• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 688
  • Last Modified:

Exchange 2007 - unable to send e-mail remotely - Login Issue

I have three almost identical SBS 2008 server setups and one of them isn't allowing me to send e-mail remotely from, say, an iPhone.

I can send e-mail on the network from Outlook via the Exchange Server both internally and externally.

Outside on the net I can send e-mails that will be received by users on this network, and they can reply.

Ports 25, 80 and 443 are open on the firewall and forewarded to the server.

The certs including autodiscover have been created and are in place on the server.

The Exchange Management settings appear to be identical to the working servers. Ditto services and firewall settings.

BUT if I try and set up an account on my iPhone it spends an age trying to verify the account. In short it doesn't seem to be allowing the remote login. I have even created accounts with ultra short names so make sure it's not a spelling mistake. Any ideas?

If I do a telnet 25 into the server when I do the MAIL FROM: command it works but when I do the RCPT TO: I get an 501 5.1.3 Invalid Address. In fact it's an e-mail address on that server so it must. Does that give any clues?


0
edhasted
Asked:
edhasted
  • 15
  • 6
  • 5
  • +3
1 Solution
 
theruckCommented:
you have wrong settings in the receive connectors in Server configuration\hub\transport
0
 
Glen KnightCommented:
This has nothing to do with the receive connectors.

Presumably on the iPhone you are setting up an Exchange account?

It sounds like some of the wizards may not have been completed in the SBS Console.
0
 
Madan SharmaConsultantCommented:
did you check if your active sync is working outside or not. Please test your server on https://testexchangeconnectivity.com and get back with us with detailed result .

it will be helpful for us to find out the exact issue.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
kkareemCommented:
what certificae are using either self signed or Public with active Sync or Autodiscovery ?if Self signe d so it will not work with ASync.


rgds
Kashif
0
 
edhastedAuthor Commented:
Go Daddy

and I have autodiscover set up as well.
0
 
edhastedAuthor Commented:
What a useful web-site, but I get:

ExRCA is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Test Steps
Attempting to resolve the host name remote.haste.com in DNS.
The host name resolved successfully.
Additional Details
Testing TCP port 443 on host remote.haste.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server remote.haste.com on port 443.
ExRCA wasn't able to obtain the remote SSL certificate.
Additional Details
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.


0
 
Glen KnightCommented:
That remote.domainn.com doesn't exist.
It resolves but there is no access to it on port 443.

From your server goto http://whatsmyip.org does it show the last 2 octets as being 229.146?

It looks as if there is one of 2 issues.
The A record for remote.domainname.com doesn't have the correct IP address, or you don't have port 443 forwarded on your router/firewall to the internal IP address of your Exchange Server.
0
 
Madan SharmaConsultantCommented:
ports are listing ok as the EXRCA showing (Testing TCP port 443 on host remote.haste.com to ensure it's listening and open)

I believe there is something missing in your certificate installation or may be with active sync virtual directory.

please also test your  outlook anywhere on the same website and if you get same error then you have to create all virtual directories for your exchange but if that test will success then you have to recreate only active sync virtual directory.

check this relative post :- http://social.technet.microsoft.com/Forums/da-DK/exchangesvrgeneral/thread/9e71618b-6486-46f5-b133-e3375fdc7c4e
0
 
Glen KnightCommented:
have you tried browsing to that URL? on HTTPS? It's not happening.

My guess is the router uses 443 for remote administration.
0
 
edhastedAuthor Commented:
Hi I'll take a look at this when I'm back on site in about 6 hours. Very many thanks for all your help.
0
 
Madan SharmaConsultantCommented:
I believe author didn't post his real domain name. the domain name is fake post in his comment. So I am just going with the result of EXRCA.
0
 
BrianRBCommented:
Dumb question, but in your certificate, do you have all mailbox servers in the name?  Is the autodiscover service running on all mailbox roles?  Turn on diag logging for Asynch, try to activate again, and let's see and post results.

