Solved

Setting up sbs 2011 exchange 2010 on  a laptop that's out of the office

Posted on 2013-06-23
30
536 Views
Last Modified: 2013-07-02
Sorry, I feel this is a really basic question but I am a newbie.

I'm used to setting up desktops on sbs 2011 for exchange with no problem - just enter the server name (sbs2011) in the exchange server name, then the user's username, click check name and done.

But someone has a laptop they will use 90% out of the office. I know port 443 is open. we can get to owa with https://sbs2011.domainname.com/owa.

But when I enter the fqdn in outlook 2013, it say it can't get to the server.  there is NOT a security certificate and we click continue at a box warning about the certificate.

Should I be setting this up as connecting to an exchange server or exchange active sync?
What should I be typing in the server name field?
what else should I be doing?  

thanks!
0
Comment
  • 12
  • 11
  • 3
  • +2
30 Comments
 

Author Comment

by:BeGentleWithMe-INeedHelp
Comment Utility
is the username just the login name or the email address?

I get 'the action cannot be completed. the connection to microsoft exchange is unavailabe. outlook muse be on line or connected to complete this action.
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
Comment Utility
Can you at least get to the outlook web access page via the browser?

You may want to check your dns settings at mxtoolbox.com and make sure that they are correct.
0
 
LVL 74

Accepted Solution

by:
Glen Knight earned 250 total points
Comment Utility
You need to setup Outlook to use the OWA URL as an Exchange proxy.

When you setup the account, enter the servername as normal and the user mailbox but don't click check name.  Click More Settings.  Under the connection tab click Exchange Proxy Settings.

In the top box enter the URL you would use for OWA.  The chances are the bottom box needs to be Basic Authentication.  Click OK until you return to the mailbox page and click Check Name.

If you are prompted for username/password this should be entered in the form of DOMAIN\Username and the regular network password.
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 125 total points
Comment Utility
You need an SSL certificate. You cannot really run SBS 2011 without one.
If you setup a UC certificate with the host names of remote.example.com and autodiscover.example.com, then configure those two host names in your public DNS to point to your external IP address then things will work correctly.

Your only other option is to use a VPN, but the end user will always have to connect via the VPN to get email. You cannot have full functionality of Outlook without SSL without a VPN.

Simon.
0
 
LVL 74

Assisted Solution

by:Glen Knight
Glen Knight earned 250 total points
Comment Utility
>>there is NOT a security certificate and we click continue at a box warning about the certificate.

There will be a certificate, SBS installs a self signed one by default.  The warning box will be because you don't trust the certificate.  You can get around this by installing it as a trusted certificate.  You can do this remotely by following my explanation here: http://demazter.wordpress.com/2011/11/15/installing-sbs-certificate-package-remotely/
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
Comment Utility
dem   - exchange proxy, etc... is that how 'everyone' at other companies using SBS / Exchange needs to set up outlook on a laptop when out of the office? seems more complicated than I expected?

Sem: you say 'cannot really run '.  it will or won't run? What will or won't happen without the cert?
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
Absolutely.  It cannot connect externally without these settings.

Your SBS2011 will have a self signed certificate in place.  It does this by default.  It's just a 3rd party one that will take away the "trust" issues.  Following the guide a linked to above will take these errors away.
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
Comment Utility
Dem: I follow the steps for exchange proxy (for a regular exchange server, not active synch, right?)

mail.domainname.com/owa

change to basic authentication and click ok. it immediately comes back with

the proxy server you have specified is invalid. correct it and try again.

If I cut and paste that mail.domainname.com/owa into IE, I get the OWA login screen (so it seems like the URL is valid)

On the laptop, I downloaded and ran the install certificate zip, copied the files to the desktop and ran it and get

the certificate is not installed
the certificate was not installed please try again
if you continue to receive and error, contact your network administrator

any advice?
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
you don't need to add the /owa on to the end of the URL, it should just be mail.domainname.com

What OS version are you running the certificate package on?  Did you try it a second time?
0
 
LVL 12

Assisted Solution

by:Gary Coltharp
Gary Coltharp earned 125 total points
Comment Utility
Are you configuring RPC over HTTP?

If so, the self signed certificate will work but it is a continual pain in the arse. If you install a 3rd party cert, smart phones and RPC over HTTP will work very well. That and no more nagging SSL warnings in browsers when users go to access OWA or Remote Web Workplace.  Inexpensive multi year certs (Positive SSL) available at namecheap.com and installation through the console is a breeze.
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
Comment Utility
am I configuring rpc over http?  how would I know : ) ?

certificates - I am looking at Network Solutions where the domain is being held - $50 / year for the xpress / domain validation level.  
a) is that cheap / expensive
b) is that all I need
c) do I have to deal with the registrar or can go elsewhere for the SSL (I know I can change registrars, but that takes time. I want to get things going sooner than later.  
d) And if I move the domain to a different registrar  (I like godaddy), does that end / cancel the cert from Network solutions?
0
 
LVL 74

Assisted Solution

by:Glen Knight
Glen Knight earned 250 total points
Comment Utility
If you are following the instructions above then yes, you are configuring RPC over HTTP(S) it's generally called Outlook Anywhere now though.

