Outlook clients not working with internal Exchange 2013 server

Kris Coady
Kris Coady used Ask the Experts™
Good morning experts,

We're having some trouble connecting Outlook clients to a new Exchange 2013 server. When setting-up Outlook for the first time the autodiscover works fine in detecting the server name (fs1.domain.local) and username. But after completing the configuration we get strange errors ranging from:
"Cannot open your default e-mail folder" to "The connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete".
This is the same when we ignore autodiscover and fill in all of the details by hand. We've tried setting up Outlook to connect to RPC via HTTP and tried all of the included verifications methods (NTLD, Basic, Negotiate) all without success

The Exchange WebApp works fine for all users in the domain. Also, when setting up the Exchange accounts in Apple Mail or the Mail App for iOS everything works fine.

Any help with this problem would be greatly appreciated
Thanks in advance,
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
What version of exchange did the mailboxes reside on before 2013?

Have you made sure that all communication between outlook and exchange is encrypted? (under security tab of more options) and have you tested with always prompt for credentials ticked?
Kris CoadyIT Specialist


None, this is a new domain and Exchange installation.
Have you checked the secure communication tick bot in outlook i mentioned above? If i remember its not automatically ticked in some versions of outlook (pre 2007 i think) but you didnt mention a version, but all exchange servers post 2007 need this by default.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Kris CoadyIT Specialist


I'm sorry, I forgot to mention the clients are all Outlook 2007 (latest service packs and updates). We've tried enabling and disabling security settings. All without any success.
do all clients have a default gateway on the same subnet as the exchange server?
Kris CoadyIT Specialist


Yes, all clients look to the Exchange Server as DNS and DHCP server and all have the router's IP-address as gateway.
Have you followed step 4 in this guide?


Exchange 2013 no longer uses RPC over TCP to connect clients, it uses HTTPS now so you need a trusted certificate to be able to set up outlook clients.
Kris CoadyIT Specialist


We had seen the certificate requirements and currently only have self-signed certificates installed. But I find it hard to believe that Outlook can not connect to an internal Exchange server without a trusted third party certificate.
Had anyone else had any experience with this?
it doenst have to be a 3rd party certificate, however as it is a self signed one you may need to manually add the certificate to the trusted list on your clients.

Open the Exchange Administration Center in your web browser and navigate to Servers -> Certificates. Can you post a screenshot of your certificates?
Kris CoadyIT Specialist


Here's the screenshot you asked for.
Exchange 2013 certificates
I've tried creating some self-signed certificates since the screenshot but can't seem to get it to work any better than beforehand.
and you have set up the Outlook anywhere URL's to match the addresses used in the SAN or Wildcard certificate?
Kris CoadyIT Specialist


external url: mail.domain.com
internal url: servername.domain.local

The Outlook clients are setup to use internal url: servername.domain.local (which is also what they receive from the autodiscover)
Just an idea, but I wonder if the problem is not exchange/outlook specific, but if there is a basic communication problem between the windows machines and the server. Can you ping the servers from the client and clients from the server (by IP address AND name) and receive the expected replies? Have you tried stopping the firewall service on the clients?
Kris CoadyIT Specialist


Thanks for the reply.
Communication seems to be fine between the machines. Tried leaving and rejoining the domain which all seems to work fine. Also pinging the server from the client returns the correct ipv4 address. This is the same pinging from the server to the clients.
Most Valuable Expert 2014

The self signed certificates generated by Exchange are not supported for use with Outlook Anywhere or ActiveSync. As Exchange 2013 ONLY uses Outlook Anywhere for connectivity then you are in an unsupported configuration. Outlook will fail to connect if there are issues with the SSL certificate.

Considering that Exchange 2013 is so heavily web based, spend the money and get the required SSL certificate. $60/year it will cost you.

Kris CoadyIT Specialist


Thanks for the tip. We're going to purchase a certificate for public access to the OWA and ECP soon.

In other news: We managed to fix the problems. The trick is NOT to create a self-signed certificate from within the ECP. These are the steps we took to get the whole thing to work:

- Log in to the ECP and navigate to Servers > Certificates
- Click on + and choose "Create a request for a certificate from a certification authority"
- Choose a friendly name for the certificate, I used "internal"
- Make sure the wildcard checkbox is enabled and fill in the root domain. I chose "servername.domain.local" (which is the same domain name as is specified in the Outlook Anywhere settings for internal use).
- Choose the server where you would like to store the certificate request
- Fill in all of the information required for the certificate
- Choose the location where you want to save the certificate
- The new certificate will now be visible in the ECP and should have the status "Pending"
- Open up the Certification Authority app
- Select the server and go to Actions > All tasks > Submit new request
- Navigate to and import the new .req file
- Click on 'Pending requests' in the menu on the left
- Select the pending certificate request and go to Actions > All tasks > Issue
- Go to 'Issued requests' and select the new certificate
- Click on Actions > All tasks > Export Binary Data
(here's the point when I started to wonder why all of these functions don't just have a few dedicated buttons)
- Choose "Binary Certificate" and select the option "save binary data to a file"
- Give the certificate a unique name and add the .cer extension
- Navigate back to the certificate section of the ECP
- Select the pending certificate request and click on "complete"
- Enter the location of the .cer file and click on complete
- Open the completed certificate and assign at least the following services: IIS, SMTP

After completing these steps all of the Outlook clients worked straight away.

Don't forget to make sure the Certificate Authority is a trusted CA within your domain by adding the root certificate to the default domain policy (or a policy of choice)
Glad to hear that you solved your problem. Thanks for letting us know how you did it!

I am having this same issue where outlook clients cannot access email from outside, but mac, IOS, and Android can.  I renewed my certificate recently and I wonder if this has something to do with it?  I am using Exchange 2010 SP1 and clients are Outlook 2007 and 2010.  My certificate seems valid.  How can I get to the "ECP" to check certificate settings there?

When I go to ECP, I don't see the server Heading.  I only get the following as seen in the snippet.

i do all that do Vergezogt_
not work yet :(

I am facing some issue outlook connect with exchange, from domain network no issue but form public network unable to connect with exchange,

Your cooperation highly appreciated
Kris CoadyIT Specialist


Have you setup your Outlook anywhere settings properly?
Is port 443 forwarded from the router to your Exchange server?
Yes ,
 we have some phone devices is working only MAC
Kris CoadyIT Specialist


I believe Mac and iOS use IMAP instead of MAPI to connect to Exchange. Is it possible to connect through IMAP by manually adding the connection in an Outlook client?
Try looking through the Exchange connectivity event logs in the Event Viewer to see for possible connection issues. Also, check the 'Application' event logs on the client computers to see if there's any connectivity issues being reported by Outlook.
To clarify please, are you saying that the MACs WILL connect to exchange within the domain, but will not connect when outside of the domain?

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial