• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1130
  • Last Modified:

Outlook 2010 exchange server must be online

Have issues with a SBS2011 server and Outlook 2010/2007. Unable to connect to exchange to complete Outlook setup on a new machine.  Existing machines and outlook profiles continue to work, but cannot create new outlook profile on any domain PC. All updates and service packs are current.  Webmail is good. Exchange connectivity test website passes everything except RPC/HTTP test.  Last step fails as follows.



Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server pins.
The endpoint was pinged successfully.
Additional Details
RPC Status Ok (0) returned in 641 ms.
Testing the Name Service Provider Interface (NSPI) on the Exchange Mailbox server.
An error occurred while testing the NSPI RPC endpoint.
Test Steps
Attempting to ping RPC endpoint 6004 (NSPI Proxy Interface) on server pins.
The endpoint was pinged successfully.
Additional Details
RPC Status Ok (0) returned in 205 ms.
Testing NSPI "Check Name" for user bherde@network.com against server pins.
An error occurred while attempting to resolve the name.
Additional Details
An RPC error was thrown by the RPC Runtime process. Error 1717 UnknownIf
 
Autodiscover test passes, but does throw following error.
Attempting to resolve the host name network.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: xxx.xxx.xxx.xxx
Testing TCP port 443 on host network.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server network.com on port 443.
ExRCA wasn't able to obtain the remote SSL certificate.
Additional Details
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation
 

- RequireSSL is off, but made no difference
- SSL cert has all the correct names and is valid till 2016.
- Authentication basic or NTLM makes no difference (set for NTLM)
- reset virtual directories for OWA


This was working a few months ago.  Do not know when it stopped, and only creation of a new outlook profile is affected.

Need some inspiration please.
0
billherde
Asked:
billherde
  • 8
  • 6
2 Solutions
 
dphantom9002Commented:
Couple links to look at.

http://forums.msexchange.org/m_1800552564/mpage_1/key_/tm.htm#1800552564

or maybe this

http://www.networksteve.com/exchange/topic.php?TopicId=27580

have you tried running the Get-ExchangeCertificate again on the CAS server? make sure this certificate with the CN names listed is enabled for IIS service
0
 
billherdeAuthor Commented:
Get-exchangecertificate returns the correct cert with IPWS enabled.DNS
Cert has following SAN names

Name=mail.???network.com
DNS Name=www.mail.???network.com
DNS Name=pins.pin.local
DNS Name=autodiscover.pin.local
DNS Name=autodiscover.???network.com
DNS Name=???network.com
DNS Name=pin.local

All above addresses resolve properly in DNS.

I can agree this sure looks like a cert problem, possible autodiscover.
I can connect to https://server/autodiscover/autodiscover.html and get the customary certificate warning follwed by error 404.

Cannot use Outlook Email Test Configuration, as I cannot launch Outlook without a working profile.

Keep ideas coming!
0
 
dphantom9002Commented:
What are your event logs showing?  error IDs?
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
billherdeAuthor Commented:
PS  Outlook will connect as expected via POP or IMAP.
0
 
billherdeAuthor Commented:
System and Application event logs show nothing related, but Exchange managment throws an event ID 6 Cmdlet failed. Cmdlet Get-User, parameters {Identity=NT AUTHORITY\SYSTEM}.
0
 
dphantom9002Commented:
0
 
dphantom9002Commented:
Is your SBS server still a Global Catalog?
0
 
billherdeAuthor Commented:
Saw that.  Did not figure it needed much more on that line as IMAP,POP and webmail work for same user.
0
 
billherdeAuthor Commented:
Yes, server is GC, and there is another working GC inthe domain.
0
 
dphantom9002Commented:
try recreating the auto discover virtual directory
0
 
dphantom9002Commented:
try recreating the autodiscover virtual directories.
0
 
billherdeAuthor Commented:
Used reset virtual directory in managment console followed by iisreset, no joy.
0
 
billherdeAuthor Commented:
Following the same line of remove and replace, I disabled OutlookAnywhere, then deleted the directories in IIS for owa, RPC, ECP and autodiscover.  iisreset. then enabled outlookanywhere. Once eventviewer indicated complete, it is finally working.

Thanks for the help.
0
 
billherdeAuthor Commented:
It became apparent that all the settings were correct, it was just another case of Microsoft off in the weeds with no apparent explanation.  Users were alerted to reporary outage, and the related services removed and reinstalled.

How did that joke about the car built by Microsoft go?  -- "You are driving down the freeway and you car suddenly stops.  You get out and replace the engine, then restart the car and continue on your way.  Curiously you accept this as normal."
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

  • 8
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now