Solved

Outlook Anywere

Posted on 2011-03-21
22
3,434 Views
Last Modified: 2012-06-27
I am having some issues setting up Outlook Anywhere using exchange 2010.

I have enabled Outlook Anywhere and attempted to connect using the following settings:

 image1 image2
On the server side we have 2008 R2 with Exchange 2010. We can connect to OWA and have configured are own certificate.

The certificate was setup by installing the certificate authority on the server; we created an exchange certificate and got this issued by our own certificate authority. After adding our certificate to the external client OWA has no problems with the certificate.

However when opening up outlook it asks for the username and password then brings up the following error:

 image3
Does anyone have any ideas on how to fix and/ or diagnose the issue?
0
Comment
Question by:patrickfreer
  • 9
  • 7
  • 5
  • +1
22 Comments
 
LVL 7

Expert Comment

by:Saoi
ID: 35179801
Hi,

Have you tried using the Exchange Connectivity Analyzer? https://www.testexchangeconnectivity.com/ Run the Outlook Anywhere Test and post back any errors :)

Sam
0
 
LVL 22

Expert Comment

by:chakko
ID: 35179812

In the Outlook setting for server name (same screen where you put your username).  Use the internal server name (same as you would put in the local LAN).
0
 
LVL 1

Author Comment

by:patrickfreer
ID: 35180741
Chakko the server name is set to my internal server name.

Saoi please see attached:

 oa-errors
Another note https://server.domain.com/owa works without any certificate errors.
0
 
LVL 19

Expert Comment

by:R--R
ID: 35180904
Open the certificate go to certificate path tab then you will the root certificate/chain.
Just highlight/select it and view certificate and install it.

Install all of them which you can see in the certificate path.
0
 
LVL 19

Expert Comment

by:R--R
ID: 35180925
Install it on the PC from where you are setting up outlook for outlook anywhere.
0
 
LVL 19

Expert Comment

by:R--R
ID: 35180934
0
 
LVL 7

Expert Comment

by:Saoi
ID: 35181052
I'm pretty confident the certificate is not the issue - ExRCA doesn't take a private CA into account and won't trust it which is the error received there.

Can you run the following from your EXCH2010 server and show the results:

Test-OutlookConnectivity -Protocol:Http -verbose
0
 
LVL 1

Author Comment

by:patrickfreer
ID: 35181123
I have installed all the available certificates yet Outlook Anywhere still refuses to work.

When looking at the certificate that’s used for OWA the chain tab has the following:

 ww
Both blanked out fields contain the server.domain.com address.
0
 
LVL 1

Author Comment

by:patrickfreer
ID: 35181154
Test-OutlookConnectivity -Protocol:Http -verbose

 
[PS] C:\Windows\system32>Test-OutlookConnectivity -Protocol:Http -verbose
VERBOSE: [14:39:40.561 GMT] Test-OutlookConnectivity : Initializing Active Directory server settings for the remote
Windows PowerShell session.
VERBOSE: [14:39:40.561 GMT] Test-OutlookConnectivity : Active Directory session settings for 'Test-OutlookConnectivity'
 are: View Entire Forest: 'False', Default Scope: 'domain.local', Configuration Domain Controller: 'server.domain.local',
 Preferred Global Catalog: 'server.domain.local', Preferred Domain Controllers: '{ server.domain.local }'
VERBOSE: [14:39:40.561 GMT] Test-OutlookConnectivity : Runspace context: Executing user:
domain.local/Users/Administrator, Executing user organization: , Current organization: , RBAC-enabled: Enabled.
VERBOSE: [14:39:40.561 GMT] Test-OutlookConnectivity : Beginning processing &
VERBOSE: [14:39:40.624 GMT] Test-OutlookConnectivity : Instantiating handler with index 0 for cmdlet extension agent
"Admin Audit Log Agent".
VERBOSE: [14:39:40.670 GMT] Test-OutlookConnectivity : Current ScopeSet is: { Recipient Read Scope: {{, }}, Recipient
Write Scopes: {{, }}, Configuration Read Scope: {{, }}, Configuration Write Scope(s): {{, }, }, Exclusive Recipient
Scope(s): {}, Exclusive Configuration Scope(s): {} }
VERBOSE: [14:39:40.733 GMT] Test-OutlookConnectivity : Target Site =
'domain.local/Configuration/Sites/Default-First-Site-Name'
VERBOSE: [14:39:40.733 GMT] Test-OutlookConnectivity : Target Domain = 'domain.local'
VERBOSE: [14:39:40.873 GMT] Test-OutlookConnectivity : Admin Audit Log: Entered Handler:OnComplete.
VERBOSE: [14:39:41.060 GMT] Test-OutlookConnectivity : Target Site =
'domain.local/Configuration/Sites/Default-First-Site-Name'
VERBOSE: [14:39:41.060 GMT] Test-OutlookConnectivity : Target Domain = 'domain.local'
Failed to find the mailbox. Mailbox = 'extest_9d767a9f2fda4@domain.local'.
    + CategoryInfo          : OperationStopped: (Microsoft.Excha...onnectivityTask:TestOutlookConnectivityTask) [Test-
   OutlookConnectivity], MailboxNotFoundException
    + FullyQualifiedErrorId : 633F0BAD,Microsoft.Exchange.Monitoring.TestOutlookConnectivityTask

