Bill Herde
asked on
Outlook 2010 exchange server must be online
Have issues with a SBS2011 server and Outlook 2010/2007. Unable to connect to exchange to complete Outlook setup on a new machine. Existing machines and outlook profiles continue to work, but cannot create new outlook profile on any domain PC. All updates and service packs are current. Webmail is good. Exchange connectivity test website passes everything except RPC/HTTP test. Last step fails as follows.
Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server pins.
The endpoint was pinged successfully.
Additional Details
RPC Status Ok (0) returned in 641 ms.
Testing the Name Service Provider Interface (NSPI) on the Exchange Mailbox server.
An error occurred while testing the NSPI RPC endpoint.
Test Steps
Attempting to ping RPC endpoint 6004 (NSPI Proxy Interface) on server pins.
The endpoint was pinged successfully.
Additional Details
RPC Status Ok (0) returned in 205 ms.
Testing NSPI "Check Name" for user bherde@network.com against server pins.
An error occurred while attempting to resolve the name.
Additional Details
An RPC error was thrown by the RPC Runtime process. Error 1717 UnknownIf
Autodiscover test passes, but does throw following error.
Attempting to resolve the host name network.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: xxx.xxx.xxx.xxx
Testing TCP port 443 on host network.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server network.com on port 443.
ExRCA wasn't able to obtain the remote SSL certificate.
Additional Details
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation
- RequireSSL is off, but made no difference
- SSL cert has all the correct names and is valid till 2016.
- Authentication basic or NTLM makes no difference (set for NTLM)
- reset virtual directories for OWA
This was working a few months ago. Do not know when it stopped, and only creation of a new outlook profile is affected.
Need some inspiration please.
Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server pins.
The endpoint was pinged successfully.
Additional Details
RPC Status Ok (0) returned in 641 ms.
Testing the Name Service Provider Interface (NSPI) on the Exchange Mailbox server.
An error occurred while testing the NSPI RPC endpoint.
Test Steps
Attempting to ping RPC endpoint 6004 (NSPI Proxy Interface) on server pins.
The endpoint was pinged successfully.
Additional Details
RPC Status Ok (0) returned in 205 ms.
Testing NSPI "Check Name" for user bherde@network.com against server pins.
An error occurred while attempting to resolve the name.
Additional Details
An RPC error was thrown by the RPC Runtime process. Error 1717 UnknownIf
Autodiscover test passes, but does throw following error.
Attempting to resolve the host name network.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: xxx.xxx.xxx.xxx
Testing TCP port 443 on host network.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server network.com on port 443.
ExRCA wasn't able to obtain the remote SSL certificate.
Additional Details
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation
- RequireSSL is off, but made no difference
- SSL cert has all the correct names and is valid till 2016.
- Authentication basic or NTLM makes no difference (set for NTLM)
- reset virtual directories for OWA
This was working a few months ago. Do not know when it stopped, and only creation of a new outlook profile is affected.
Need some inspiration please.
ASKER
Get-exchangecertificate returns the correct cert with IPWS enabled.DNS
Cert has following SAN names
Name=mail.???network.com
DNS Name=www.mail.???network.com
DNS Name=pins.pin.local
DNS Name=autodiscover.pin.loca l
DNS Name=autodiscover.???netwo rk.com
DNS Name=???network.com
DNS Name=pin.local
All above addresses resolve properly in DNS.
I can agree this sure looks like a cert problem, possible autodiscover.
I can connect to https://server/autodiscover/autodiscover.html and get the customary certificate warning follwed by error 404.
Cannot use Outlook Email Test Configuration, as I cannot launch Outlook without a working profile.
Keep ideas coming!
Cert has following SAN names
Name=mail.???network.com
DNS Name=www.mail.???network.com
DNS Name=pins.pin.local
DNS Name=autodiscover.pin.loca
DNS Name=autodiscover.???netwo
DNS Name=???network.com
DNS Name=pin.local
All above addresses resolve properly in DNS.
I can agree this sure looks like a cert problem, possible autodiscover.
I can connect to https://server/autodiscover/autodiscover.html and get the customary certificate warning follwed by error 404.
Cannot use Outlook Email Test Configuration, as I cannot launch Outlook without a working profile.
Keep ideas coming!
What are your event logs showing? error IDs?
ASKER
PS Outlook will connect as expected via POP or IMAP.
ASKER
System and Application event logs show nothing related, but Exchange managment throws an event ID 6 Cmdlet failed. Cmdlet Get-User, parameters {Identity=NT AUTHORITY\SYSTEM}.
Is your SBS server still a Global Catalog?
ASKER
Saw that. Did not figure it needed much more on that line as IMAP,POP and webmail work for same user.
ASKER
Yes, server is GC, and there is another working GC inthe domain.
try recreating the auto discover virtual directory
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Used reset virtual directory in managment console followed by iisreset, no joy.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It became apparent that all the settings were correct, it was just another case of Microsoft off in the weeds with no apparent explanation. Users were alerted to reporary outage, and the related services removed and reinstalled.
How did that joke about the car built by Microsoft go? -- "You are driving down the freeway and you car suddenly stops. You get out and replace the engine, then restart the car and continue on your way. Curiously you accept this as normal."
How did that joke about the car built by Microsoft go? -- "You are driving down the freeway and you car suddenly stops. You get out and replace the engine, then restart the car and continue on your way. Curiously you accept this as normal."
http://forums.msexchange.org/m_1800552564/mpage_1/key_/tm.htm#1800552564
or maybe this
http://www.networksteve.com/exchange/topic.php?TopicId=27580
have you tried running the Get-ExchangeCertificate again on the CAS server? make sure this certificate with the CN names listed is enabled for IIS service