[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 700
  • Last Modified:

Exchange 2010 Outlook anywhere

Hello,

I have the following problem.

My current situation is as following:

1.      Windows 2008 server DC
2.      Windows 2008 server Exchange 2010

There is a firewall active in this network with a tight policy.

I want to use outlook anywhere. On the server i have enabled it. But when i try to setup my outlook to test it im getting the following errors.

1.      A popup when i open outlook that says: There is a certificate problem with the proxyserver. The name of the certificate is incorrect or is diferent the the name of the site.
Cannot connect with the proxy. (Errorcode 0)

If i click ok it will go away but then my outlook prompts me with a login screen. It doesn’t mater what i put in there. Domein administrator username  and password or a users username and password it wont accept it. Only thing i can do is click cancel and then i get the message that the Exchange server is not availible.

I have done the www.testexchangeconnectivity.com and it gives me the following errors with the settings for autodiscover for settings:

ExRCA is attempting to test Autodiscover for.
      Testing Autodiscover failed.
Attempting to test potential Autodiscover URL https://.nl/AutoDiscover/AutoDiscover.xml
      Testing of this potential Autodiscover URL failed.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
      Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
             Test Steps
             ExRCA is attempting to retrieve an XML Autodiscover response from URL https://autodiscover..nl/AutoDiscover/AutoDiscover.xml for user @.nl.
      ExRCA failed to obtain an Autodiscover XML response.
             Additional Details
      A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown.



       ExRCA is checking the host autodiscover..nl for an HTTP redirect to the Autodiscover service.
      ExRCA failed to get an HTTP redirect response for Autodiscover.
             Additional Details
      A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown.

Attempting to contact the Autodiscover service using the DNS SRV redirect method.
      ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.
             Test Steps
             Attempting to locate SRV record _autodiscover._tcp..nl in DNS.
      The Autodiscover SRV record wasn't found in DNS.



When i use manual settings and i put in the adres i ussed in outlook anywhere configuration. Everything goes good accept this part:
       Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server exchange..nl.
      The attempt to ping the endpoint failed.
      
             Additional Details
      The RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime process.

I am hoping someone can help me with this problem.

Kind regards,
Wesley.
0
tinus67
Asked:
tinus67
  • 9
  • 7
1 Solution
 
Glen KnightCommented:
do you have a signed SAN/UCC SSL certificate with the following names in:

autodiscover.domainname.com
mail.domainname.com (the OWA url and the one you use for Outlook Anywhere)
servername.domain.local (the internal fully qualified domainname of your server)

If not, then this is why it will not work.
0
 
tinus67Author Commented:
demazter how can i check that? If i go to my Exchange console to my certificates i can see the bought certificate from geotrust.
0
 
Glen KnightCommented:
From the Exchange Management shell, run the following command:

Get-ExchangeCertificate Z fl subject, CertificateDomains, Services

The Certificate Domains will tell you what domains are listed in the cert. And under Services you will see what services are assigned to that certificate.
0
Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

 
tinus67Author Commented:
this is the responce when i run youre command only with a | instead of the Z.
Subject            : CN=exchange.pti.nl, OU=Domain Control Validated - QuickSSL Premium(R), OU=See www.geotrust.com/res
                     ources/cps (c)08, OU=GT82953932, O=exchange.pti.nl, C=NL, SERIALNUMBER=
                     q1-xY
CertificateDomains : {exchange.pti.nl}
Services           : IMAP, POP, IIS, SMTP

Subject            : CN=SEV-02
CertificateDomains : {SEV-02, SEV-02.ptibv.local}
Services           : SMTP

Subject            : CN=WMSvc-SEV-02
CertificateDomains : {WMSvc-SEV-02}
Services           : None
0
 
Glen KnightCommented:
Oops, sorry that was a typo.

""Subject            : CN=exchange.pti.nl, OU=Domain Control Validated - QuickSSL Premium(R), OU=See www.geotrust.com/res
                     ources/cps (c)08, OU=GT82953932, O=exchange.pti.nl, C=NL, SERIALNUMBER=
                     q1-xY
CertificateDomains : {exchange.pti.nl}
Services           : IMAP, POP, IIS, SMTP"

You don't have a SAN/UCC certificate, I suggest running through the certificate wizard in the Exchange Management Console and selecting the services you require.  Once done, purchase and complete the request for a SAN/UCC certificate.
0
 
tinus67Author Commented:
the problem is this is a special certificate. They have bought a while ago that was very expensive. Is there a other way to get this working?
0
 
Glen KnightCommented:
you need to have the names in the certificate, outlook looks for it.

What type of "Special" certificate?
0
 
tinus67Author Commented:
so we need to get "autodiscover.domainname.com" in the certificate?
0
 
tinus67Author Commented:
i think the "special" certificate is a certificate with a wildcard option. It should accept everything *.domainname.nl
0
 
Glen KnightCommented:
not according to what you posted above, it's only got a single domain name in it.
0
 
tinus67Author Commented:
ok i will check that with the provider of the certificate. Thank you for youre help so far.
0
 
tinus67Author Commented:
they have a normal pro certificate with only the owa link and server link in there.
But im wondering that autodiscover.domain.com do i need to alsow make a record for that like a mx record ?
0
 
Glen KnightCommented:
You need an A record called autodiscover.domainname.com in your external DNS.

You will also need a SAN/UCC certificate, otherwise this will not work.
0
 
tinus67Author Commented:
We are first gonna try to make a SRV record that translates discover.domain.com to there record that has a certificate. If that doesn't work we will buy a new one. Thanks for youre help.
0
 
Glen KnightCommented:
do you have an External DNS provider that supports SRV records?
0
 
imgirCommented:
Basically I have just gone through the pain you are dealing with now and Demazter is correct you need a UCC certificate and the autodiscover.domain.com record needs to exist on the Internet for your Outlook anywhere to work. the Certificate is required as all traffic to and from the server must be encrypted as you cannot apply more than one certificate to the same IIS box you need to get the UCC certificate. Wildcard certificates do not work, again due to another security requirement from Microsoft.

Simple steps would be:

1. Create an A record for the autodiscover host in your domain pointing to the IP of your webfront-end/CAS server

2. Acquire a replacement certificate for the normal CAS server name which also includes the SAN for autodiscover and apply to the IIS webserver.


You may be able to get your existing Certificate provider to reissue your existing server.domain.com certificate with a Subject  Alternate Name entry for autodiscover.domain.com but I believe only the UCC certificates support those. I know GoDaddy provides those for the best price at about $90 if you need to argue the cost with someone.

Primarily you need to ensure your autodiscovery functions work correctly internally which you can do simply from inside the network by holding down the Ctrl key and right clicking on the tray icon of an Outlook 2007/2010 client and select Test E-Mail Autoconfiguration
See the following link for some additional details (Outlook Free busy relies on the same autodiscovery resources over the Internet.
http://technet.microsoft.com/en-us/library/bb397225(EXCHG.80).aspx

This web link give you some of the more in-depth testing you can run on the server with the Client Access Role installed if you need to go that far...
http://technet.microsoft.com/en-us/library/bb124509.aspx

Long story short if you cannot get your AutoDiscovery to work internally you won't get it to work externally either. Once you confirm all is working internally then the external should be a snap once you get that UCC cert with the SAN for the autodiscover host/service.

Hope that helps.
0
 
tinus67Author Commented:
i have found the solution sorry for not replying.

The fix for me was creating the SRV record at the hosting. After this the 2007 + 2010 clients could connect using the autodiscover and 2003 clients needed there settings put in manualiy. Thanks for all the help.
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

  • 9
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now