Solved

Exchange 2010 Outlook anywhere

Posted on 2011-03-21
17
676 Views
Last Modified: 2012-05-11
Hello,

I have the following problem.

My current situation is as following:

1.      Windows 2008 server DC
2.      Windows 2008 server Exchange 2010

There is a firewall active in this network with a tight policy.

I want to use outlook anywhere. On the server i have enabled it. But when i try to setup my outlook to test it im getting the following errors.

1.      A popup when i open outlook that says: There is a certificate problem with the proxyserver. The name of the certificate is incorrect or is diferent the the name of the site.
Cannot connect with the proxy. (Errorcode 0)

If i click ok it will go away but then my outlook prompts me with a login screen. It doesn’t mater what i put in there. Domein administrator username  and password or a users username and password it wont accept it. Only thing i can do is click cancel and then i get the message that the Exchange server is not availible.

I have done the www.testexchangeconnectivity.com and it gives me the following errors with the settings for autodiscover for settings:

ExRCA is attempting to test Autodiscover for.
      Testing Autodiscover failed.
Attempting to test potential Autodiscover URL https://.nl/AutoDiscover/AutoDiscover.xml
      Testing of this potential Autodiscover URL failed.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
      Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
             Test Steps
             ExRCA is attempting to retrieve an XML Autodiscover response from URL https://autodiscover..nl/AutoDiscover/AutoDiscover.xml for user @.nl.
      ExRCA failed to obtain an Autodiscover XML response.
             Additional Details
      A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown.



       ExRCA is checking the host autodiscover..nl for an HTTP redirect to the Autodiscover service.
      ExRCA failed to get an HTTP redirect response for Autodiscover.
             Additional Details
      A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown.

Attempting to contact the Autodiscover service using the DNS SRV redirect method.
      ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.
             Test Steps
             Attempting to locate SRV record _autodiscover._tcp..nl in DNS.
      The Autodiscover SRV record wasn't found in DNS.



When i use manual settings and i put in the adres i ussed in outlook anywhere configuration. Everything goes good accept this part:
       Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server exchange..nl.
      The attempt to ping the endpoint failed.
      
             Additional Details
      The RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime process.

I am hoping someone can help me with this problem.

Kind regards,
Wesley.
0
Comment
Question by:tinus67
  • 9
  • 7
17 Comments
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
do you have a signed SAN/UCC SSL certificate with the following names in:

autodiscover.domainname.com
mail.domainname.com (the OWA url and the one you use for Outlook Anywhere)
servername.domain.local (the internal fully qualified domainname of your server)

If not, then this is why it will not work.
0
 

Author Comment

by:tinus67
Comment Utility
demazter how can i check that? If i go to my Exchange console to my certificates i can see the bought certificate from geotrust.
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
From the Exchange Management shell, run the following command:

Get-ExchangeCertificate Z fl subject, CertificateDomains, Services

The Certificate Domains will tell you what domains are listed in the cert. And under Services you will see what services are assigned to that certificate.
0
 

Author Comment

by:tinus67
Comment Utility
this is the responce when i run youre command only with a | instead of the Z.
Subject            : CN=exchange.pti.nl, OU=Domain Control Validated - QuickSSL Premium(R), OU=See www.geotrust.com/res
                     ources/cps (c)08, OU=GT82953932, O=exchange.pti.nl, C=NL, SERIALNUMBER=
                     q1-xY
CertificateDomains : {exchange.pti.nl}
Services           : IMAP, POP, IIS, SMTP

Subject            : CN=SEV-02
CertificateDomains : {SEV-02, SEV-02.ptibv.local}
Services           : SMTP

Subject            : CN=WMSvc-SEV-02
CertificateDomains : {WMSvc-SEV-02}
Services           : None
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
Oops, sorry that was a typo.