If you connect to internal wireless and disable mobile network does it connect?  Can you take an Outlook client ouside of the network and autodiscover work?  
0
 
edhastedAuthor Commented:
I don't which appreciate the subtlelty of your question. I might need spoon feeding...

It's a Go Daddy cert that points to remote.XXXXXX.com. It is valid until 6/11/2012 and it says that "You have a private key that corresponds to this certificate."

0
 
edhastedAuthor Commented:
The problem is that the iPhone would appear to be having logging on issues.
Can I test this is isolation?
0
 
edhastedAuthor Commented:
Does this help? In order to see the mail system via OWA should I be typing in

remote.XXXXXX.com/owa?

If so I get a message saying "Problem loading page".

0
 
edhastedAuthor Commented:
I'm getting a little desperate - any ideas?

I have been comparing this site to it's peers all day and can see no substantive differences. Could it be an incomplete WIzard that one replier referred to earlier on? If so how do I test it?

0
 
Madan SharmaConsultantCommented:
did you test your server for outlook anywhere on https://testexchangeconnectivity.com if yes what is the result ? please share that with us.
0
 
edhastedAuthor Commented:
Is this what you want?

      Connectivity Test Failed
 
Test Details
      Attempting the Autodiscover and Exchange ActiveSync test (if requested).
       Testing of Autodiscover for Exchange ActiveSync failed.
       
      Test Steps
       
      Attempting each method of contacting the Autodiscover service.
       The Autodiscover service couldn't be contacted successfully by any method.
       
      Test Steps
       
      Attempting to test potential Autodiscover URL https://XXXXXX.com/AutoDiscover/AutoDiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Test Steps
       
      Attempting to resolve the host name XXXXXX.com in DNS.
       The host name resolved successfully.
       
      Additional Details
       IP addresses returned: 83.170.124.28
      Testing TCP port 443 on host XXXXXX.com to ensure it's listening and open.
       The port was opened successfully.
      Testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
       
      Test Steps
       
      ExRCA is attempting to obtain the SSL certificate from remote server XXXXXX.com on port 443.
       ExRCA successfully obtained the remote SSL certificate.
       
      Additional Details
       Remote Certificate Subject: CN=www2.securedweb.co.uk, OU=PositiveSSL, OU=Hosted by www.uk2.net, OU=Domain Control Validated, Issuer: CN=PositiveSSL CA, O=Comodo CA Limited, L=Salford, S=Greater Manchester, C=GB.
      Validating the certificate name.
       Certificate name validation failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       Host name XXXXXX.com doesn't match any name found on the server certificate CN=www2.securedweb.co.uk, OU=PositiveSSL, OU=Hosted by www.uk2.net, OU=Domain Control Validated.
      Attempting to test potential Autodiscover URL https://autodiscover.XXXXXX.com/AutoDiscover/AutoDiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.XXXXXX.com in DNS.
       The host name resolved successfully.
       
      Additional Details
       IP addresses returned: 81.187.229.146
      Testing TCP port 443 on host autodiscover.XXXXXX.com to ensure it's listening and open.
       The port was opened successfully.
      Testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
       
      Test Steps
       
      ExRCA is attempting to obtain the SSL certificate from remote server autodiscover.XXXXXX.com on port 443.
       ExRCA wasn't able to obtain the remote SSL certificate.
       
      Additional Details
       The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
      Attempting to contact the Autodiscover service using the HTTP redirect method.
       The attempt to contact Autodiscover using the HTTP Redirect method failed.
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.XXXXXX.com in DNS.
       The host name resolved successfully.
       
