Exchange 2007 - Outlook Anywhere problems

Posted on 2012-04-05
Last Modified: 2012-04-12

I have configured our Exchange 2007 SP3 server with Outlook Anywhere, so that staff working externally can connect to the Exchange server over port 443 using Outlook 2007. This was done so that staff didn't have to use Outlook Web Access and it allowed a simplified firewall configuration without the staff members having to VPN into the office network first (which was how we used to do it)

Mail flow seems to work fine - that is a *preconfigured* account can receive mail no problems. When I say *preconfigured* that is actually part of the problem

It is not possible for a clean install of Outlook externally to connect to the mail server to be configured. When it gets to the "Check Name" part of the process, it just times out and then gives an error about the name not being able to be resolved and that Outlook needs to be online to complete the process.

If I VPN into the office network first, then I can setup the account fine.

The mail server only has port 443 open on it, and I know that the Outlook Anywhere is configured correctly because we're using it for our internal mail as well (as it simplifies the firewall setup on the mail server). So, regardless of where Outlook is external or internal, it is speaking to the mail server on port 443 (the difference being with internal clients is they can access the domain controller, and external clients cannot)

I know that the external traffic is being correctly routed to the mail server, since OWA works fine.

It seems to me that there need to be additional ports open to allow external clients to authenticate themselves, but that goes against my belief that Outlook Anywhere was supposed to work completely over just port 443

Any advice would be greatly appreciated.
Question by:irc-corp
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2

Expert Comment

ID: 37814503
Are you putting in the FQDN for the server in the Exchange server box?

e.g. mailserver.domain.tld
LVL 22

Accepted Solution

chakko earned 500 total points
ID: 37814514
try the test for Outlook Anywhere (RPC/HTTPS) at this site.

what is the result?
Do you have an A record for on the public DNS?
Are you using the self-signed SSL or a purchased commerical UCC/SAN SSL certificate?
If you have a self-signed SSL have you imported it into the machine outside the LAN already?  an easy way to check is to access OWA from outside and check if you get any SSL warnings (a warning should mean you have a self-signed SSL)

Author Comment

ID: 37814545

Thanks for the replies.

@tobyweston - Yes, I am using the FQDN of the mail server
@chakko - yes, we have an autodiscover DNS record that resolves correctly to the mail server. We're using a properly issues SSL cert (although, the SSL is a wildcard one - * rather than explicitly for I have run the Exchange connector test from the link you gave me and all the tests passed (some of the SSL tests gave warnings), the one that failed though was this one (our actual domain name blanked out):

Testing HTTP Authentication Methods for URL https://mail.********.net/rpc/rpcproxy.dll.

The HTTP authentication test failed.
Additional Details
Exception details:
Message: The underlying connection was closed: The connection was closed unexpectedly.
Type: System.Net.WebException
Stack trace:
 at System.Net.HttpWebRequest.GetResponse()
 at Microsoft.Exchange.Tools.ExRca.Extensions.RcaHttpRequest.GetResponse()

I can browse to the rpcproxy.dll URL in a broswer and it displays a blank page - so I guess it can speak to it - as if it couldn't I'd expect a 404 error or something like that..?

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.


Expert Comment

ID: 37814574
Can you try disabling anonymous authentication on the RPC virtual directory in IIS. Do a quick iisreset and try the test / connecting again.

Author Comment

ID: 37834846

Thanks for the replies.

I have now managed to get all the RCP/HTTP tests to pass from

I am still having issues setting up the account in the external client - it's still saying that Outlook is offline and cannot resolve the name.

I have doubled checked the values in the Outlook's "Exchange Proxy Settings", and have also looked at the values returned in the AutoDiscover.xml and these look correct as well

Any other advice would be greatly appreciated

Author Closing Comment

ID: 37839222
The solution provided in itself didn't contain the neccesary steps to resolve, but, I'm accepting this as the solution, since it gave me the link to, which enabled me to work through the problems highlighted by the connectivity tests, and which allowed me to get the setup working.

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes how to import an Outlook PST file to Office 365 using a third party product to avoid Microsoft's Azure command line tool, saving you time.
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question