Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 421
  • Last Modified:

Exchange 2007 - Outlook Anywhere problems

Hi,

I have configured our Exchange 2007 SP3 server with Outlook Anywhere, so that staff working externally can connect to the Exchange server over port 443 using Outlook 2007. This was done so that staff didn't have to use Outlook Web Access and it allowed a simplified firewall configuration without the staff members having to VPN into the office network first (which was how we used to do it)

Mail flow seems to work fine - that is a *preconfigured* account can receive mail no problems. When I say *preconfigured* that is actually part of the problem

It is not possible for a clean install of Outlook externally to connect to the mail server to be configured. When it gets to the "Check Name" part of the process, it just times out and then gives an error about the name not being able to be resolved and that Outlook needs to be online to complete the process.

If I VPN into the office network first, then I can setup the account fine.

The mail server only has port 443 open on it, and I know that the Outlook Anywhere is configured correctly because we're using it for our internal mail as well (as it simplifies the firewall setup on the mail server). So, regardless of where Outlook is external or internal, it is speaking to the mail server on port 443 (the difference being with internal clients is they can access the domain controller, and external clients cannot)

I know that the external traffic is being correctly routed to the mail server, since OWA works fine.

It seems to me that there need to be additional ports open to allow external clients to authenticate themselves, but that goes against my belief that Outlook Anywhere was supposed to work completely over just port 443

Any advice would be greatly appreciated.
0
irc-corp
Asked:
irc-corp
  • 3
  • 2
1 Solution
 
tobywestonCommented:
Are you putting in the FQDN for the server in the Exchange server box?

e.g. mailserver.domain.tld
0
 
chakkoCommented:
try the test for Outlook Anywhere (RPC/HTTPS) at this site.  www.testexchangeconnectivity.com

what is the result?
Do you have an A record for autodiscover.yourname.com on the public DNS?
Are you using the self-signed SSL or a purchased commerical UCC/SAN SSL certificate?
If you have a self-signed SSL have you imported it into the machine outside the LAN already?  an easy way to check is to access OWA from outside and check if you get any SSL warnings (a warning should mean you have a self-signed SSL)
0
 
irc-corpAuthor Commented:
Hi,

Thanks for the replies.

@tobyweston - Yes, I am using the FQDN of the mail server
@chakko - yes, we have an autodiscover DNS record that resolves correctly to the mail server. We're using a properly issues SSL cert (although, the SSL is a wildcard one - *.domain.com rather than explicitly for mail.domain.com. I have run the Exchange connector test from the link you gave me and all the tests passed (some of the SSL tests gave warnings), the one that failed though was this one (our actual domain name blanked out):

Testing HTTP Authentication Methods for URL https://mail.********.net/rpc/rpcproxy.dll.

The HTTP authentication test failed.
Additional Details
Exception details:
Message: The underlying connection was closed: The connection was closed unexpectedly.
Type: System.Net.WebException
Stack trace:
 at System.Net.HttpWebRequest.GetResponse()
 at Microsoft.Exchange.Tools.ExRca.Extensions.RcaHttpRequest.GetResponse()

I can browse to the rpcproxy.dll URL in a broswer and it displays a blank page - so I guess it can speak to it - as if it couldn't I'd expect a 404 error or something like that..?

Cheers
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
tobywestonCommented:
Can you try disabling anonymous authentication on the RPC virtual directory in IIS. Do a quick iisreset and try the test / connecting again.
0
 
irc-corpAuthor Commented:
Hi,

Thanks for the replies.

I have now managed to get all the RCP/HTTP tests to pass from www.testexchangeconnectivity.com

I am still having issues setting up the account in the external client - it's still saying that Outlook is offline and cannot resolve the name.

I have doubled checked the values in the Outlook's "Exchange Proxy Settings", and have also looked at the values returned in the AutoDiscover.xml and these look correct as well

Any other advice would be greatly appreciated
0
 
irc-corpAuthor Commented:
The solution provided in itself didn't contain the neccesary steps to resolve, but, I'm accepting this as the solution, since it gave me the link to www.testexchangeconnectivity.com, which enabled me to work through the problems highlighted by the connectivity tests, and which allowed me to get the setup working.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now