Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Outlook Anywhere not configuring from outside the network

Posted on 2011-03-01
33
Medium Priority
?
1,072 Views
Last Modified: 2012-06-27
I recently setup an Exchange server.   I have OWA working form both inside and outside the network.  While on the internal network I configured my Outlook client to communicate over HTTP and set the proxy address to mail.myco.com.   With it configured that way I can use Outlook both on the network and over the network.  

Now I would like to setup our external users the same way.  I tried to do a manual setup and use the same settings I used while connected to the network.  However when I click on the check names button or click next it prompts me for a username and password and will not accept anything I enter.  It just keeps prompting me for the log in information

Is there anything else i need to configure?
0
Comment
Question by:qvfps
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 14
  • 12
  • 4
  • +3
33 Comments
 
LVL 4

Expert Comment

by:virtualxistance
ID: 35014661
have you tried using domain\username or username@myco.com?
0
 

Author Comment

by:qvfps
ID: 35014692
I have tried the following.  To connect while on the internal network it would be root-myco\username

username
domain.internal\username
externaldomain\username
domain.internal\email address
externaldomain\email address
0
 
LVL 9

Expert Comment

by:djpazza
ID: 35014749
If your setup for ssl then the remote users will need the certificate installing on their machines
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35014916
You can test Outlook Anywhere from www.testexchangeconnectiviy.com

What version of Exchange are you running? Have you tried Basic authentication under the Outlook HTTP proxy settings? Also are you using the "connect to servers with this principal name in their certificate" option? Try unticking that, at least for now.
0
 
LVL 15

Expert Comment

by:WalkaboutTigger
ID: 35014940
Do you have the required Service Location (SRV) DNS records for your company's domain to facilitate auto-discovery on the public DNS servers?

http://support.microsoft.com/kb/940881

http://www.msexchange.org/tutorials/Uncovering-New-Outlook-2007-Discover-Service.html
0
 
LVL 3

Expert Comment

by:Zach2001
ID: 35014942
What version of Outlook & Exchange ?

Launch outlook with the /rpcdiag switch whilst internal to ensure they are actually using RPC/HTTPS - sounds to me like they are falling back to RPC.

Can external clients connect alright to your webmail, via SSL without any certificate prompts ?

Have you remembered to install the rpc proxy ? (Sounds daft but it's always the last thing I remember to do!)
0
 

Author Comment

by:qvfps
ID: 35016438
We are running Exchange 2010 and Outlook 2010.   OWA works fine with no certificate prompt.  Autodiscover was not configured externally which is why i was trying to set it up manually.  

I was using negotiate security which works on the computer which I setup internally.   And I am using the same computer to try and setup a new profile so there should be no problem witth the certificate since Outlook Anywhere already works on it.  I just can not setup any additional profiles.

I was using the current profile which works externally to try and create a new profile.  I copied all the settings and used them to create a new profile.  I just cannot get past the initial check name.

0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35016743
Did you try changing the HTTP proxy auth to Basic?

Did you try unticking the "only connect to proxy servers with this principal name in their cert" tickbox?

Have you tried testing from www.testexchangeconnectivity.com to verify you are not getting an autodiscover response e.g. Like where you have a catchall for *.yourdomain.com so autodiscover.yourdomain.com actually resolves to an IP even though you don't want it to.
0
 

Author Comment

by:qvfps
ID: 35018651
I ran the Outlook Anywhere connectivity test from www.testexchangeconnectivity.com and I received the following error

Testing HTTP Authentication Methods for URL https://mail.ddpsinc.com/rpc/rpcproxy.dll.
       The HTTP authentication test failed.

I tried to set the authentication method for Outllook Anywhere using the command
set-outlookAnywhere -ClientAuthenticationMethod  but it is prompting me for Identity.

How do I find out what the identity should be?  i tried servername\RPC  

Is there anywhere i can look that up?
0
 
LVL 3

Expert Comment

by:Zach2001
ID: 35018740
Have you installed SP1 on Exchange 2010 ?  That breaks RPC/HTTPS ... simple fix changing authentication type, though.
0
 

Author Comment

by:qvfps
ID: 35018873
I installed Exchange from the Disk below which includes SP1

SW_DVD9_NTRL_Exchange_Svr_2010_X64_MultiLang_1_ProdAct_wSP1_X17-13445.ISO
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35019016
Try get-outlookanywhere to see the Identity
0
 
LVL 3

Expert Comment

by:Zach2001
ID: 35019035
OK, negotiate doesn't work with SP1 afaik - just choose basic - safe enough with SSL but mean internal people may be prompted
0
 

Author Comment

by:qvfps
ID: 35019331
I ran the get-OutlookAnwhere cmdlet and it says security is already set to basic.  On the Proxy settings I have set it to Basic but on the security tab the only options are NTLM/kerberos/Negotiate/smart card. I have tried both NTLM which works on the original profile and negotiate but It will not pass the check name.

