?
Solved

Exchange 2007 Mail Over HTTPS / Outlook Anywhere Not Working

Posted on 2011-10-05
30
Medium Priority
?
845 Views
Last Modified: 2012-07-18
I have a single Exchange 2007 Server Service Pack 2 running on Windows Server 2008 Service Pack 1.  I have installed a UCC certificate issued by Godaddy with all the relevant alternate names including autodiscover.  Port 443 is open and points to my mailserver.  everything seems to be in order but I cannot configure any clients on the WAN, I have not tried from the LAN.  Outlook finds the autodiscover information and starts to configure the server then I get a single logon box appearing which does not connect.

I have run https://www.testexchangeconnectivity.com with a test account and it fails at the following step:

Testing the Name Service Provider Interface (NSPI) on the Exchange Mailbox server.
  An error occurred while testing the NSPI RPC endpoint.
   Test Steps
   Attempting to ping RPC endpoint 6004 (NSPI Proxy Interface) on server MAIL-SERVER.MyDomain.office.
  The attempt to ping the endpoint failed.
   Tell me more about this issue and how to resolve it
   Additional Details
  The RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime process.
 
 test exchange failure
I have browsed to my external names using https and I get the expected IIS 7 screen with a valid certificate, so the certificate seems to be ok.

I beleive I have all the relevant entries in the registry shown below:

 Registry Key
I can telnet from the server on to itself on ports 6001, 6002 and 6004.

Any ideas what I can check now?

Thanks in advance,

Tony
0
Comment
Question by:tonyperth
  • 16
  • 6
  • 6
28 Comments
 
LVL 3

Expert Comment

by:ncollings
ID: 36916243
Hi,

Have you installed the RPC over HTTP proxy component and enabled Outlook Anywhere in the management console on your CAS server?
0
 
LVL 8

Author Comment

by:tonyperth
ID: 36916305
Hello ncollings, thanks for your reply.

Yes, I have installed the feature "RPC over HTTP Proxy" in server manager and enabled Outlook Anywhere in the Exchnage Managemnt Console.
0
 
LVL 3

Expert Comment

by:ncollings
ID: 36916344
Does OWA work from the WAN? Also can you re-run the test but use manual settings not autodiscover.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 8

Author Comment

by:tonyperth
ID: 36916353
Yes OWA works perfectly from the WAN.  Without autodiscover I get the same results.
0
 
LVL 3

Expert Comment

by:ncollings
ID: 36916426
Does the WAN interface have IPv6 enabled? If so would it be possible to disable this and re-run the test?
0
 
LVL 8

Author Comment

by:tonyperth
ID: 36916660
No IPv6 has been disabled.

 IPV6
0
 
LVL 3

Expert Comment

by:ncollings
ID: 36916800
can you browse to:

 https://<WAN ADDRESS>/rpc/rpcproxy.dll

You should get a blank page
0
 
LVL 8

Author Comment

by:tonyperth
ID: 36916821
It asks me for logon details?
0
 
LVL 8

Author Comment

by:tonyperth
ID: 36916993
The RPC site was not allowing Windows Authentication.  It is now and I can log on to see a blank page.  The problem is still the same though.
0
 
LVL 3

Expert Comment

by:ncollings
ID: 36917012
Please try the site with just basic authentication enabled and nothing else
0
 
LVL 8

Author Comment

by:tonyperth
ID: 36917058
Sorry I think I was getting the password wrong initially.

With only basic authentication enabled it asks me to logon, once it has credentials it is happy with I get the blank page.
0
 
LVL 8

Author Comment

by:tonyperth
ID: 36968206
any other thoughts ncolings?
0
 
LVL 3

Expert Comment

by:ncollings
ID: 36968620
Please confirm this test with the testexchangeconnectivity site:

Outlook Anywhere (RPC over HTTP)
Fill all the boxes and select "Manually specify server settings"
Use "DOMAIN\USER" not UPN
"RPC proxy server" should be the external url without https or path (mail.company.com)
"Exchange server" should be the internal netbios name of the server (EXCH-2K7)
"RPC proxy authentication method" must be "Basic"
0
 
LVL 8

Author Comment

by:tonyperth
ID: 36980015
Hello ncollings,

I have rerun the test and entered the info as you have instructed and got the exact same reults as before.  See my initial screen dump for details.

