[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Outlook wont connect to exchange 2007 and Outlook Anywhere configuration issue

Posted on 2011-05-10
22
Medium Priority
?
558 Views
Last Modified: 2012-05-11
I recently upgraded exchange from 2003 to 2007. The transition went flawlessly in that the step by step guide I followed worked without any errors all the way to finish.

After the transition was done, I reconfigured my mail account to access the new exchange server -  tried to open outlook and I get the following error:

"Cannot start Microsoft Office Outlook. Cannot open the Outlook window. The set of folders cannot be opened. The attempt to log on to Microsoft Exchange has failed" with an "ok" button.

In the EMC > Recipient Configuration > Mailbox > for each user > Manage Full Access > added each user individually - didnt make it work

It seems like a permission issue, but I'm not sure where to make this work.

The Outlook Anywhere part of this is how do I make that work in general?

I go to https://www.mydomain.com/owa enter in my credentials and I get page cannot be displayed (HTTP 400 Bad Request)
0
Comment
Question by:Nathan Hawkins
  • 10
  • 9
  • 2
  • +1
22 Comments
 
LVL 4

Author Comment

by:Nathan Hawkins
ID: 35735256
None of those suggestions worked, but I did delete the exchange profile in Mail and reset it back to the new exchange 207 server and when I clicked finish - it prompted me to re-enter my domain PW. After I did that it was able to connect to exchange and downloaded all of my mail (etc) into an OST file. So apparently that seems to be working now. However I cant seem to send e-mail outbound.

Any ideas on that? I do believe its an exchange configuration issue.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 19

Expert Comment

by:suriyaehnop
ID: 35735483
Are you not able to send and email out to Internet or Internal or both. If you are not able to send an email to Internet then check on Send Connector settings. Please make sure that for email with address other than your domain need to route to internet using Send Connector. The basic settings is *

0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 35736912
was this exchange 2003 an sbs?
because if so, then you will have inheretad the sbs send connector, which probably won't work now...
0
 
LVL 4

Author Comment

by:Nathan Hawkins
ID: 35738373
The server is a 2003 Enterprise x64 with SP2 installed. E-mail internally works fine.

I changed the send connector address space to * rather than *.domain.com and it immediately bounced back the test e-mails I was trying to send. So I think the address space needs to be * but now the problem is that I have the internal AD domain domain.local and the FQDN www.domain.com and its sending the e-mail as if I'm using the internal domain.local e-mail address. I've set the FQDN as the default domain and restarted the information store service but it wont send the e-mail using the FQDN.

OWA is also working only internally, but not externally. I'm pretty sure that its a certificate issue in that the certificate is a self installed one that is using only the internal domain.local domain. I do want an actual SSL certificate, and as I was doing research on certificates it seems that if I want to do active sync and all of the other goodies I have to purchase a specialized SSL certificate. Please advise as to which one I need in order to make it so I can do everything.

Thanks!
Sec-Man
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 35740716
you need to restart the transport service, not IS
and please check the users primary email adress, is it the external or internal address??

the fact that owa isn't working externally has nothing to do with the send connector, nor the certificate...
are you using the fqdn facing external?
if you check owa settings under client access in emc, what is the external url listed there?
you do NOT need a signed ssl for sync/owa to work, only for RPC over http... but that's another thing.
also, is your firewall/router configured properly for owa to work?



0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 35740735
and what do you mean send email using the fqdn by the way?
if you are refering to the "response to helo" section in the connector, it doesn't really matter what you enter there...
0
 
LVL 4

Author Comment

by:Nathan Hawkins
ID: 35741970
I restarted the transport service and nothing has changed - e-mails are being sent out using the internal domain.local e-mail address.

Currently all users' default e-mail address is the internal one (domain.local). The FQDN e-mail address is listed but it is not default. So when I send an e-mail its using the internal e-mail address (domain.local) as the source address (so if you hit reply the address that auto fills is domain.local rather than the FQDN address). Messaging servers will check the reply-to address and if it doesnt resolve to an actual DNS name it bounces it back...so in essence my 2007 exchange server is sending out the e-mails and they are being routed correctly but the e-mails bounce back because they arent using valid reply-to addresses.

I understand OWA has nothing to do with the send connector...the send connector is related to my inability to send out e-mails (I can see how you might get confused with how I'm adding notes to this question). There's two separate issues all relating to my new installation of Exchange 2007. The first issue is that I cannot send e-mail the second issue is that I cannot connect to OWA using my FQDN.

