Link to home
Start Free TrialLog in
Avatar of Avi Leibzon
Avi LeibzonFlag for United States of America

asked on

outlook anywhere exchange 2007

I simply can't get it to work.

I installe a third party certificate and owa and outlook onsite work great.
1. installed rpc over https
2. enabled outlook anywhere.

can't hit from the outside.

outlook says server can not connect.

don't know what do else. going to run syntax command and post in a moment
Avatar of Pradeep Kini
Pradeep Kini
Flag of India image

could you run a test for autodiscovery and Outlookanywhere
https://www.testexchangeconnectivity.com/
Avatar of Avi Leibzon

ASKER

performing test
Testing RPC/HTTP connectivity.
       The RPC/HTTP test failed.
       
      Test Steps
       
      Attempting to resolve the host name https://mail.elisauto.com in DNS.
       The host name couldn't be resolved.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       Host https://mail.elisauto.com couldn't be resolved in DNS ErrorRetry


this is my first time setting up outlook anywhere and i have taken this exchange on from a former it staff.

thanks for your help

this means i have to add an A record to the hosting service correct?

I
That would be correct.
i see that the name is resolving to 108.83.33.65

if that is the public IP then the resolution is working fine. could you try running the test with only mail.elisauto.com . It is possible to publish owa, outlookanywhere and activesync on the same port.

The autodiscover.elisauto.com resolves to 216.21.239.197, is that IP also mapped to Exchange ?
is the (FQDN) my A record?
i found this article an created a new srv record on my domain controller. Is that correct?
When we use outlook anywhere the client will query the dns server configured in the network card properties. when over the internet, this is at the Public DNS. The client then connects to the public IP which in most cases in natted to the internal IP address of the client access server or CAS array in case of multiple client access servers deployed. also the certificate SAN should match the DNS server of the Mail URL.

I can see that the names are registered and the Port 443 not responding to the internet, could you try running the test again this time with the url as mail.elisauto.com only.
The autodiscover is the IP216.21.239.197 of the registrar. I have added an A record to point to the 108.83.33.65.
test results
      Testing RPC/HTTP connectivity.
       The RPC/HTTP test failed.
       
      Test Steps
       
      Attempting to resolve the host name mail.elisauto.com in DNS.
       The host name resolved successfully.
       
      Additional Details
       IP addresses returned: 108.83.33.65
      Testing TCP port 443 on host mail.elisauto.com to ensure it's listening and open.
       The port was opened successfully.
      Testing the SSL certificate to make sure it's valid.
       The certificate passed all validation requirements.
       
      Test Steps
       
      ExRCA is attempting to obtain the SSL certificate from remote server mail.elisauto.com on port 443.
       ExRCA successfully obtained the remote SSL certificate.
       
      Additional Details
       Remote Certificate Subject: CN=mail.elisauto.com, OU=Domain Control Validated, O=mail.elisauto.com, Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US.
      Validating the certificate name.
       The certificate name was validated successfully.
       
      Additional Details
       Host name mail.elisauto.com was found in the Certificate Subject Common name.
      Certificate trust is being validated.
       The certificate is trusted and all certificates are present in the chain.
       
      Test Steps
       
      ExRCA is attempting to build certificate chains for certificate CN=mail.elisauto.com, OU=Domain Control Validated, O=mail.elisauto.com.
       One or more certificate chains were constructed successfully.
       
      Additional Details
       A total of 2 chains were built. The highest quality chain ends in root certificate OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US.
      Analyzing the certificate chains for compatibility problems with versions of Windows.
       No Windows compatibility problems were identified.
       
      Additional Details
       The certificate chain has been validated up to a trusted root. Root = E=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network.
      Testing the certificate date to confirm the certificate is valid.
       Date validation passed. The certificate hasn't expired.
       
      Additional Details
       The certificate is valid. NotBefore = 7/1/2012 5:16:18 PM, NotAfter = 7/1/2015 5:16:18 PM
      Checking the IIS configuration for client certificate authentication.
       Client certificate authentication was detected.
       
      Additional Details
       Accept/Require client certificates were found. Set the IIS configuration to Ignore Client Certificates if you aren't using this type of authentication:
i opened port 443 on the firewall. I added the srv record to the dns on the domain controller using the following parameters:
Service: _autodiscover
Protocol: _tcp
Port Number: 443
Host: mail.contoso.com and the above information came up. But it  still says it is failing.

the last part had a failure around it in the test
"Accept/Require client certificates were found. Set the IIS configuration to Ignore Client Certificates if you aren't using this type of authentication:"

what should i do with this?
I found  a Microsoft article about enable IIS CLient Certificate Mapping Authentication on IIS7. going to follow it and install the server role. Hopefully that takes care of this issue.
ok, got to the next error:
Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server mail.elisauto.com.
       The attempt to ping the endpoint failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       The RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime process.
- Does exchange is also a Domain Controller?
let me ask you this have you installed the Rpc proxy role on the server that have the client access server roles. If not you will have to install this, if windows 2008 / R2 server. in the server Manager features.
I have installed the rpc proxy role and the exchange is separate from the domain controller.
could you please enable logging on a client that tries to connect externally.

second option:
http://morgansimonsen.wordpress.com/2008/11/27/troubleshooting-outlook-anywhere-outlook-rpc-over-https/

also collect the log files and Post it. This might sound silly but do you use the same name for the mail server , both internally and externally? also what is the outlook anywhere url specified on the client access server? does it match the URL you are trying to connect to ?

also on the default web site on the exchange client access server do you see the Rpc / rpc with cert listed.
ASKER CERTIFIED SOLUTION
Avatar of Shreedhar Ette
Shreedhar Ette
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
thanks for the ideas will try them in a couple hours need to get some sleep been wokring for several hours. Be back in two hours.
Thanks,got it working partially, next step looks like i need a exchange 2007sp ru4 to fix an issue with 6004. need to install off hours so will login back in for the blog in the evening.
thanks
ok within the server structure i can telnet to all ports 6001,6002,6004

However formt eh outside i can only telnet to 6001

this has to be a firewall issue correct?
open ports and telnet works on three but still get error on test:
Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server mail.elisauto.com.
       The attempt to ping the endpoint failed.
        Tell me more about this issue and how to resolve it
      Additional Details
       The RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime process.
Great help to a get through the system opening next ticket to customize