VERBOSE: [14:39:41.076 GMT] Test-OutlookConnectivity : Ending processing &
[PS] C:\Windows\system32>

Open in new window

0
 
LVL 19

Expert Comment

by:R--R
ID: 35181292
Have you checked through  https://www.testexchangeconnectivity.com/ ?
0
 
LVL 7

Expert Comment

by:Saoi
ID: 35181303
Ah, you'll need to run the "new-testcasconnectivityuser.ps1" script from your <exchange installation path>\Scripts folder. This will create the user and then re-run the test.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 1

Author Comment

by:patrickfreer
ID: 35181330
new-testcasconnectivityuser.ps1 give the following error:

 
[PS] C:\Program Files\Microsoft\Exchange Server\V14\Scripts>.\new-TestCasConnectivityUser.ps1
Please enter a temporary secure password for creating test users. For security purposes, the password will be changed r
egularly and automatically by the system.
Enter password: **************
Create test user on: server.domain.local
Click CTRL+Break to quit or click Enter to continue.:
CreateTestUser : Mailbox could not be created. Verify that OU ( Users ) exists and that password meets complexity requi
rements.
At C:\Program Files\Microsoft\Exchange Server\V14\Scripts\new-TestCasConnectivityUser.ps1:267 char:31
+       $result = CreateTestUser <<<<  $exchangeServer $mailboxServer $securePassword $OrganizationalUnit $UMDialPlan $
UMExtension $Prompt
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,CreateTestUser

Open in new window

0
 
LVL 19

Expert Comment

by:R--R
ID: 35181392
Are you able to telnet server.domain.com 6004
6001 or 6002
0
 
LVL 7

Expert Comment

by:Saoi
ID: 35181394
0
 
LVL 1

Author Comment

by:patrickfreer
ID: 35181424
Ok the above was due to having two OU called "users" so i specified the correct OU and this worked. I was then able to run the "Test-OutlookConnectivity -Protocol:Http -verbose" command. this gave the following output:

 
ClientAccessServer   ServiceEndpoint                               Scenario                            Result  Latency
                                                                                                                  (MS)
------------------   ---------------                               --------                            ------  -------
server.domain.local    server.domain.local                             Autodiscover: Web service request.  Success   31.20
VERBOSE: [15:10:50.068 GMT] Test-OutlookConnectivity : RPC Endpoint = 'server.domain.local'
VERBOSE: [15:10:50.068 GMT] Test-OutlookConnectivity : Using connection parameters :
'domain.local\extest_9d767a9f2fda4: RpcProxy/RPC-over-HTTP, [server.domainsemail.com/Basic]'
VERBOSE: [15:10:50.068 GMT] Test-OutlookConnectivity : Pinging RpcProxy at the folling URL:
https://server.domainsemail.com/rpc/RpcProxy.dll.
VERBOSE: [15:10:50.068 GMT] Test-OutlookConnectivity : An unexpected exception occurred while pinging RpcProxy. The
most common reason for this occurring is that the IIS DefaultAppPool isn't running. Exception: The remote server
returned an error: (404) Not Found.
server.domain.local    server.domain.local                             RpcProxy::VerifyRpcProxy.           Failure   -1.00
VERBOSE: [15:10:50.068 GMT] Test-OutlookConnectivity : RPC Endpoint = 'server.domain.local'
VERBOSE: [15:10:50.068 GMT] Test-OutlookConnectivity : This step was skipped. This may have been caused by the failure
in a previous scenario. Operation = 'AddressbookTask::GetReferral'.
server.domain.local    server.domain.local                             RFRI::GetReferral.                  Skipped   -1.00
VERBOSE: [15:10:50.084 GMT] Test-OutlookConnectivity : RPC Endpoint = 'server.domain.local'
VERBOSE: [15:10:50.084 GMT] Test-OutlookConnectivity : This step was skipped. This may have been caused by the failure
in a previous scenario. Operation = 'AddressbookTask::GetProfile'.
server.domain.local    server.domain.local                             NSPI::GetProfileDetails.            Skipped   -1.00
VERBOSE: [15:10:50.084 GMT] Test-OutlookConnectivity : RPC Endpoint = 'server.domain.local'
VERBOSE: [15:10:50.084 GMT] Test-OutlookConnectivity : This step was skipped. This may have been caused by the failure
in a previous scenario. Operation = 'MailboxTask::Connect'.
server.domain.local    server.domain.local                             Mailbox::Connect.                   Skipped   -1.00
VERBOSE: [15:10:50.084 GMT] Test-OutlookConnectivity : RPC Endpoint = 'server.domain.local'
VERBOSE: [15:10:50.084 GMT] Test-OutlookConnectivity : This step was skipped. This may have been caused by the failure
in a previous scenario. Operation = 'MailboxTask::Logon'.
server.domain.local    server.domain.local                             Mailbox::Logon.                     Skipped   -1.00
VERBOSE: [15:10:50.084 GMT] Test-OutlookConnectivity : Admin Audit Log: Entered Handler:OnComplete.
VERBOSE: [15:10:50.084 GMT] Test-OutlookConnectivity : Ending processing &