EMC > Server Config > Client Access > OWA Properties > External URL: = "https://www.domain.com/owa"

The firewall is Checkpoint and yes its NATing HTTPS to the 2007 Exchange server correctly. Further if I use the actual external IP to get to OWA I not only can login but OWA works thru and thru meaning if I use https://<external IP>/owa everything works fine. If I use https://www.domain.com/owa I get the login screen but after I enter credentials I get HTTP 400 Bad Request. After doing some research everything points at the cert. Looking at the cert it's using the internal domian (domain.local) name with the servers actual windows host name. I'm fairly certain thats a certificate issue, but if you can help me make it work with what its got then I'm game to try.
0
 
LVL 4

Author Comment

by:Nathan Hawkins
ID: 35742192
So I figured out how to set the primary e-mail address to the FQDN address:

EMC > Recipient Configuration > Mailbox > User mailbox properties > E-Mail Addresses > Uncheck the box at the bottom labeled "Automatically update e-mail addresses based on e-mail address policy" > Click the e-mail address you want to "Set as Reply" > Click the "Set as Reply" button > Apply > OK

So now I'm able to send and receive e-mail - EXCELLENT!

Last issue is making OWA / Active Sync and HTTP over RPC work

So...I still think its a SSL cert issue...
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 35743975
i thought you knew how to set the reply address :) that's why i didn't mention it.

the owa , i doubt that it's the certificate... but anyway, try the following things:

A do you get 400 when accessing owa through mozilla firefox? or only using IE?

B

 1)  Fire up the "Exchange Management Console"; expand "Server configuration" and select "Client access".
2)  On the task panel on the right, you should have the option to "Disable Outlook Anywhere" - click on that.
3)  Once the task has completed, you should have the option to "Enable Outlook Anywhere" - click on that.
4)  You will be asked for the external URL - type in exactly the URL you wish your users to use (including any port number, if you're not running on the standard SSL port of 443).  E.g., "https://server.domain/" (you don't need the "/OWA" etc. on the end) or "https://server.domain:port/".
5)  Once that task has completed, retry your external access.
0
 
LVL 14

Accepted Solution

by:
setasoujiro earned 500 total points
ID: 35743996
BTW for activesync to work + OWA you do NOT need a certificate from a CA.
but for rpc to work you DO need a valid cert , and not a normal SSL but a UCC/SAN Certificate.
i recommend you get one at digicert, should you make a mistake during the certificate request, you can fix it free.
https://www.digicert.com/order/order-1.php

you need the following hostnames for rpc to work

"owaurl.domain.com"
"autodiscover.domain.com"

and you'll need internal and external DNS record for Autodiscover.yourdomain.com to your exchange server
0
 
LVL 4

Author Comment

by:Nathan Hawkins
ID: 35771903
- I do not get HTTP 400 Bad Request when using Mozilla/Firefox and HTTPS://www.domain.com/owa
-When entering the URL (after you disable/enable Outlook Anywhere) you cannot use "HTTPS://" you can only enter the domain name. So I entered www.domain.com and I'm still getting HTTP 400 Bad Request.

If we can get ActiveSync and OWA to work then I'll call this solved. I dont want to pay for a SAN SSL cert (at least not yet).
0
 
LVL 14

Assisted Solution

by:setasoujiro
setasoujiro earned 500 total points
ID: 35775208
you do not need to enter www.domainname.com
you must enter for example = mail.domain.com
and under the outlook anywhere external hostname you do NOT enter https, just your fqdn (mail.domain.com)
and please note there is a difference between outlook anywhere and OWA
owa is webmail, you need to set your webmail address under :
Server config-->Client access-->outlook web app.
here you can set both the internal and external url
these DO need to have the https:// prefix!!

Also try the following using intenet explorer : https://server.domain.com/exchange
and see if this does work?
0
 
LVL 4

Author Comment

by:Nathan Hawkins
ID: 35778048
I apologize for using Outlook Anywhere with OWA. Outlook Anywhere is HTTP over RPC if I recall and I dont want to pay for that SAN cert just yet.

-OWA is now responding to the external URL just fine.
-Active Sync (trying to update my Windows phone) - I get "There is a problem with the certificate for www.domain.com. Contact a support person...etc. Error code:80072F0D
0
 
LVL 14

Assisted Solution

by:setasoujiro
setasoujiro earned 500 total points
ID: 35778272
windows phones MUST have a valid cert to work.
the only thing you can do is to disable the thick that says "require ssl" on the acivesync virtual directorie in IIS
0
 
LVL 4

Author Comment

by:Nathan Hawkins
ID: 35804327
I unchecked the setting for "require ssl" and it still wouldnt sync. The error is error code is the same 80072F0D
0
 
LVL 4

Author Comment

by:Nathan Hawkins
ID: 35804342
So - I need at least an SSL cert to make active sync work. Can I get the basic cheap kind or do I need to get a SAN SSL cert to make active sync work?
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 35804367
btw did you uncheck require ssl on the phone?
or on the AS virtual directory?

because it needs to be done on both!
and also , you must NAT/portfwd port 80 to your exchange on your firewall/router
0
 
LVL 14

Assisted Solution

by:setasoujiro
setasoujiro earned 500 total points
ID: 35804388
and you don't need an SSL cert to use ActiveSync, only for windows mobile devices, they require it.
0
 
LVL 4

Author Closing Comment

by:Nathan Hawkins
ID: 36894339
The expert was very knowledgable but I did most of the research...so it wasn't a grade of an A, but still helpful
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to effectively resolve the number one email related issue received by helpdesks.
In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses
Course of the Month19 days, 2 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question