      Additional Details
       IP addresses returned: 81.187.229.146
      Testing TCP port 80 on host autodiscover.XXXXXX.com to ensure it's listening and open.
       The port was opened successfully.
      ExRCA is checking the host autodiscover.XXXXXX.com for an HTTP redirect to the Autodiscover service.
       ExRCA failed to get an HTTP redirect response for Autodiscover.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       A network error occurred while communicating with the remote host.
Exception details:
Message: No connection could be made because the target machine actively refused it 81.187.229.146:80
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)
      Attempting to contact the Autodiscover service using the DNS SRV redirect method.
       ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.
       
      Test Steps
       
      Attempting to locate SRV record _autodiscover._tcp.XXXXXX.com in DNS.
       The Autodiscover SRV record wasn't found in DNS.
        Tell me more about this issue and how to resolve it

0
 
Madan SharmaConsultantCommented:
this is an auto discover test. please do a manually test of

Exchange ActiveSync
Outlook Anywhere (RPC over HTTP)

and post the results here..
0
 
edhastedAuthor Commented:
This is the Exchnage ActiveSync log. I don't understand the Outlook Anywhere instruction, can you spell it out.

Many thanks,

ExRCA is testing Exchange ActiveSync.
       The Exchange ActiveSync test failed.
       
      Test Steps
       
      Attempting the Autodiscover and Exchange ActiveSync test (if requested).
       Testing of Autodiscover for Exchange ActiveSync failed.
       
      Test Steps
       
      Attempting each method of contacting the Autodiscover service.
       The Autodiscover service couldn't be contacted successfully by any method.
       
      Test Steps
       
      Attempting to test potential Autodiscover URL https://XXXXXX.com/AutoDiscover/AutoDiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Test Steps
       
      Attempting to resolve the host name XXXXXX.com in DNS.
       The host name resolved successfully.
       
      Additional Details
       IP addresses returned: 83.170.124.28
      Testing TCP port 443 on host XXXXXX.com to ensure it's listening and open.
       The port was opened successfully.
      Testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
       
      Test Steps
       
      ExRCA is attempting to obtain the SSL certificate from remote server XXXXXX.com on port 443.
       ExRCA successfully obtained the remote SSL certificate.
       
      Additional Details
       Remote Certificate Subject: CN=www2.securedweb.co.uk, OU=PositiveSSL, OU=Hosted by www.uk2.net, OU=Domain Control Validated, Issuer: CN=PositiveSSL CA, O=Comodo CA Limited, L=Salford, S=Greater Manchester, C=GB.
      Validating the certificate name.
       Certificate name validation failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       Host name XXXXXX.com doesn't match any name found on the server certificate CN=www2.securedweb.co.uk, OU=PositiveSSL, OU=Hosted by www.uk2.net, OU=Domain Control Validated.
      Attempting to test potential Autodiscover URL https://autodiscover.XXXXXX.com/AutoDiscover/AutoDiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.XXXXXX.com in DNS.
       The host name resolved successfully.
       
      Additional Details
       IP addresses returned: 81.187.229.146
      Testing TCP port 443 on host autodiscover.XXXXXX.com to ensure it's listening and open.
       The port was opened successfully.
      Testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
       
      Test Steps
       
      ExRCA is attempting to obtain the SSL certificate from remote server autodiscover.XXXXXX.com on port 443.
       ExRCA wasn't able to obtain the remote SSL certificate.
       
      Additional Details
       The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
      Attempting to contact the Autodiscover service using the HTTP redirect method.
       The attempt to contact Autodiscover using the HTTP Redirect method failed.
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.XXXXXX.com in DNS.
       The host name resolved successfully.
       
      Additional Details
       IP addresses returned: 81.187.229.146
      Testing TCP port 80 on host autodiscover.XXXXXX.com to ensure it's listening and open.
       The port was opened successfully.
      ExRCA is checking the host autodiscover.XXXXXX.com for an HTTP redirect to the Autodiscover service.
       ExRCA failed to get an HTTP redirect response for Autodiscover.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       A network error occurred while communicating with the remote host.
Exception details:
Message: No connection could be made because the target machine actively refused it 81.187.229.146:80
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)
      Attempting to contact the Autodiscover service using the DNS SRV redirect method.
       ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.
       
