Solved

getting Outlook Anywhere behind IPCop to work

Posted on 2013-11-13
20
925 Views
Last Modified: 2013-11-14
Hi,

I have enabled RPC / enabled Outlook Anywhere ticked NTLM authetication and made sure "Allow secure channel (SSL) offloading is NOT ticked.

The server is behind IPCop firewall and i cannot connect remotely through outlook.


1) If I set a firewall rule for 443 port, may that disrupt users browsing SSL sites ?
2) Do I need a real certified certificate or can I get away with using my own for now ?

Can someone guide me setting up the firewall IPCop to work with Outlook Anywhere.

0
Comment
Question by:ITBUFF
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 12
  • 8
20 Comments
 
LVL 22

Expert Comment

by:David Atkin
ID: 39644178
Hello,

Opening 443 will have no effect on the users brosing external sites as you are only opening the port for inbound connections.

The self signed certificate is usable but a trusted third party is prefered.  I would get it working on the self signed cert and then move over to a trusted certificate if needed.

Does OWA work internally?

Can you confirm the Server OS.
0
 

Author Comment

by:ITBUFF
ID: 39644209
yes OWA works both internal and external. I will try the port now.
0
 

Author Comment

by:ITBUFF
ID: 39644210
nothing
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 22

Expert Comment

by:David Atkin
ID: 39644213
Try Basic Authentication in the Outlook Anywhere settings
0
 

Author Comment

by:ITBUFF
ID: 39644218
Actually SSL 443 is already set on firewall. Trying basic authentication.
0
 

Author Comment

by:ITBUFF
ID: 39644223
OK, OWA works externally when I try with outlook i get this error:


The action cannot be completed. The connection to Microsoft
Exchange is unavailable. Outlook must be online or connected to
complete this action.
0
 

Author Comment

by:ITBUFF
ID: 39644226
I'm using Microsoft SBS 2008
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 39644229
Can you take a screen shot of your Outlook anywhere settings please and upload?  Do you have the certificate installed?
0
 

Author Comment

by:ITBUFF
ID: 39644297
I'll do a screenshot soon.

I did run outlook /rpcdiag on my workstations and got a more descriptive error:

There is a problem with the proxy servers security certificate.
The security certificate is not from a trusted certifying authority.

Outlook is unable to connect to the proxy server mydomain.com. (Error
Code 18).
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 39644304
Do you have a self signed certificate installed on your SBS?

If so, you need to manually download it and install it onto the client PC into the Trusted Root authority container.

The certificate can normally be found on your SBS:   \\SBSNAME\Public\downloads
0
 

Author Comment

by:ITBUFF
ID: 39644307
screen shot of OA settings
0
 

Author Comment

by:ITBUFF
ID: 39644332
Hey scopeo,

I did as you suggested copying the certificate to the remote computer and installing it.

now I get this error that is does not match.

There is a problem with the proxy servers security certificate.
The name on the security certificate is invalid or does not match the
name of the target site mydomain.com.

Outlook is unable to connect to the proxy server. (Error Code 10)
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 39644340
The settings in that screen shot looks correct.

To run further tests please have a look here:
https://testconnectivity.microsoft.com/

Run the Outlook Anywhere test it will give you further information on configuration issues.

I suggest you create a new username and password for the test and disable/delete it after you've finished.  Although it is a Microsoft site, you can never be too careful.

Does your server certificate name match the URL you are using to conncet to it?

I.e. both are remote.domain.com or mail.domain.com?
0
 

Author Comment

by:ITBUFF
ID: 39644367
the link above has an Server Error in '/' Application. Meanwhile testing the matching domains.
0
 

Author Comment

by:ITBUFF
ID: 39644404
should I try this since I have Exchange 2007 :?
http://support.microsoft.com/kb/940726
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 39644542
You shouldn't need to providing your ran through the Setup Internet Address Name when you originally set it up.

Can you copy the results from the connectivity test into here?
0
 

Author Comment

by:ITBUFF
ID: 39644878
here's the connectivity test attached. I saved it as a html file so you should read it easily.
RCATestResult.zip
0
 
LVL 22

Accepted Solution

by:
David Atkin earned 500 total points
ID: 39645016
Is your certificate name the same as the DNS name your are trying to connect to?
0
 

Author Comment

by:ITBUFF
ID: 39645215
No it wasn't after looking at this closely.

Thank you for your help I have solved the problem to which there were multiple reasons.

1 - Set it back to NTLM
2 - when configuring the mailbox in outlook make sure to enter the fully qualified domain of the local server.
      Server: =  FileServer.Mydomain.local
3 - enter the remote domain name in "Microsoft Exchange Proxy Settings"
    remote.Mydomain.com
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 39647374
Glad you got it resolved.  

Thanks
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question