[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 874
  • Last Modified:

EXCHange 2010 Access from outlook using rpc over http failing

I am having several problems trying to connect outlook clients directly over the internet.
Also, I can't ping my external address from inside my firewall.

What I have is my internal exchange server exch.wot.local with and internal ip xxx.xxx.xxx.212

My external address is post.wot2.com which uses NAT to point to the internal IP

I have port 25 coming in and routed through a spam filter
Other ports such as 80 443 110 220 143 I have open pointed directly to internal exch server.

I have installed certificates from godaddy using the external name however I get a warning when running testexchange tool:
"The test passed with some warnings encountered. Please expand the additional details.
   Additional Details
  ExRCA can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled. "

When running the test-outlookwebservices it passes on on the internal exch.wot.local
but fails on all the post.wot2.com address.

dns issue? firewall?
Outlook web access works as does POP3, Iphones and droids. Only outlook is giving me grief.

Thanks for all the help.
dave
 

0
DaveN6TEB
Asked:
DaveN6TEB
  • 3
  • 3
1 Solution
 
Malli BoppeCommented:
Can you check for your domain with the below link
https://www.testexchangeconnectivity.com/
0
 
DaveN6TEBAuthor Commented:
This is what i get,

Testing RPC/HTTP connectivity.
 The RPC/HTTP test completed successfully.
 Test Steps
 Attempting to resolve the host name post.wotm2.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: 108.23.121.20

Testing TCP port 443 on host post.wotm2.com to ensure it's listening and open.
 The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
 The certificate passed all validation requirements.
 Test Steps
 Validating the certificate name.
 The certificate name was validated successfully.
 Additional Details
 Host name post.wotm2.com was found in the Certificate Subject Common name.

Certificate trust is being validated.
 The test passed with some warnings encountered. Please expand the additional details.
 Additional Details
 ExRCA can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.

Testing the certificate date to confirm the certificate is valid.
 Date validation passed. The certificate hasn't expired.
 Additional Details
 The certificate is valid. NotBefore = 12/14/2010 3:47:31 PM, NotAfter = 12/14/2011 3:47:31 PM



Checking the IIS configuration for client certificate authentication.
 Client certificate authentication wasn't detected.
 Additional Details
 Accept/Require Client Certificates isn't configured.

Testing HTTP Authentication Methods for URL https://post.wotm2.com/rpc/rpcproxy.dll.
 The HTTP authentication methods are correct.
 Additional Details
 ExRCA found all expected authentication methods and no disallowed methods. Methods found: Negotiate, NTLM

Testing SSL mutual authentication with the RPC proxy server.
 Mutual authentication was verified successfully.
 Additional Details
 Certificate common name post.wotm2.com matches msstd:post.wotm2.com.

Attempting to ping RPC proxy post.wotm2.com.
 RPC Proxy was pinged successfully.
 Additional Details
 Completed with HTTP status 200 - OK

Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server exch.wotm.local.
 The endpoint was pinged successfully.
 Additional Details
 RPC Status Ok (0) returned in 184 ms.

Testing the Name Service Provider Interface (NSPI) on the Exchange Mailbox server.
 The NSPI interface was tested successfully.
 Test Steps
 Attempting to ping RPC endpoint 6004 (NSPI Proxy Interface) on server exch.wotm.local.
 The endpoint was pinged successfully.
 Additional Details
 RPC Status Ok (0) returned in 247 ms.

Testing NSPI "Check Name" for user Dave@livingwaters.com against server exch.wotm.local.
 Check Name succeeded.
 Additional Details
 DisplayName: David Glenn, LegDN: /o=WOTM/ou=first administrative group/cn=Recipients/cn=dglenn



Testing the Referral service on the Exchange Mailbox server.
 The Referral service was tested successfully.
 Test Steps
 Attempting to ping RPC endpoint 6002 (Referral Interface) on server exch.wotm.local.
 The endpoint was pinged successfully.
 Additional Details
 RPC Status Ok (0) returned in 247 ms.

Attempting to perform referral for user /o=WOTM/ou=first administrative group/cn=Recipients/cn=dglenn on server exch.wotm.local.
 ExRCA successfully got the referral.
 Additional Details
 The server returned by the Referral service: EXCH.wotm.local



Testing the Exchange Information Store on the Mailbox server.
 ExRCA successfully tested the Information Store.
 Test Steps
 Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server exch.wotm.local.
 The endpoint was pinged successfully.
 Additional Details
 RPC Status Ok (0) returned in 247 ms.

Attempting to log on to the Exchange Information Store.
 ExRCA successfully logged on to the Information Store.
0
 
Malli BoppeCommented:
What error do you get when trying to connect using outlook.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
DaveN6TEBAuthor Commented:
Well, This is interesting. Testing from home tonight using Outlook 2007 I was able to get it to work.
I think what I did different was I entered the internal address on the first configuration screen, then used the external address in the proxy settings.
I have been struggling with this for days with no sucess.
I will try the outlook 2003 remote clients tomorrow.

Thanks,
Dave
0
 
Malli BoppeCommented:
In the Microsoft exchange server field you should be using your exchange server. and in the exchang eproxy settings you should be using webmail.domain.com
0
 
DaveN6TEBAuthor Commented:
I thought I had tried this but it was probably early on. Thanks for making it clear.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now