Solved

Outlook 2010 exchange server must be online

Posted on 2012-03-09
14
1,101 Views
Last Modified: 2012-03-14
Have issues with a SBS2011 server and Outlook 2010/2007. Unable to connect to exchange to complete Outlook setup on a new machine.  Existing machines and outlook profiles continue to work, but cannot create new outlook profile on any domain PC. All updates and service packs are current.  Webmail is good. Exchange connectivity test website passes everything except RPC/HTTP test.  Last step fails as follows.



Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server pins.
The endpoint was pinged successfully.
Additional Details
RPC Status Ok (0) returned in 641 ms.
Testing the Name Service Provider Interface (NSPI) on the Exchange Mailbox server.
An error occurred while testing the NSPI RPC endpoint.
Test Steps
Attempting to ping RPC endpoint 6004 (NSPI Proxy Interface) on server pins.
The endpoint was pinged successfully.
Additional Details
RPC Status Ok (0) returned in 205 ms.
Testing NSPI "Check Name" for user bherde@network.com against server pins.
An error occurred while attempting to resolve the name.
Additional Details
An RPC error was thrown by the RPC Runtime process. Error 1717 UnknownIf
 
Autodiscover test passes, but does throw following error.
Attempting to resolve the host name network.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: xxx.xxx.xxx.xxx
Testing TCP port 443 on host network.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server network.com on port 443.
ExRCA wasn't able to obtain the remote SSL certificate.
Additional Details
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation
 

- RequireSSL is off, but made no difference
- SSL cert has all the correct names and is valid till 2016.
- Authentication basic or NTLM makes no difference (set for NTLM)
- reset virtual directories for OWA


This was working a few months ago.  Do not know when it stopped, and only creation of a new outlook profile is affected.

Need some inspiration please.
0
Comment
Question by:billherde
  • 8
  • 6
14 Comments
 
LVL 2

Expert Comment

by:dphantom9002
Comment Utility
Couple links to look at.

http://forums.msexchange.org/m_1800552564/mpage_1/key_/tm.htm#1800552564

or maybe this

http://www.networksteve.com/exchange/topic.php?TopicId=27580

have you tried running the Get-ExchangeCertificate again on the CAS server? make sure this certificate with the CN names listed is enabled for IIS service
0
 
LVL 3

Author Comment

by:billherde
Comment Utility
Get-exchangecertificate returns the correct cert with IPWS enabled.DNS
Cert has following SAN names

Name=mail.???network.com
DNS Name=www.mail.???network.com
DNS Name=pins.pin.local
DNS Name=autodiscover.pin.local
DNS Name=autodiscover.???network.com
DNS Name=???network.com
DNS Name=pin.local

All above addresses resolve properly in DNS.

I can agree this sure looks like a cert problem, possible autodiscover.
I can connect to https://server/autodiscover/autodiscover.html and get the customary certificate warning follwed by error 404.

Cannot use Outlook Email Test Configuration, as I cannot launch Outlook without a working profile.

Keep ideas coming!
0
 
LVL 2

Expert Comment

by:dphantom9002
Comment Utility
What are your event logs showing?  error IDs?
0
 
LVL 3

Author Comment

by:billherde
Comment Utility
PS  Outlook will connect as expected via POP or IMAP.
0
 
LVL 3

Author Comment

by:billherde
Comment Utility
System and Application event logs show nothing related, but Exchange managment throws an event ID 6 Cmdlet failed. Cmdlet Get-User, parameters {Identity=NT AUTHORITY\SYSTEM}.
0
 
LVL 2

Expert Comment

by:dphantom9002
Comment Utility
0
 
LVL 2

Expert Comment

by:dphantom9002
Comment Utility
Is your SBS server still a Global Catalog?
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 3

Author Comment

by:billherde
Comment Utility
Saw that.  Did not figure it needed much more on that line as IMAP,POP and webmail work for same user.
0
 
LVL 3

Author Comment

by:billherde
Comment Utility
Yes, server is GC, and there is another working GC inthe domain.
0
 
LVL 2

Expert Comment

by:dphantom9002
Comment Utility
try recreating the auto discover virtual directory
0
 
LVL 2

Assisted Solution

by:dphantom9002
dphantom9002 earned 500 total points
Comment Utility
try recreating the autodiscover virtual directories.
0
 
LVL 3

Author Comment

by:billherde
Comment Utility
Used reset virtual directory in managment console followed by iisreset, no joy.
0
 
LVL 3

Accepted Solution

by:
billherde earned 0 total points
Comment Utility
Following the same line of remove and replace, I disabled OutlookAnywhere, then deleted the directories in IIS for owa, RPC, ECP and autodiscover.  iisreset. then enabled outlookanywhere. Once eventviewer indicated complete, it is finally working.

Thanks for the help.
0
 
LVL 3

Author Closing Comment

by:billherde
Comment Utility
It became apparent that all the settings were correct, it was just another case of Microsoft off in the weeds with no apparent explanation.  Users were alerted to reporary outage, and the related services removed and reinstalled.

How did that joke about the car built by Microsoft go?  -- "You are driving down the freeway and you car suddenly stops.  You get out and replace the engine, then restart the car and continue on your way.  Curiously you accept this as normal."
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Granting full access permission allows users to access mailboxes present in their database. By giving full access permission one can open and read the content of any mailbox but cannot send emails from that mailbox.
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now