Solved

Exchange 2007 - Outlook Anywhere problems

Posted on 2012-04-05
6
417 Views
Last Modified: 2012-04-12
Hi,

I have configured our Exchange 2007 SP3 server with Outlook Anywhere, so that staff working externally can connect to the Exchange server over port 443 using Outlook 2007. This was done so that staff didn't have to use Outlook Web Access and it allowed a simplified firewall configuration without the staff members having to VPN into the office network first (which was how we used to do it)

Mail flow seems to work fine - that is a *preconfigured* account can receive mail no problems. When I say *preconfigured* that is actually part of the problem

It is not possible for a clean install of Outlook externally to connect to the mail server to be configured. When it gets to the "Check Name" part of the process, it just times out and then gives an error about the name not being able to be resolved and that Outlook needs to be online to complete the process.

If I VPN into the office network first, then I can setup the account fine.

The mail server only has port 443 open on it, and I know that the Outlook Anywhere is configured correctly because we're using it for our internal mail as well (as it simplifies the firewall setup on the mail server). So, regardless of where Outlook is external or internal, it is speaking to the mail server on port 443 (the difference being with internal clients is they can access the domain controller, and external clients cannot)

I know that the external traffic is being correctly routed to the mail server, since OWA works fine.

It seems to me that there need to be additional ports open to allow external clients to authenticate themselves, but that goes against my belief that Outlook Anywhere was supposed to work completely over just port 443

Any advice would be greatly appreciated.
0
Comment
Question by:irc-corp
  • 3
  • 2
6 Comments
 
LVL 3

Expert Comment

by:tobyweston
ID: 37814503
Are you putting in the FQDN for the server in the Exchange server box?

e.g. mailserver.domain.tld
0
 
LVL 22

Accepted Solution

by:
chakko earned 500 total points
ID: 37814514
try the test for Outlook Anywhere (RPC/HTTPS) at this site.  www.testexchangeconnectivity.com

what is the result?
Do you have an A record for autodiscover.yourname.com on the public DNS?
Are you using the self-signed SSL or a purchased commerical UCC/SAN SSL certificate?
If you have a self-signed SSL have you imported it into the machine outside the LAN already?  an easy way to check is to access OWA from outside and check if you get any SSL warnings (a warning should mean you have a self-signed SSL)
0
 

Author Comment

by:irc-corp
ID: 37814545
Hi,

Thanks for the replies.

@tobyweston - Yes, I am using the FQDN of the mail server
@chakko - yes, we have an autodiscover DNS record that resolves correctly to the mail server. We're using a properly issues SSL cert (although, the SSL is a wildcard one - *.domain.com rather than explicitly for mail.domain.com. I have run the Exchange connector test from the link you gave me and all the tests passed (some of the SSL tests gave warnings), the one that failed though was this one (our actual domain name blanked out):

Testing HTTP Authentication Methods for URL https://mail.********.net/rpc/rpcproxy.dll.

The HTTP authentication test failed.
Additional Details
Exception details:
Message: The underlying connection was closed: The connection was closed unexpectedly.
Type: System.Net.WebException
Stack trace:
 at System.Net.HttpWebRequest.GetResponse()
 at Microsoft.Exchange.Tools.ExRca.Extensions.RcaHttpRequest.GetResponse()

I can browse to the rpcproxy.dll URL in a broswer and it displays a blank page - so I guess it can speak to it - as if it couldn't I'd expect a 404 error or something like that..?

Cheers
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 3

Expert Comment

by:tobyweston
ID: 37814574
Can you try disabling anonymous authentication on the RPC virtual directory in IIS. Do a quick iisreset and try the test / connecting again.
0
 

Author Comment

by:irc-corp
ID: 37834846
Hi,

Thanks for the replies.

I have now managed to get all the RCP/HTTP tests to pass from www.testexchangeconnectivity.com

I am still having issues setting up the account in the external client - it's still saying that Outlook is offline and cannot resolve the name.

I have doubled checked the values in the Outlook's "Exchange Proxy Settings", and have also looked at the values returned in the AutoDiscover.xml and these look correct as well

Any other advice would be greatly appreciated
0
 

Author Closing Comment

by:irc-corp
ID: 37839222
The solution provided in itself didn't contain the neccesary steps to resolve, but, I'm accepting this as the solution, since it gave me the link to www.testexchangeconnectivity.com, which enabled me to work through the problems highlighted by the connectivity tests, and which allowed me to get the setup working.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question