I dont understand what is different if I set it up while connected to the network or outside the network.   I can log in successfully from outside the network if I configured it while on the internal network using NTLM for both the security and the proxy settings
0
 
LVL 3

Expert Comment

by:Zach2001
ID: 35019582
It sounds like it's an rpc mapping issue which binds the netbios name to fqdn name... have you tried both FQDN and Netbiod names when attrempting to get names underlined ?
0
 
LVL 31

Accepted Solution

by:
MegaNuk3 earned 2000 total points
ID: 35019731
Where does it say basic? Under the defaultClientAuthMethod? If www.testexchangeconnectivity.com can't communicate with your server then new outlook anywhere profiles will have little hope...
0
 
LVL 31

Assisted Solution

by:MegaNuk3
MegaNuk3 earned 2000 total points
ID: 35019767
From an Internet machine open IE and put in
https://mail.ddpsinc.com/rpc/rpcproxy.dll
See if it comes up with a cert warning, it should prompt you for credentials and after you authenticate successfully it should show you a blank page.
0
 

Author Comment

by:qvfps
ID: 35019883
I connected to https://mail.ddpsinc.com/rpc/rpcproxy.dll and connected using root-myco\username

I did not receive a cert warning and received a blank screen after I connected.
0
 

Author Comment

by:qvfps
ID: 35019981
Below is the output from get-OutlookAnyWhere


RunspaceId                      : 52818e8a-adsn79y7d-j7yd-n77asjkoau7d
ServerName                      : myserver
SSLOffloading                   : False
ExternalHostname                : mail.myco.com
ClientAuthenticationMethod      : Basic
IISAuthenticationMethods        : {Basic}
XropUrl                         :
MetabasePath                    : IIS://myserver.root-myco.internal/W3SVC/1/ROOT/Rpc
Path                            : C:\Windows\System32\RpcProxy
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags         : {}
ExtendedProtectionSPNList       : {}
Server                          : myserver
AdminDisplayName                :
ExchangeVersion                 : 0.10 (14.0.100.0)
Name                            : Rpc (Default Web Site)
DistinguishedName               : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols,CN=myserver,CN=Servers,CN=Exchang
                                  e Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=myco,CN=Microsof
                                  t Exchange,CN=Services,CN=Configuration,DC=root-myco,DC=internal
Identity                        : myserver\Rpc (Default Web Site)
Guid                            : 52818e8a-adsn79y7d-j7yd-n77asjkoau7d
ObjectCategory                  : root-myco.internal/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
ObjectClass                     : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
WhenChanged                     : 2/22/2011 11:34:04 PM
WhenCreated                     : 2/22/2011 11:34:04 PM
WhenChangedUTC                  : 2/23/2011 4:34:04 AM
WhenCreatedUTC                  : 2/23/2011 4:34:04 AM
OrganizationId                  :
OriginatingServer               : myrootserver.root-myco.internal
IsValid                         : True
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35020399
Are you putting the mail.myco.com value in as your external name in outlook and is that name on your cert?
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35020457
As per the link already posted: http://support.microsoft.com/kb/940881 add a SRV record to your external DNS so outlook should autodiscover the correct settings instead of you putting them in manually.
0
 

Author Comment

by:qvfps
ID: 35020479
On the certificate I have the following

mail.myco.com
www.mail.myco.com
root-myco.internal
myserver.root-myco.internal

When I connect with the profile that is working I use root-myco\username but I have tried
root-myco.internal\username and myserver.root-myco.internal\username as well on the new profile
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35021027
Try the email address as the username
0
 

Author Comment

by:qvfps
ID: 35021063
I have tried all of these

email address
root-myco\email address
root-myco.internal\email address
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35021383
Add a SRV record to your external DNS so we can see if Outlook is picking up the settings at all
0
 

Author Comment

by:qvfps
ID: 35021686
It will take some time to get it setup,  I will have to request someone else make the change.  

Since I am not using autodiscover should I realy need the srv records?
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35022349
Well it will make your life a lot easier, if you want to add any more external clients in the future.
0
 

Author Comment

by:qvfps
ID: 35022601
I dont what changed but I can connect now.

I pulled out a different PC and created a new profile and it connected with no problem.  I then went back to the one I was using, deleted the profile I was using and created a new one and connected with no problem.

I used the same settings i had already tried several times and it went through.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35022658
See if the test from www.testexchangeconnectivity.com now and see if that works too now.
0
 

Author Comment

by:qvfps
ID: 35050272
The test fails on the same spot.  Trying to Ping the RPC server.  SInce our firewall blocks incoming Pings this is not a surprise.  
0
 

Author Comment

by:qvfps
ID: 35050315
Thanks for all the replies.  I have setup almost all of the outside uses.  I have one who is having an issue but I will try and connect and set his up remotely.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35053993
Thanks for the points, what do you think happened to start it all working?
0
 

Author Comment

by:qvfps
ID: 35057297
I wish I new exactly what resolved the issue.  When I finally got it to work I had not made any changes for a while, just checked all the settings and run as many different tests as I could to try and identify the issue.  .

I did discover that I can not change an existing profile to work with Outlook Anywhere  (HTTPS) I can only get it setup if I create a new profile.  

Originally I tried to change an existing profile so I would not have to resynchronize the mailbox.  When I could not get that to work I tried creating a new profile and eventually I deleted that one as well and created another one which worked.  

I appreciate the time and the suggestions.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We aren’t perfect, just like everyone else.  Check out the email errors our community caught and learn the top errors every email marketer should avoid.
By default Outlook 2016 displays only one time zone in the Calendar. The following article explains how to display two time zones in one calendar view.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question