Solved

Exchange 2010 Outlook anywhere

Posted on 2011-03-21
17
683 Views
Last Modified: 2012-05-11
Hello,

I have the following problem.

My current situation is as following:

1.      Windows 2008 server DC
2.      Windows 2008 server Exchange 2010

There is a firewall active in this network with a tight policy.

I want to use outlook anywhere. On the server i have enabled it. But when i try to setup my outlook to test it im getting the following errors.

1.      A popup when i open outlook that says: There is a certificate problem with the proxyserver. The name of the certificate is incorrect or is diferent the the name of the site.
Cannot connect with the proxy. (Errorcode 0)

If i click ok it will go away but then my outlook prompts me with a login screen. It doesn’t mater what i put in there. Domein administrator username  and password or a users username and password it wont accept it. Only thing i can do is click cancel and then i get the message that the Exchange server is not availible.

I have done the www.testexchangeconnectivity.com and it gives me the following errors with the settings for autodiscover for settings:

ExRCA is attempting to test Autodiscover for.
      Testing Autodiscover failed.
Attempting to test potential Autodiscover URL https://.nl/AutoDiscover/AutoDiscover.xml
      Testing of this potential Autodiscover URL failed.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
      Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
             Test Steps
             ExRCA is attempting to retrieve an XML Autodiscover response from URL https://autodiscover..nl/AutoDiscover/AutoDiscover.xml for user @.nl.
      ExRCA failed to obtain an Autodiscover XML response.
             Additional Details
      A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown.



       ExRCA is checking the host autodiscover..nl for an HTTP redirect to the Autodiscover service.
      ExRCA failed to get an HTTP redirect response for Autodiscover.
             Additional Details
      A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown.

Attempting to contact the Autodiscover service using the DNS SRV redirect method.
      ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.
             Test Steps
             Attempting to locate SRV record _autodiscover._tcp..nl in DNS.
      The Autodiscover SRV record wasn't found in DNS.



When i use manual settings and i put in the adres i ussed in outlook anywhere configuration. Everything goes good accept this part:
       Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server exchange..nl.
      The attempt to ping the endpoint failed.
      
             Additional Details
      The RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime process.

I am hoping someone can help me with this problem.

Kind regards,
Wesley.
0
Comment
Question by:tinus67
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 7
17 Comments
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35178976
do you have a signed SAN/UCC SSL certificate with the following names in:

autodiscover.domainname.com
mail.domainname.com (the OWA url and the one you use for Outlook Anywhere)
servername.domain.local (the internal fully qualified domainname of your server)

If not, then this is why it will not work.
0
 

Author Comment

by:tinus67
ID: 35179005
demazter how can i check that? If i go to my Exchange console to my certificates i can see the bought certificate from geotrust.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35179039
From the Exchange Management shell, run the following command:

Get-ExchangeCertificate Z fl subject, CertificateDomains, Services

The Certificate Domains will tell you what domains are listed in the cert. And under Services you will see what services are assigned to that certificate.
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:tinus67
ID: 35179071
this is the responce when i run youre command only with a | instead of the Z.
Subject            : CN=exchange.pti.nl, OU=Domain Control Validated - QuickSSL Premium(R), OU=See www.geotrust.com/res
                     ources/cps (c)08, OU=GT82953932, O=exchange.pti.nl, C=NL, SERIALNUMBER=
                     q1-xY
CertificateDomains : {exchange.pti.nl}
Services           : IMAP, POP, IIS, SMTP

Subject            : CN=SEV-02
CertificateDomains : {SEV-02, SEV-02.ptibv.local}
Services           : SMTP

Subject            : CN=WMSvc-SEV-02
CertificateDomains : {WMSvc-SEV-02}
Services           : None
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35179084
Oops, sorry that was a typo.