      Test Steps
       
      Attempting to locate SRV record _autodiscover._tcp.XXXXXX.com in DNS.
       The Autodiscover SRV record wasn't found in DNS.
        Tell me more about this issue and how to resolve it




0
 
Madan SharmaConsultantCommented:
this result of active sync is also auto discover while I am asking for manual diagnostics for active sync as well as outlook anywhere if you are not able to provide the same. I'll advise you please hire a professional for you issue so that he/she can diagnostic the server and point the exact issue and resolve it.
good luck...
0
 
kkareemCommented:
please check weather iphone supports the public certificate logon ?? go daddy etc ....
i tghink some smart phone not supports the ssl certifiacte to login ..
0
 
edhastedAuthor Commented:
I have a GO Daddy cert on one of the other Exchange servers that my iPhone connects to and that works. Your help in this thorny issue is appreciated. Ed
0
 
kkareemCommented:
Ok!

now you have to check your replication  weather is working right mannaer or not ,and also check the beow link
http://msexchangetips.blogspot.com/2010/10/exchange-2007-501-513-invalid-address.html
0
 
edhastedAuthor Commented:
I seem to have a very obscure setup issue with my ISP and will report back on when we have founded out the specific cause.
0
 
edhastedAuthor Commented:
SORTED!

What happens is that when you apply Exchange Service Packs, the latest is SP3 and a paltry 1TB in size, it stuff certain settings. And depending on the size and number of your mailboxes this can take hours... It doesn't always put ther web site bindings back the way they should be.

The following KB on Exchange SP2 gives the game away.
http://support.microsoft.com/kb/973862

Once I followed that everything worked.

Now am I allowed to award myslef some points.......
0
 
edhastedAuthor Commented:
Many thanks for everyone who helped out.
0
 
theruckCommented:
well done!
0
 
edhastedAuthor Commented:
Sorry, that should have been 1GB, still the largest SP I've ever applied.
0
 
Glen KnightCommented:
Actually, all Exchange 2007 and 2010 service packs are complete installations which is why they are so big.

And it's pretty standard for the services to be stopped and the bindings to be set to what they should be as default.

The only reason you would be using bindings is if you were setup with Dual NIC's which is a non standard, unsupported configuration.
0
 
edhastedAuthor Commented:
I appreciate that ;-). It's the SSL bindings, not the NICs. Here's the part of the KB that resolved it:

The default Web site or the Small Business Server Web Applications site is stopped and cannot be restarted
 To resolve this issue, remove the Secure Sockets Layer (SSL) settings from the default Web site. To do this, follow these steps:1. Open Internet Information Services (IIS) Manager.
2. Expand the server.
3. Expand Sites.
4. Click Default Web Site, and then click SSL settings.
5.Click to clear the Require SSL check box, and then click Apply.
6. Right-click Default Web Site, and then click Edit Bindings.
7. Select HTTPs port 443, and then click Remove.
8. Right-click SBS Web Applications, click Manage Web Site, and then click Start.

Back to the top

You may be unable to browse https://sites/owa or https://sites/remote
 To resolve this issue, edit the bindings for the SBS Web Applications site to select the correct certificate. This issue will occur only if the Internet Address Management Wizard has not been run. To do this, follow these steps: 1. Open Internet Information Services (IIS) Manager.
2. Expand the server.
3. Expand Sites.
4. Right-click the SBS Web Applications Web site, and then click Edit Bindings.
5. Select HTTPs port 443, and then click Edit.
6.Under SSL certificate, select the certificate that is named "Sites."

And very many thanks to everyone for their patience and help.
0
 
Glen KnightCommented:
Interesting, the bindings in SBS are controlled using the certificate wizards in the SBS console, which again, points to a non-standard configuration ;)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

  • 15
  • 6
  • 5
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now