Solved

EXCHange 2010 Access from outlook using rpc over http failing

Posted on 2011-03-08
6
838 Views
Last Modified: 2012-05-11
I am having several problems trying to connect outlook clients directly over the internet.
Also, I can't ping my external address from inside my firewall.

What I have is my internal exchange server exch.wot.local with and internal ip xxx.xxx.xxx.212

My external address is post.wot2.com which uses NAT to point to the internal IP

I have port 25 coming in and routed through a spam filter
Other ports such as 80 443 110 220 143 I have open pointed directly to internal exch server.

I have installed certificates from godaddy using the external name however I get a warning when running testexchange tool:
"The test passed with some warnings encountered. Please expand the additional details.
   Additional Details
  ExRCA can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled. "

When running the test-outlookwebservices it passes on on the internal exch.wot.local
but fails on all the post.wot2.com address.

dns issue? firewall?
Outlook web access works as does POP3, Iphones and droids. Only outlook is giving me grief.

Thanks for all the help.
dave
 

0
Comment
Question by:DaveN6TEB
  • 3
  • 3
6 Comments
 
LVL 23

Expert Comment

by:Malli Boppe
ID: 35076043
Can you check for your domain with the below link
https://www.testexchangeconnectivity.com/
0
 

Author Comment

by:DaveN6TEB
ID: 35077807
This is what i get,

Testing RPC/HTTP connectivity.
 The RPC/HTTP test completed successfully.
 Test Steps
 Attempting to resolve the host name post.wotm2.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: 108.23.121.20

Testing TCP port 443 on host post.wotm2.com to ensure it's listening and open.
 The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
 The certificate passed all validation requirements.
 Test Steps
 Validating the certificate name.
 The certificate name was validated successfully.
 Additional Details
 Host name post.wotm2.com was found in the Certificate Subject Common name.

Certificate trust is being validated.
 The test passed with some warnings encountered. Please expand the additional details.
 Additional Details
 ExRCA can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.

Testing the certificate date to confirm the certificate is valid.
 Date validation passed. The certificate hasn't expired.
 Additional Details
 The certificate is valid. NotBefore = 12/14/2010 3:47:31 PM, NotAfter = 12/14/2011 3:47:31 PM



Checking the IIS configuration for client certificate authentication.
 Client certificate authentication wasn't detected.
 Additional Details
 Accept/Require Client Certificates isn't configured.

Testing HTTP Authentication Methods for URL https://post.wotm2.com/rpc/rpcproxy.dll.
 The HTTP authentication methods are correct.
 Additional Details
 ExRCA found all expected authentication methods and no disallowed methods. Methods found: Negotiate, NTLM

Testing SSL mutual authentication with the RPC proxy server.
 Mutual authentication was verified successfully.
 Additional Details
 Certificate common name post.wotm2.com matches msstd:post.wotm2.com.

Attempting to ping RPC proxy post.wotm2.com.
 RPC Proxy was pinged successfully.
 Additional Details
 Completed with HTTP status 200 - OK

Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server exch.wotm.local.
 The endpoint was pinged successfully.
 Additional Details
 RPC Status Ok (0) returned in 184 ms.

Testing the Name Service Provider Interface (NSPI) on the Exchange Mailbox server.
 The NSPI interface was tested successfully.
 Test Steps
 Attempting to ping RPC endpoint 6004 (NSPI Proxy Interface) on server exch.wotm.local.
 The endpoint was pinged successfully.
 Additional Details
 RPC Status Ok (0) returned in 247 ms.

Testing NSPI "Check Name" for user Dave@livingwaters.com against server exch.wotm.local.
 Check Name succeeded.
 Additional Details
 DisplayName: David Glenn, LegDN: /o=WOTM/ou=first administrative group/cn=Recipients/cn=dglenn



Testing the Referral service on the Exchange Mailbox server.
 The Referral service was tested successfully.
 Test Steps
 Attempting to ping RPC endpoint 6002 (Referral Interface) on server exch.wotm.local.
 The endpoint was pinged successfully.
 Additional Details
 RPC Status Ok (0) returned in 247 ms.

Attempting to perform referral for user /o=WOTM/ou=first administrative group/cn=Recipients/cn=dglenn on server exch.wotm.local.
 ExRCA successfully got the referral.
 Additional Details
 The server returned by the Referral service: EXCH.wotm.local



Testing the Exchange Information Store on the Mailbox server.
 ExRCA successfully tested the Information Store.
 Test Steps
 Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server exch.wotm.local.
 The endpoint was pinged successfully.
 Additional Details
 RPC Status Ok (0) returned in 247 ms.

Attempting to log on to the Exchange Information Store.
 ExRCA successfully logged on to the Information Store.
0
 
LVL 23

Expert Comment

by:Malli Boppe
ID: 35077870
What error do you get when trying to connect using outlook.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:DaveN6TEB
ID: 35079451
Well, This is interesting. Testing from home tonight using Outlook 2007 I was able to get it to work.
I think what I did different was I entered the internal address on the first configuration screen, then used the external address in the proxy settings.
I have been struggling with this for days with no sucess.
I will try the outlook 2003 remote clients tomorrow.

Thanks,
Dave
0
 
LVL 23

Accepted Solution

by:
Malli Boppe earned 500 total points
ID: 35079484
In the Microsoft exchange server field you should be using your exchange server. and in the exchang eproxy settings you should be using webmail.domain.com
0
 

Author Closing Comment

by:DaveN6TEB
ID: 35083360
I thought I had tried this but it was probably early on. Thanks for making it clear.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this step by step procedure, you will come to know the details of creating an Outlook meeting in 2007, 2010, 2013 & 2016.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question