Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Outlook clients not working with internal Exchange 2013 server

Posted on 2013-01-15
25
Medium Priority
?
24,743 Views
1 Endorsement
Last Modified: 2016-09-21
Good morning experts,

We're having some trouble connecting Outlook clients to a new Exchange 2013 server. When setting-up Outlook for the first time the autodiscover works fine in detecting the server name (fs1.domain.local) and username. But after completing the configuration we get strange errors ranging from:
"Cannot open your default e-mail folder" to "The connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete".
This is the same when we ignore autodiscover and fill in all of the details by hand. We've tried setting up Outlook to connect to RPC via HTTP and tried all of the included verifications methods (NTLD, Basic, Negotiate) all without success

The Exchange WebApp works fine for all users in the domain. Also, when setting up the Exchange accounts in Apple Mail or the Mail App for iOS everything works fine.

Any help with this problem would be greatly appreciated
Thanks in advance,
Kris
1
Comment
Question by:Vergezogt_
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 6
  • 3
  • +4
25 Comments
 
LVL 6

Expert Comment

by:CaptainGiblets
ID: 38777705
What version of exchange did the mailboxes reside on before 2013?

Have you made sure that all communication between outlook and exchange is encrypted? (under security tab of more options) and have you tested with always prompt for credentials ticked?
0
 

Author Comment

by:Vergezogt_
ID: 38777708
None, this is a new domain and Exchange installation.
0
 
LVL 6

Expert Comment

by:CaptainGiblets
ID: 38777715
Have you checked the secure communication tick bot in outlook i mentioned above? If i remember its not automatically ticked in some versions of outlook (pre 2007 i think) but you didnt mention a version, but all exchange servers post 2007 need this by default.
0
Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

 

Author Comment

by:Vergezogt_
ID: 38777728
I'm sorry, I forgot to mention the clients are all Outlook 2007 (latest service packs and updates). We've tried enabling and disabling security settings. All without any success.
0
 
LVL 6

Expert Comment

by:CaptainGiblets
ID: 38777737
do all clients have a default gateway on the same subnet as the exchange server?
0
 

Author Comment

by:Vergezogt_
ID: 38777743
Yes, all clients look to the Exchange Server as DNS and DHCP server and all have the router's IP-address as gateway.
0
 
LVL 6

Accepted Solution

by:
CaptainGiblets earned 1500 total points
ID: 38777756
Have you followed step 4 in this guide?

http://technet.microsoft.com/library/jj218640(EXCHG.150)

Exchange 2013 no longer uses RPC over TCP to connect clients, it uses HTTPS now so you need a trusted certificate to be able to set up outlook clients.
0
 

Author Comment

by:Vergezogt_
ID: 38777774
We had seen the certificate requirements and currently only have self-signed certificates installed. But I find it hard to believe that Outlook can not connect to an internal Exchange server without a trusted third party certificate.
Had anyone else had any experience with this?
0
 
LVL 6

Assisted Solution

by:CaptainGiblets
CaptainGiblets earned 1500 total points
ID: 38777793
it doenst have to be a 3rd party certificate, however as it is a self signed one you may need to manually add the certificate to the trusted list on your clients.

Open the Exchange Administration Center in your web browser and navigate to Servers -> Certificates. Can you post a screenshot of your certificates?
0
 

Author Comment

by:Vergezogt_
ID: 38778113
Here's the screenshot you asked for.
Exchange 2013 certificates
I've tried creating some self-signed certificates since the screenshot but can't seem to get it to work any better than beforehand.
0
 
LVL 6

Expert Comment

by:CaptainGiblets
ID: 38778139
and you have set up the Outlook anywhere URL's to match the addresses used in the SAN or Wildcard certificate?
0
 

Author Comment

by:Vergezogt_
ID: 38778306
Yes,
external url: mail.domain.com
internal url: servername.domain.local

The Outlook clients are setup to use internal url: servername.domain.local (which is also what they receive from the autodiscover)
0
 
LVL 3

Expert Comment

by:YorkshireLeo
ID: 38778938
Just an idea, but I wonder if the problem is not exchange/outlook specific, but if there is a basic communication problem between the windows machines and the server. Can you ping the servers from the client and clients from the server (by IP address AND name) and receive the expected replies? Have you tried stopping the firewall service on the clients?
0
 

Author Comment

by:Vergezogt_
ID: 38781832
Thanks for the reply.
Communication seems to be fine between the machines. Tried leaving and rejoining the domain which all seems to work fine. Also pinging the server from the client returns the correct ipv4 address. This is the same pinging from the server to the clients.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38783074
The self signed certificates generated by Exchange are not supported for use with Outlook Anywhere or ActiveSync. As Exchange 2013 ONLY uses Outlook Anywhere for connectivity then you are in an unsupported configuration. Outlook will fail to connect if there are issues with the SSL certificate.