Where now? :)
0
 
LVL 26

Expert Comment

by:e_aravind
ID: 37153076
On the CAS server, ping localhost
what is the response you receive?

if you receive something like ::1

--> Open the host(s) file on the CAS server
(you may need to take owner-ship to edit the hosts file)
a) comment out the line "::1 xxxx" (note # is for commenting the line)
b) Enter the IP-v4 address against the FQDN or netbios name of the server


Then test the Outlook anywhere again?
0
 
LVL 8

Author Comment

by:tonyperth
ID: 37153125
Hello e aravind,

thank's for your help.  When I ping localhost I get the expected resopnse below:

Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

C:\Users\administrator.XXXXXXXX>ping localhost

Pinging MAIL-SERVER.XXXXXXXX.office [127.0.0.1] with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

Any other ideas?

Tony
0
 
LVL 26

Expert Comment

by:e_aravind
ID: 37153168
I can telnet from the server on to itself on ports 6001, 6002 and 6004

>> do you see the return banner from all of these ports?
Sometimes you wont see the banner response for the port #6004
0
 
LVL 8

Author Comment

by:tonyperth
ID: 37153283
Same response to all three, shown below:

ncacn_http/1.0

0
 
LVL 26

Expert Comment

by:e_aravind
ID: 37171501
so, in general\normal\working conditions you are receiving the responses as ncacn_http.

Can you test the same during the time of the issue?
Is this issue affecting all the mailbox at a point of time? or only for few mailboxes?
0
 
LVL 8

Author Comment

by:tonyperth
ID: 37171520
Hello e Aravind,

I am afraid there is no "time" of the issue.  At all times outlook anywhere is unavailable for all mailboxes.  I can't get it to work at all.

Tony
0
 
LVL 26

Expert Comment

by:e_aravind
ID: 37175434
On the Mailbox server:
Locate:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
Then, add or modify the following DWORD registry values:
Description: Maximum Work Items
Value Name: MaxWorkItems
Data Type: REG_DWORD
Value data: 0x2000 or 8192 (decimal)

Do an IISreset & also restart MS Exchange System Attendant service.

Related (some-what)
==============
http://support.microsoft.com/kb/317249
http://support.microsoft.com/kb/232476
0
 
LVL 8

Author Comment

by:tonyperth
ID: 37176332
Hello e aravind,

I added the key, reset IIS and restarted the MS Exchange System Attendant service.  I then re-ran the test  from testexchangeconnectivity.com and got exactly the same results as before.

Should I remove the registry entry?

Tony
0
 
LVL 26

Expert Comment

by:e_aravind
ID: 37177161
Can you test the Outlook-anywhere by launching the Outlook?
Try and check the Outlook from few client machines too
0
 
LVL 8

Author Comment

by:tonyperth
ID: 37177298
Using Outlook 2010 it searches for my email addresses server settings and a logon box pops up named "Connect to autodiscover.XXXX" and says "Welcome to the autodiscover.XXXX".  I entered my username and password and clicked OK.

I received an error stating

"The action cannot be completed.  The connection to microsoft exchange in unavailable.  Outlook must be online or connected to complete this action."

Once I click on OK I get the option to add the name of the mailserver and mailbox and check name.  If I put in the details I receive another error stating

"The name cannot be resolved.  The connection to microsoft exchange in unavailable.  Outlook must be online or connected to complete this action."

The autodiscover seems to be working ok as it puts all the correct names in etc, it just can't connect.  I also get the same results if I enter the info manually.

0
 
LVL 26

Expert Comment

by:e_aravind
ID: 37177410
Just in case, if you fire-open the Outlook...check the Outlook>connection-propeties from the system-tray....do we see any https connections? (atleast 1 or 2 successful connections?)
0
 
LVL 8

Author Comment

by:tonyperth
ID: 37200238
Sorry for the delay, I thought I had already responded.  I checked the connections on an internal and external, and with Outlook Anywhere configured there are no connections at all.  Checked using outlook /rpcdiag
0
 
LVL 8

Accepted Solution

by:
tonyperth earned 0 total points
ID: 38183562
no more help was offered, and never resolved the issue.
0
 
LVL 8

Author Closing Comment

by:tonyperth
ID: 38197850
never resolved
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
Exchange administrators are always vigilant about Exchange crashes and disasters that are possible any time. It is quite essential to identify the symptoms of a possible Exchange issue and be prepared with a proper recovery plan. There are multiple…
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Suggested Courses
Course of the Month16 days, 23 hours left to enroll

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question