Open in new window

0
 
LVL 1

Author Comment

by:patrickfreer
ID: 35181439
And yes i can telnet to the server on port 6004
0
 
LVL 7

Expert Comment

by:Saoi
ID: 35181481
and the output of get-OutlookAnywhere

Can you see the /Rpc and /RpcWithCert folders in IIS?
0
 
LVL 1

Author Comment

by:patrickfreer
ID: 35181509
I cannot seem to find /Rpc or /RpcWithCert folders listed in IIS.

Also the output of get-outlookanywhere:

 
[PS] C:\Program Files\Microsoft\Exchange Server\V14\Scripts>Get-OutlookAnywhere
WARNING: Warning: "Rpc (Default Web Site)" was not found. Please ensure that the RPC over HTTP Proxy feature has been
added to server "server".


RunspaceId                      : ff171a0b-8943-4eef-895e-b3be43d4b149
ServerName                      : server
SSLOffloading                   : False
ExternalHostname                : server.domainsemail.com
ClientAuthenticationMethod      : Basic
IISAuthenticationMethods        : {Basic}
XropUrl                         :
MetabasePath                    : IIS://server.domain.local/W3SVC/1/ROOT/Rpc
Path                            :
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags         : {}
ExtendedProtectionSPNList       : {}
Server                          : server
AdminDisplayName                :
ExchangeVersion                 : 0.10 (14.0.100.0)
Name                            : Rpc (Default Web Site)
DistinguishedName               : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols,CN=server,CN=Servers,CN=Exchange Admini
                                  trative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=domain Mail,CN=Microsoft
                                  Exchange,CN=Services,CN=Configuration,DC=domain,DC=local
Identity                        : server\Rpc (Default Web Site)
Guid                            : 4cba025b-3dcf-4ec3-a3ab-1a63e0130a83
ObjectCategory                  : domain.local/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
ObjectClass                     : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
WhenChanged                     : 16/03/2011 15:18:28
WhenCreated                     : 16/03/2011 08:53:35
WhenChangedUTC                  : 16/03/2011 15:18:28
WhenCreatedUTC                  : 16/03/2011 08:53:35
OrganizationId                  :
OriginatingServer               : server.domain.local
IsValid                         : True

Open in new window

0
 
LVL 7

Accepted Solution

by:
Saoi earned 500 total points
ID: 35181646
Ok, that looks like our issue then!

There are some details here on how to recreate those two IIS folders: http://blog.chrislehr.com/2009/09/creating-rpc-directory-on-additional.htm

0
 
LVL 1

Assisted Solution

by:patrickfreer
patrickfreer earned 0 total points
ID: 35181701
Yes that was defiantly the issue, but it turns out RPC over HTTP was not installed. So under features of the server I installed it and all is working now.

Thanks for all the advice Saoi!
0
 
LVL 7

Expert Comment

by:Saoi
ID: 35181822
Glad to help - I almost asked if you'd installed RPC over HTTP :)
0
 
LVL 1

Author Closing Comment

by:patrickfreer
ID: 35221169
See Answer
0

Featured Post

Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

Join & Write a Comment

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now