""Subject            : CN=exchange.pti.nl, OU=Domain Control Validated - QuickSSL Premium(R), OU=See www.geotrust.com/res
                     ources/cps (c)08, OU=GT82953932, O=exchange.pti.nl, C=NL, SERIALNUMBER=
                     q1-xY
CertificateDomains : {exchange.pti.nl}
Services           : IMAP, POP, IIS, SMTP"

You don't have a SAN/UCC certificate, I suggest running through the certificate wizard in the Exchange Management Console and selecting the services you require.  Once done, purchase and complete the request for a SAN/UCC certificate.
0
 

Author Comment

by:tinus67
Comment Utility
the problem is this is a special certificate. They have bought a while ago that was very expensive. Is there a other way to get this working?
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
you need to have the names in the certificate, outlook looks for it.

What type of "Special" certificate?
0
 

Author Comment

by:tinus67
Comment Utility
so we need to get "autodiscover.domainname.com" in the certificate?
0
How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

 

Author Comment

by:tinus67
Comment Utility
i think the "special" certificate is a certificate with a wildcard option. It should accept everything *.domainname.nl
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
not according to what you posted above, it's only got a single domain name in it.
0
 

Author Comment

by:tinus67
Comment Utility
ok i will check that with the provider of the certificate. Thank you for youre help so far.
0
 

Author Comment

by:tinus67
Comment Utility
they have a normal pro certificate with only the owa link and server link in there.
But im wondering that autodiscover.domain.com do i need to alsow make a record for that like a mx record ?
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
You need an A record called autodiscover.domainname.com in your external DNS.

You will also need a SAN/UCC certificate, otherwise this will not work.
0
 

Author Comment

by:tinus67
Comment Utility
We are first gonna try to make a SRV record that translates discover.domain.com to there record that has a certificate. If that doesn't work we will buy a new one. Thanks for youre help.
0
 
LVL 74

Accepted Solution

by:
Glen Knight earned 500 total points
Comment Utility
do you have an External DNS provider that supports SRV records?
0
 
LVL 2

Expert Comment

by:imgir
Comment Utility
Basically I have just gone through the pain you are dealing with now and Demazter is correct you need a UCC certificate and the autodiscover.domain.com record needs to exist on the Internet for your Outlook anywhere to work. the Certificate is required as all traffic to and from the server must be encrypted as you cannot apply more than one certificate to the same IIS box you need to get the UCC certificate. Wildcard certificates do not work, again due to another security requirement from Microsoft.

Simple steps would be:

1. Create an A record for the autodiscover host in your domain pointing to the IP of your webfront-end/CAS server

2. Acquire a replacement certificate for the normal CAS server name which also includes the SAN for autodiscover and apply to the IIS webserver.


You may be able to get your existing Certificate provider to reissue your existing server.domain.com certificate with a Subject  Alternate Name entry for autodiscover.domain.com but I believe only the UCC certificates support those. I know GoDaddy provides those for the best price at about $90 if you need to argue the cost with someone.

Primarily you need to ensure your autodiscovery functions work correctly internally which you can do simply from inside the network by holding down the Ctrl key and right clicking on the tray icon of an Outlook 2007/2010 client and select Test E-Mail Autoconfiguration
See the following link for some additional details (Outlook Free busy relies on the same autodiscovery resources over the Internet.
http://technet.microsoft.com/en-us/library/bb397225(EXCHG.80).aspx

This web link give you some of the more in-depth testing you can run on the server with the Client Access Role installed if you need to go that far...
http://technet.microsoft.com/en-us/library/bb124509.aspx

Long story short if you cannot get your AutoDiscovery to work internally you won't get it to work externally either. Once you confirm all is working internally then the external should be a snap once you get that UCC cert with the SAN for the autodiscover host/service.

Hope that helps.
0
 

Author Comment

by:tinus67
Comment Utility
i have found the solution sorry for not replying.

The fix for me was creating the SRV record at the hosting. After this the 2007 + 2010 clients could connect using the autodiscover and 2003 clients needed there settings put in manualiy. Thanks for all the help.
0

Featured Post

How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now