We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Outlook Anywhere for Exchange 2007

StarfishTech
StarfishTech asked
on
Medium Priority
509 Views
Last Modified: 2012-05-11
We just replaced our SBS 2003 server with an SBS 2008 server. I seem to be having issues getting Outlook anywhere working. The exchange server appears to have a valid, self signed cert issued to it. When I try to connect an Outlook 2007 client to Outlook Anywhere, it will prompt for a username and password but it will never accept the credentials I enter - not even the admin credentials. Finally it tells me that the connection to microsoft exchange is unavailable. I can login to OWA from the workstation fine and I've also installed the cert from OWA. Any help would be appreciated.
Comment
Watch Question

Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
We did install the cert on the client. We went to the OWA site from the client and installed the cert off the OWA site.
JamesSenior Cloud Infrastructure Engineer
CERTIFIED EXPERT
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Can you post a snapshot of the HTTP over RPC settings?
CERTIFIED EXPERT
Distinguished Expert 2018
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Commented:
Therefore you have to enter username in domain\username form to get this work.

And I suggest that you add the autodiscover.yourdomain.local or autodiscover.yourdomain.com to your dns to avoid outlook prompt for usernam/password.
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
...some of the advice here is option/can be easier, but start by properly installing the internal cert package, get your system working as expected, then if you want to go with a more robust deployment (configuring autodiscover, UCC certs, etc) you can do so. None of those are by any means required though, and what you have going on right now is a *basic* configuration flaw that none of those will fix.

-Cliff

Author

Commented:
ok, well I seem to be in better shape. I installed the correct certificate and I can tell it is correct because when I browse the owa site from the client, I no longer get the warning. However, when I go to configure the outlook profile, I get as far as checking the name where it asks me to login with credentials and I can't get any further. It just keeps prompting me for credentials.

Commented:
You have to create a autodiscover.domain.com to solve this. You cannot get around it as far as i know.

CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
Alright, lets see where things are hanging up (no use guessing.)

Head to www.testexchangeconnectivity.com and use its tests. They have a test for Outlook Anywhere which *can* use autodiscover or can use manual configuration. Try both and see where the tests hang up. Ideally I'd like to see the manual configuration pass, and if not, *get* it to pass, then you can move on to working out any remaining autodiscover issues (does not necessarily require an autodiscover.domain.com record)

-Cliff

Author

Commented:
OK, can I get the specifics on creating the autodiscover.domain.com?

Commented:
You have to go to your external dns and make a A Record called autodiscover.domain.com pointing to your external Exchange Server.

Go to myip.dk to get your external IP.

Commented:
Here a MS doc
http://support.microsoft.com/kb/940881

And another
http://www.rackspace.com/apps/support/portal/1218

You can verify your configuration for many settings in https://www.testexchangeconnectivity.com/

You can check autodiscover, outlook anywhere, etc.

Author

Commented:
Ok, I've gone to our external DNS hosting and created an SRV record that looks like so:

_autodiscover._tcp.domain.com

I will wait for it to propagate and try again.

Author

Commented:
Just tried again. Setup a new profile on the client PC. When i went to "check name" it prompted me for a password. It didn't accept the clients credentials but it DID accept the admin credentials and then resolved the server name and mailbox. However, once I attempted to launch outlook and access the mailbox, it wouldn't accept any credentials - it just kept prompting me.
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
Like I said earlier, auto discover, while nice, is a secondary concern. Use the site already mentioned to get details of the failure. I also recommend creating a test account for these tests.

-Cliff

Commented:
try go to www.exchangeconnectivity.com  and choose the Autodiscover test. Fill in the information and run it. Then tell us what the exact error you are getting.

Author

Commented:
OK, here is the entire log from the RPC/Outlook anywhere test on the test site.

