Avatar of Avi Leibzon
Avi Leibzon
Flag for United States of America asked on

outlook anywhere exchange 2007

I simply can't get it to work.

I installe a third party certificate and owa and outlook onsite work great.
1. installed rpc over https
2. enabled outlook anywhere.

can't hit from the outside.

outlook says server can not connect.

don't know what do else. going to run syntax command and post in a moment
RoutersOutlookExchange

Avatar of undefined
Last Comment
Avi Leibzon

8/22/2022 - Mon
Kini pradeep

could you run a test for autodiscovery and Outlookanywhere
https://www.testexchangeconnectivity.com/
Avi Leibzon

ASKER
performing test
Avi Leibzon

ASKER
Testing RPC/HTTP connectivity.
       The RPC/HTTP test failed.
       
      Test Steps
       
      Attempting to resolve the host name https://mail.elisauto.com in DNS.
       The host name couldn't be resolved.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       Host https://mail.elisauto.com couldn't be resolved in DNS ErrorRetry


this is my first time setting up outlook anywhere and i have taken this exchange on from a former it staff.

thanks for your help

this means i have to add an A record to the hosting service correct?

I
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
Kini pradeep

That would be correct.
Kini pradeep

i see that the name is resolving to 108.83.33.65

if that is the public IP then the resolution is working fine. could you try running the test with only mail.elisauto.com . It is possible to publish owa, outlookanywhere and activesync on the same port.

The autodiscover.elisauto.com resolves to 216.21.239.197, is that IP also mapped to Exchange ?
Avi Leibzon

ASKER
is the (FQDN) my A record?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Avi Leibzon

ASKER
i found this article an created a new srv record on my domain controller. Is that correct?
Kini pradeep

When we use outlook anywhere the client will query the dns server configured in the network card properties. when over the internet, this is at the Public DNS. The client then connects to the public IP which in most cases in natted to the internal IP address of the client access server or CAS array in case of multiple client access servers deployed. also the certificate SAN should match the DNS server of the Mail URL.

I can see that the names are registered and the Port 443 not responding to the internet, could you try running the test again this time with the url as mail.elisauto.com only.
Avi Leibzon

ASKER
The autodiscover is the IP216.21.239.197 of the registrar. I have added an A record to point to the 108.83.33.65.
Your help has saved me hundreds of hours of internet surfing.
fblack61
Avi Leibzon

ASKER
test results
      Testing RPC/HTTP connectivity.
       The RPC/HTTP test failed.
       
      Test Steps
       
      Attempting to resolve the host name mail.elisauto.com in DNS.
       The host name resolved successfully.
       
      Additional Details
       IP addresses returned: 108.83.33.65
      Testing TCP port 443 on host mail.elisauto.com to ensure it's listening and open.
       The port was opened successfully.
      Testing the SSL certificate to make sure it's valid.
       The certificate passed all validation requirements.
       
      Test Steps
       
      ExRCA is attempting to obtain the SSL certificate from remote server mail.elisauto.com on port 443.
       ExRCA successfully obtained the remote SSL certificate.
       
      Additional Details
       Remote Certificate Subject: CN=mail.elisauto.com, OU=Domain Control Validated, O=mail.elisauto.com, Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.
      Validating the certificate name.
       The certificate name was validated successfully.
       
      Additional Details
       Host name mail.elisauto.com was found in the Certificate Subject Common name.
      Certificate trust is being validated.
       The certificate is trusted and all certificates are present in the chain.
       
      Test Steps
       
      ExRCA is attempting to build certificate chains for certificate CN=mail.elisauto.com, OU=Domain Control Validated, O=mail.elisauto.com.
       One or more certificate chains were constructed successfully.
       
      Additional Details
       A total of 2 chains were built. The highest quality chain ends in root certificate OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.
      Analyzing the certificate chains for compatibility problems with versions of Windows.
       No Windows compatibility problems were identified.
       
      Additional Details
       The certificate chain has been validated up to a trusted root. Root = E=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network.
      Testing the certificate date to confirm the certificate is valid.
       Date validation passed. The certificate hasn't expired.
       
      Additional Details
       The certificate is valid. NotBefore = 7/1/2012 5:16:18 PM, NotAfter = 7/1/2015 5:16:18 PM
      Checking the IIS configuration for client certificate authentication.
       Client certificate authentication was detected.
       
      Additional Details
       Accept/Require client certificates were found. Set the IIS configuration to Ignore Client Certificates if you aren't using this type of authentication:
Avi Leibzon

ASKER
i opened port 443 on the firewall. I added the srv record to the dns on the domain controller using the following parameters:
Service: _autodiscover
Protocol: _tcp
Port Number: 443
Host: mail.contoso.com and the above information came up. But it  still says it is failing.

the last part had a failure around it in the test
"Accept/Require client certificates were found. Set the IIS configuration to Ignore Client Certificates if you aren't using this type of authentication:"

what should i do with this?
Avi Leibzon

ASKER
I found  a Microsoft article about enable IIS CLient Certificate Mapping Authentication on IIS7. going to follow it and install the server role. Hopefully that takes care of this issue.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Avi Leibzon

ASKER
ok, got to the next error:
Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server mail.elisauto.com.
       The attempt to ping the endpoint failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       The RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime process.
Shreedhar Ette

- Does exchange is also a Domain Controller?
Kini pradeep

let me ask you this have you installed the Rpc proxy role on the server that have the client access server roles. If not you will have to install this, if windows 2008 / R2 server. in the server Manager features.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Avi Leibzon

ASKER
I have installed the rpc proxy role and the exchange is separate from the domain controller.
Kini pradeep

could you please enable logging on a client that tries to connect externally.

second option:
http://morgansimonsen.wordpress.com/2008/11/27/troubleshooting-outlook-anywhere-outlook-rpc-over-https/

also collect the log files and Post it. This might sound silly but do you use the same name for the mail server , both internally and externally? also what is the outlook anywhere url specified on the client access server? does it match the URL you are trying to connect to ?

also on the default web site on the exchange client access server do you see the Rpc / rpc with cert listed.
ASKER CERTIFIED SOLUTION
Shreedhar Ette

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Avi Leibzon

ASKER
thanks for the ideas will try them in a couple hours need to get some sleep been wokring for several hours. Be back in two hours.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Avi Leibzon

ASKER
Thanks,got it working partially, next step looks like i need a exchange 2007sp ru4 to fix an issue with 6004. need to install off hours so will login back in for the blog in the evening.
thanks
Avi Leibzon

ASKER
ok within the server structure i can telnet to all ports 6001,6002,6004

However formt eh outside i can only telnet to 6001

this has to be a firewall issue correct?
Avi Leibzon

ASKER
open ports and telnet works on three but still get error on test:
Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server mail.elisauto.com.
       The attempt to ping the endpoint failed.
        Tell me more about this issue and how to resolve it
      Additional Details
       The RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime process.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
Avi Leibzon

ASKER
Great help to a get through the system opening next ticket to customize