This does and will work with the self signed certificate you already have installed.
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
Comment Utility
I am trying to get an SSL from namecheap right now.  for $7, just get that out of the way / simplify things?
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
Never heard of them.  Chances are it won't be trusted by default either and you will have to install the root certificate.
0
How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 125 total points
Comment Utility
The cheapest certificates are only viable IF your external DNS provider supports SRV records.
If not then you need to use a UC, aka multiple name certificate. The cheapest source for that is a GoDaddy reseller at US$60/year.

If you can setup SRV records, then use this KB article to do so:
http://semb.ee/srv

That configures Autodiscover. With Autodiscover in place Outlook 2007 and higher will configure everything for you, which includes Outlook Anywhere (the new name for RPC over HTTPS) which allows remote access to email with Outlook to Exchange server.
The SSL certificate will also cover OWA and ActiveSync.

While you can use the self signed certificate that SBS generates, many people don't recommend them because it can be a headache to get to work correctly. I actually refuse to do anything with the self signed certificate, as it is cheaper on my hourly rate to purchase a certificate.

Simon.
0
 
LVL 12

Assisted Solution

by:Gary Coltharp
Gary Coltharp earned 125 total points
Comment Utility
Namecheap is a lot less. You don't have to get your cert from your registrar.

RPC over HTTP uses Microsoft Outlook on the laptop to connect directly to exchange over the internet using RPC proxy to tunnel it.

Once your SSL is imported in to SBS using the console and you can verify that it is installed, do the following on the laptop.

You create your outlook exchange connection as if it was in the office.... but before you hit check name, click on the More Settings button.

Click the Connection tab...
In the URL box, enter your remote web workplace address. ie: "remote.yourdomain.com"
Check all the boxes... and in the proxy server box, put your remote web workplace address with msstd: in front... so "msstd:remote.yourdomain.com" no slashes or other characters...just like that)

With no other configuration, set the security to Basic Authentication.

After OKing your way out of the More Settings dialogue, hit Check Name. You will be prompted for credentials.... enter DOMAIN\Username and the password and tick the box for save or remember password. The server's name and user should resolve. Okay out and you are done.
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
I guess it depends on your configuration.

In SBS the self signed certificate can be very easily added to staff machines following the process in my article.  It's actually very easy.

I've never had a problem with mobile devices attaching to an SBS server with a self signed certificate after the initial accept (assuming everything else is configured correctly).

gcoltharp > The second part of your comment is virtually word for word a copy for my first comment.  Please don't do this, it's completely unnecessary.
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
Comment Utility
OK, so Im' trying to install the self signed cert.  back to the error message:

the cert was not installed, please try again. if you continue to receive an error contact your network admin.

any advice how to get past that?
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
When you download the certificate package, right click on it and select Run as Administrator.

Does it install now?
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
Comment Utility
sorry no.  and your wordpress page talks about exchangecertificates.com.  should I get a cert there?
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
Comment Utility
there's an installcertificate.txt on the desktop (where I unzipped the installcertificate.zip exe and files.  it shows:

6/24/2013 10:13 AM
OS version is 6.
Initial the CDP dialogue.
PC Radio button is clicked.

6/24/2013 10:13 AM
OS version is 6.
Initial the CDP dialogue.
Install the cert on PC.
Opening cert store.
Failed to add cert to the store. Error Code: [-2147024891]
Initial the Finish dialogue.
0
 
LVL 74

Assisted Solution

by:Glen Knight
Glen Knight earned 250 total points
Comment Utility
You can if you wish, they are trusted by most vendors.

You can get this working without buying a certificate though.  Which desktop OS are you using on the machine you are trying to install the certificate with?
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
That's a permissions error.  Are you a local administrator on the machine?
0
 
LVL 12

Expert Comment

by:Gary Coltharp
Comment Utility
Not trying to cover you up, dmazter.... I skimmed the comments and saw no mention of the proxy setting for msstd and just gave my advice....  cheers and carry on.
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
Comment Utility
Dem: win 7, and yes, I'm a local admin
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
You are definitely extracting the zip file contents and running the extracted EXE file?
I've just downloaded the package from a customer server and was able to replicate the error trying to run the EXE file from within the ZIP file.  If I extracted the files and run the EXE it worked perfectly.

Alternatively, just install the certificate manually.
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
Comment Utility
dem: OK, I got a cert from namecheap and installed it.

now to setting up rpc over http

I follow your instructions above, click check name,

If you are prompted for username/password this should be entered in the form of DOMAIN\Username and the regular network password.

enter the domain\username and network password (which I double checked by using in OWA itself and got in OK

then I get

The action cannot be completed. the connection to Microsoft exchange is unavailable. outlook must be online or connected to complete this action.

any advice?
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
Is this before you finish the account setup?

When you go to OWA now do you no longer get a certificate error?
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
Comment Utility
oh, and now users in the office are saying they are getting a pop up about a cert error for remote.domainname.com (and it shows my cert for mail.domainname.com).  their exchange settings in outlook say mail.domainname.local.  Not sure where it's picking up remote.domainname.com
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
This video discusses moving either the default database or any database to a new volume.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now