Testing RPC/HTTP connectivity.
  The RPC/HTTP test failed.
   Test Steps
   ExRCA is attempting to test Autodiscover for user@domain.com.
  Testing Autodiscover failed.
   Test Steps
   Attempting each method of contacting the Autodiscover service.
  The Autodiscover service couldn't be contacted successfully by any method.
   Test Steps
   Attempting to test potential Autodiscover URL https://domain.com/AutoDiscover/AutoDiscover.xml 
  Testing of this potential Autodiscover URL failed.
   Test Steps
   Attempting to resolve the host name domain.com in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: x.x.x.x
 Testing TCP port 443 on host domain.com to ensure it's listening and open.
  The port was opened successfully.
 Testing the SSL certificate to make sure it's valid.
  The SSL certificate failed one or more certificate validation checks.
   Tell me more about this issue and how to resolve it
   Additional Details
  A network error occurred while communicating with the remote host.
Exception details:
Message: Authentication failed because the remote party has closed the transport stream.
Type: System.IO.IOException
Stack trace:
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost)
at Microsoft.Exchange.Tools.ExRca.Tests.SSLCertificateTest.PerformTestReally()
 
 
 
 
 Attempting to test potential Autodiscover URL https://autodiscover.domain/AutoDiscover/AutoDiscover.xml 
  Testing of this potential Autodiscover URL failed.
   Test Steps
   Attempting to resolve the host name autodiscover.domain.com in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: x.x.x.x
 Testing TCP port 443 on host autodiscover.domain.com to ensure it's listening and open.
  The port was opened successfully.
 Testing the SSL certificate to make sure it's valid.
  The SSL certificate failed one or more certificate validation checks.
   Tell me more about this issue and how to resolve it
   Additional Details
  A network error occurred while communicating with the remote host.
Exception details:
Message: Authentication failed because the remote party has closed the transport stream.
Type: System.IO.IOException
Stack trace:
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost)
at Microsoft.Exchange.Tools.ExRca.Tests.SSLCertificateTest.PerformTestReally()
 
 
 
 
 Attempting to contact the Autodiscover service using the HTTP redirect method.
  The attempt to contact Autodiscover using the HTTP Redirect method failed.
   Test Steps
   Attempting to resolve the host name autodiscover.domain.com in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: x.x.x.x
 Testing TCP port 80 on host autodiscover.domain.com to ensure it's listening and open.
  The port was opened successfully.
 ExRCA is checking the host autodiscover.domain.com for an HTTP redirect to the Autodiscover service.
  ExRCA failed to get an HTTP redirect response for Autodiscover.
   Additional Details
  A Web exception occurred because an HTTP 400 - BadRequest response was received from Unknown.
 
 
 
 Attempting to contact the Autodiscover service using the DNS SRV redirect method.
  ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.
   Test Steps
   Attempting to locate SRV record _autodiscover._tcp.domain.com in DNS.
  The Autodiscover SRV record was successfully retrieved from DNS.
   Additional Details
  The Service Location (SRV) record lookup returned host mail.domain.com.
 
 Attempting to test potential Autodiscover URL https://mail.domain.com/Autodiscover/Autodiscover.xml 
  Testing of this potential Autodiscover URL failed.
   Test Steps
   Attempting to resolve the host name mail.domain.com in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: 70.62.x.x
 
 Testing TCP port 443 on host mail.domain.com to ensure it's listening and open.
  The port was opened successfully.
 Testing the SSL certificate to make sure it's valid.
  The SSL certificate failed one or more certificate validation checks.
   Test Steps
   Validating the certificate name.
  The certificate name was validated successfully.
   Additional Details
  Host name mail.domain.com was found in the Certificate Subject Common name.
 
 Certificate trust is being validated.
  Certificate trust validation failed.
   Additional Details
  The certificate chain couldn't be built. You may be missing required intermediate certificates.
 
 
 
 
 
 
 
 
 
 
 
 
 

Author

Commented:
We ended up having to do a repair on the network and also there were some SSL settings issues on one of the RPC virtual directories in IIS. Thanks for everyones help. A lot of helpful information in this thread!

Commented:
I am glad that your problems is fixed.


Please make sure to include the IIS as a backup source also in your backup plan.

Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.