tried both FQDN and Netbiod names when attrempting to get names underlined ?
0
 
MegaNuk3Commented:
Where does it say basic? Under the defaultClientAuthMethod? If www.testexchangeconnectivity.com can't communicate with your server then new outlook anywhere profiles will have little hope...
0
 
MegaNuk3Commented:
From an Internet machine open IE and put in
https://mail.ddpsinc.com/rpc/rpcproxy.dll
See if it comes up with a cert warning, it should prompt you for credentials and after you authenticate successfully it should show you a blank page.
0
 
qvfpsAuthor Commented:
I connected to https://mail.ddpsinc.com/rpc/rpcproxy.dll and connected using root-myco\username

I did not receive a cert warning and received a blank screen after I connected.
0
 
qvfpsAuthor Commented:
Below is the output from get-OutlookAnyWhere


RunspaceId                      : 52818e8a-adsn79y7d-j7yd-n77asjkoau7d
ServerName                      : myserver
SSLOffloading                   : False
ExternalHostname                : mail.myco.com
ClientAuthenticationMethod      : Basic
IISAuthenticationMethods        : {Basic}
XropUrl                         :
MetabasePath                    : IIS://myserver.root-myco.internal/W3SVC/1/ROOT/Rpc
Path                            : C:\Windows\System32\RpcProxy
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags         : {}
ExtendedProtectionSPNList       : {}
Server                          : myserver
AdminDisplayName                :
ExchangeVersion                 : 0.10 (14.0.100.0)
Name                            : Rpc (Default Web Site)
DistinguishedName               : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols,CN=myserver,CN=Servers,CN=Exchang
                                  e Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=myco,CN=Microsof
                                  t Exchange,CN=Services,CN=Configuration,DC=root-myco,DC=internal
Identity                        : myserver\Rpc (Default Web Site)
Guid                            : 52818e8a-adsn79y7d-j7yd-n77asjkoau7d
ObjectCategory                  : root-myco.internal/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
ObjectClass                     : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
WhenChanged                     : 2/22/2011 11:34:04 PM
WhenCreated                     : 2/22/2011 11:34:04 PM
WhenChangedUTC                  : 2/23/2011 4:34:04 AM
WhenCreatedUTC                  : 2/23/2011 4:34:04 AM
OrganizationId                  :
OriginatingServer               : myrootserver.root-myco.internal
IsValid                         : True
0
 
MegaNuk3Commented:
Are you putting the mail.myco.com value in as your external name in outlook and is that name on your cert?
0
 
MegaNuk3Commented:
As per the link already posted: http://support.microsoft.com/kb/940881 add a SRV record to your external DNS so outlook should autodiscover the correct settings instead of you putting them in manually.
0
 
qvfpsAuthor Commented:
On the certificate I have the following

mail.myco.com
www.mail.myco.com
root-myco.internal
myserver.root-myco.internal

When I connect with the profile that is working I use root-myco\username but I have tried
root-myco.internal\username and myserver.root-myco.internal\username as well on the new profile
0
 
MegaNuk3Commented:
Try the email address as the username
0
 
qvfpsAuthor Commented:
I have tried all of these

email address
root-myco\email address
root-myco.internal\email address
0
 
MegaNuk3Commented:
Add a SRV record to your external DNS so we can see if Outlook is picking up the settings at all
0
 
qvfpsAuthor Commented:
It will take some time to get it setup,  I will have to request someone else make the change.  

Since I am not using autodiscover should I realy need the srv records?
0
 
MegaNuk3Commented:
Well it will make your life a lot easier, if you want to add any more external clients in the future.
0
 
qvfpsAuthor Commented:
I dont what changed but I can connect now.

I pulled out a different PC and created a new profile and it connected with no problem.  I then went back to the one I was using, deleted the profile I was using and created a new one and connected with no problem.

I used the same settings i had already tried several times and it went through.
0
 
MegaNuk3Commented:
See if the test from www.testexchangeconnectivity.com now and see if that works too now.
0
 
qvfpsAuthor Commented:
The test fails on the same spot.  Trying to Ping the RPC server.  SInce our firewall blocks incoming Pings this is not a surprise.  
0
 
qvfpsAuthor Commented:
Thanks for all the replies.  I have setup almost all of the outside uses.  I have one who is having an issue but I will try and connect and set his up remotely.
0
 
MegaNuk3Commented:
Thanks for the points, what do you think happened to start it all working?
0
 
qvfpsAuthor Commented:
I wish I new exactly what resolved the issue.  When I finally got it to work I had not made any changes for a while, just checked all the settings and run as many different tests as I could to try and identify the issue.  .

I did discover that I can not change an existing profile to work with Outlook Anywhere  (HTTPS) I can only get it setup if I create a new profile.  

Originally I tried to change an existing profile so I would not have to resynchronize the mailbox.  When I could not get that to work I tried creating a new profile and eventually I deleted that one as well and created another one which worked.  

I appreciate the time and the suggestions.
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 14
  • 12
  • 4
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now