Exchange 2007 - Outlook Anywhere problems


I have configured our Exchange 2007 SP3 server with Outlook Anywhere, so that staff working externally can connect to the Exchange server over port 443 using Outlook 2007. This was done so that staff didn't have to use Outlook Web Access and it allowed a simplified firewall configuration without the staff members having to VPN into the office network first (which was how we used to do it)

Mail flow seems to work fine - that is a *preconfigured* account can receive mail no problems. When I say *preconfigured* that is actually part of the problem

It is not possible for a clean install of Outlook externally to connect to the mail server to be configured. When it gets to the "Check Name" part of the process, it just times out and then gives an error about the name not being able to be resolved and that Outlook needs to be online to complete the process.

If I VPN into the office network first, then I can setup the account fine.

The mail server only has port 443 open on it, and I know that the Outlook Anywhere is configured correctly because we're using it for our internal mail as well (as it simplifies the firewall setup on the mail server). So, regardless of where Outlook is external or internal, it is speaking to the mail server on port 443 (the difference being with internal clients is they can access the domain controller, and external clients cannot)

I know that the external traffic is being correctly routed to the mail server, since OWA works fine.

It seems to me that there need to be additional ports open to allow external clients to authenticate themselves, but that goes against my belief that Outlook Anywhere was supposed to work completely over just port 443

Any advice would be greatly appreciated.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Are you putting in the FQDN for the server in the Exchange server box?

e.g. mailserver.domain.tld
try the test for Outlook Anywhere (RPC/HTTPS) at this site.

what is the result?
Do you have an A record for on the public DNS?
Are you using the self-signed SSL or a purchased commerical UCC/SAN SSL certificate?
If you have a self-signed SSL have you imported it into the machine outside the LAN already?  an easy way to check is to access OWA from outside and check if you get any SSL warnings (a warning should mean you have a self-signed SSL)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
irc-corpAuthor Commented:

Thanks for the replies.

@tobyweston - Yes, I am using the FQDN of the mail server
@chakko - yes, we have an autodiscover DNS record that resolves correctly to the mail server. We're using a properly issues SSL cert (although, the SSL is a wildcard one - * rather than explicitly for I have run the Exchange connector test from the link you gave me and all the tests passed (some of the SSL tests gave warnings), the one that failed though was this one (our actual domain name blanked out):

Testing HTTP Authentication Methods for URL https://mail.********.net/rpc/rpcproxy.dll.

The HTTP authentication test failed.
Additional Details
Exception details:
Message: The underlying connection was closed: The connection was closed unexpectedly.
Type: System.Net.WebException
Stack trace:
 at System.Net.HttpWebRequest.GetResponse()
 at Microsoft.Exchange.Tools.ExRca.Extensions.RcaHttpRequest.GetResponse()

I can browse to the rpcproxy.dll URL in a broswer and it displays a blank page - so I guess it can speak to it - as if it couldn't I'd expect a 404 error or something like that..?

Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

Can you try disabling anonymous authentication on the RPC virtual directory in IIS. Do a quick iisreset and try the test / connecting again.
irc-corpAuthor Commented:

Thanks for the replies.

I have now managed to get all the RCP/HTTP tests to pass from

I am still having issues setting up the account in the external client - it's still saying that Outlook is offline and cannot resolve the name.

I have doubled checked the values in the Outlook's "Exchange Proxy Settings", and have also looked at the values returned in the AutoDiscover.xml and these look correct as well

Any other advice would be greatly appreciated
irc-corpAuthor Commented:
The solution provided in itself didn't contain the neccesary steps to resolve, but, I'm accepting this as the solution, since it gave me the link to, which enabled me to work through the problems highlighted by the connectivity tests, and which allowed me to get the setup working.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.