Considering that Exchange 2013 is so heavily web based, spend the money and get the required SSL certificate. $60/year it will cost you.

Simon.
0
 

Author Comment

by:Vergezogt_
ID: 38783217
Thanks for the tip. We're going to purchase a certificate for public access to the OWA and ECP soon.

In other news: We managed to fix the problems. The trick is NOT to create a self-signed certificate from within the ECP. These are the steps we took to get the whole thing to work:

- Log in to the ECP and navigate to Servers > Certificates
- Click on + and choose "Create a request for a certificate from a certification authority"
- Choose a friendly name for the certificate, I used "internal"
- Make sure the wildcard checkbox is enabled and fill in the root domain. I chose "servername.domain.local" (which is the same domain name as is specified in the Outlook Anywhere settings for internal use).
- Choose the server where you would like to store the certificate request
- Fill in all of the information required for the certificate
- Choose the location where you want to save the certificate
- The new certificate will now be visible in the ECP and should have the status "Pending"
- Open up the Certification Authority app
- Select the server and go to Actions > All tasks > Submit new request
- Navigate to and import the new .req file
- Click on 'Pending requests' in the menu on the left
- Select the pending certificate request and go to Actions > All tasks > Issue
- Go to 'Issued requests' and select the new certificate
- Click on Actions > All tasks > Export Binary Data
(here's the point when I started to wonder why all of these functions don't just have a few dedicated buttons)
- Choose "Binary Certificate" and select the option "save binary data to a file"
- Give the certificate a unique name and add the .cer extension
- Navigate back to the certificate section of the ECP
- Select the pending certificate request and click on "complete"
- Enter the location of the .cer file and click on complete
- Open the completed certificate and assign at least the following services: IIS, SMTP

After completing these steps all of the Outlook clients worked straight away.

Don't forget to make sure the Certificate Authority is a trusted CA within your domain by adding the root certificate to the default domain policy (or a policy of choice)
0
 
LVL 3

Expert Comment

by:YorkshireLeo
ID: 38783244
Glad to hear that you solved your problem. Thanks for letting us know how you did it!
0
 

Expert Comment

by:ADSBIT
ID: 39135683
I am having this same issue where outlook clients cannot access email from outside, but mac, IOS, and Android can.  I renewed my certificate recently and I wonder if this has something to do with it?  I am using Exchange 2010 SP1 and clients are Outlook 2007 and 2010.  My certificate seems valid.  How can I get to the "ECP" to check certificate settings there?
0
 

Expert Comment

by:ADSBIT
ID: 39135707
When I go to ECP, I don't see the server Heading.  I only get the following as seen in the snippet.
Exchange-ECP.JPG
0
 

Expert Comment

by:xleon77
ID: 41432616
i do all that do Vergezogt_
not work yet :(
0
 

Expert Comment

by:Anthony Raja
ID: 41808162
HI,

I am facing some issue outlook connect with exchange, from domain network no issue but form public network unable to connect with exchange,

Your cooperation highly appreciated
0
 

Author Comment

by:Vergezogt_
ID: 41808168
Have you setup your Outlook anywhere settings properly?
Is port 443 forwarded from the router to your Exchange server?
0
 

Expert Comment

by:Anthony Raja
ID: 41808176
Yes ,
 we have some phone devices is working only MAC
0
 

Author Comment

by:Vergezogt_
ID: 41808182
I believe Mac and iOS use IMAP instead of MAPI to connect to Exchange. Is it possible to connect through IMAP by manually adding the connection in an Outlook client?
Try looking through the Exchange connectivity event logs in the Event Viewer to see for possible connection issues. Also, check the 'Application' event logs on the client computers to see if there's any connectivity issues being reported by Outlook.
0
 
LVL 3

Expert Comment

by:YorkshireLeo
ID: 41808455
To clarify please, are you saying that the MACs WILL connect to exchange within the domain, but will not connect when outside of the domain?
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question