""Subject            : CN=exchange.pti.nl, OU=Domain Control Validated - QuickSSL Premium(R), OU=See www.geotrust.com/res
                     ources/cps (c)08, OU=GT82953932, O=exchange.pti.nl, C=NL, SERIALNUMBER=
                     q1-xY
CertificateDomains : {exchange.pti.nl}
Services           : IMAP, POP, IIS, SMTP"

You don't have a SAN/UCC certificate, I suggest running through the certificate wizard in the Exchange Management Console and selecting the services you require.  Once done, purchase and complete the request for a SAN/UCC certificate.
0
 

Author Comment

by:tinus67
ID: 35179321
the problem is this is a special certificate. They have bought a while ago that was very expensive. Is there a other way to get this working?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35179325
you need to have the names in the certificate, outlook looks for it.

What type of "Special" certificate?
0
 

Author Comment

by:tinus67
ID: 35179331
so we need to get "autodiscover.domainname.com" in the certificate?
0
 

Author Comment

by:tinus67
ID: 35179388
i think the "special" certificate is a certificate with a wildcard option. It should accept everything *.domainname.nl
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35179463
not according to what you posted above, it's only got a single domain name in it.
0
 

Author Comment

by:tinus67
ID: 35179537
ok i will check that with the provider of the certificate. Thank you for youre help so far.
0
 

Author Comment

by:tinus67
ID: 35179613
they have a normal pro certificate with only the owa link and server link in there.
But im wondering that autodiscover.domain.com do i need to alsow make a record for that like a mx record ?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35179630
You need an A record called autodiscover.domainname.com in your external DNS.

You will also need a SAN/UCC certificate, otherwise this will not work.
0
 

Author Comment

by:tinus67
ID: 35181745
We are first gonna try to make a SRV record that translates discover.domain.com to there record that has a certificate. If that doesn't work we will buy a new one. Thanks for youre help.
0
 
LVL 74

Accepted Solution

by:
Glen Knight earned 500 total points
ID: 35181772
do you have an External DNS provider that supports SRV records?
0
 
LVL 2

Expert Comment

by:imgir
ID: 35195064
Basically I have just gone through the pain you are dealing with now and Demazter is correct you need a UCC certificate and the autodiscover.domain.com record needs to exist on the Internet for your Outlook anywhere to work. the Certificate is required as all traffic to and from the server must be encrypted as you cannot apply more than one certificate to the same IIS box you need to get the UCC certificate. Wildcard certificates do not work, again due to another security requirement from Microsoft.

Simple steps would be:

1. Create an A record for the autodiscover host in your domain pointing to the IP of your webfront-end/CAS server

2. Acquire a replacement certificate for the normal CAS server name which also includes the SAN for autodiscover and apply to the IIS webserver.


You may be able to get your existing Certificate provider to reissue your existing server.domain.com certificate with a Subject  Alternate Name entry for autodiscover.domain.com but I believe only the UCC certificates support those. I know GoDaddy provides those for the best price at about $90 if you need to argue the cost with someone.

Primarily you need to ensure your autodiscovery functions work correctly internally which you can do simply from inside the network by holding down the Ctrl key and right clicking on the tray icon of an Outlook 2007/2010 client and select Test E-Mail Autoconfiguration
See the following link for some additional details (Outlook Free busy relies on the same autodiscovery resources over the Internet.
http://technet.microsoft.com/en-us/library/bb397225(EXCHG.80).aspx

This web link give you some of the more in-depth testing you can run on the server with the Client Access Role installed if you need to go that far...
http://technet.microsoft.com/en-us/library/bb124509.aspx

Long story short if you cannot get your AutoDiscovery to work internally you won't get it to work externally either. Once you confirm all is working internally then the external should be a snap once you get that UCC cert with the SAN for the autodiscover host/service.

Hope that helps.
0
 

Author Comment

by:tinus67
ID: 35229929
i have found the solution sorry for not replying.

The fix for me was creating the SRV record at the hosting. After this the 2007 + 2010 clients could connect using the autodiscover and 2003 clients needed there settings put in manualiy. Thanks for all the help.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What does UTC stand for?  “Coordinated Universal Time” – Think of this as the true time on Planet Earth that never changes with the exception of minor leap seconds here and there to account for the changes in the planet's rotation.   What does th…
Changing a few Outlook Options can help keep you organized!
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …

742 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question