Solved

getting Outlook Anywhere behind IPCop to work

Posted on 2013-11-13
20
911 Views
Last Modified: 2013-11-14
Hi,

I have enabled RPC / enabled Outlook Anywhere ticked NTLM authetication and made sure "Allow secure channel (SSL) offloading is NOT ticked.

The server is behind IPCop firewall and i cannot connect remotely through outlook.


1) If I set a firewall rule for 443 port, may that disrupt users browsing SSL sites ?
2) Do I need a real certified certificate or can I get away with using my own for now ?

Can someone guide me setting up the firewall IPCop to work with Outlook Anywhere.

0
Comment
Question by:ITBUFF
  • 12
  • 8
20 Comments
 
LVL 22

Expert Comment

by:David Atkin
ID: 39644178
Hello,

Opening 443 will have no effect on the users brosing external sites as you are only opening the port for inbound connections.

The self signed certificate is usable but a trusted third party is prefered.  I would get it working on the self signed cert and then move over to a trusted certificate if needed.

Does OWA work internally?

Can you confirm the Server OS.
0
 

Author Comment

by:ITBUFF
ID: 39644209
yes OWA works both internal and external. I will try the port now.
0
 

Author Comment

by:ITBUFF
ID: 39644210
nothing
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 39644213
Try Basic Authentication in the Outlook Anywhere settings
0
 

Author Comment

by:ITBUFF
ID: 39644218
Actually SSL 443 is already set on firewall. Trying basic authentication.
0
 

Author Comment

by:ITBUFF
ID: 39644223
OK, OWA works externally when I try with outlook i get this error:


The action cannot be completed. The connection to Microsoft
Exchange is unavailable. Outlook must be online or connected to
complete this action.
0
 

Author Comment

by:ITBUFF
ID: 39644226
I'm using Microsoft SBS 2008
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 39644229
Can you take a screen shot of your Outlook anywhere settings please and upload?  Do you have the certificate installed?
0
 

Author Comment

by:ITBUFF
ID: 39644297
I'll do a screenshot soon.

I did run outlook /rpcdiag on my workstations and got a more descriptive error:

There is a problem with the proxy servers security certificate.
The security certificate is not from a trusted certifying authority.

Outlook is unable to connect to the proxy server mydomain.com. (Error
Code 18).
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 39644304
Do you have a self signed certificate installed on your SBS?

If so, you need to manually download it and install it onto the client PC into the Trusted Root authority container.

The certificate can normally be found on your SBS:   \\SBSNAME\Public\downloads
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:ITBUFF
ID: 39644307
screen shot of OA settings
0
 

Author Comment

by:ITBUFF
ID: 39644332
Hey scopeo,

I did as you suggested copying the certificate to the remote computer and installing it.

now I get this error that is does not match.

There is a problem with the proxy servers security certificate.
The name on the security certificate is invalid or does not match the
name of the target site mydomain.com.

Outlook is unable to connect to the proxy server. (Error Code 10)
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 39644340
The settings in that screen shot looks correct.

To run further tests please have a look here:
https://testconnectivity.microsoft.com/

Run the Outlook Anywhere test it will give you further information on configuration issues.

I suggest you create a new username and password for the test and disable/delete it after you've finished.  Although it is a Microsoft site, you can never be too careful.

Does your server certificate name match the URL you are using to conncet to it?

I.e. both are remote.domain.com or mail.domain.com?
0
 

Author Comment

by:ITBUFF
ID: 39644367
the link above has an Server Error in '/' Application. Meanwhile testing the matching domains.
0
 

Author Comment

by:ITBUFF
ID: 39644404
should I try this since I have Exchange 2007 :?
http://support.microsoft.com/kb/940726
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 39644542
You shouldn't need to providing your ran through the Setup Internet Address Name when you originally set it up.

Can you copy the results from the connectivity test into here?
0
 

Author Comment

by:ITBUFF
ID: 39644878
here's the connectivity test attached. I saved it as a html file so you should read it easily.
RCATestResult.zip
0
 
LVL 22

Accepted Solution

by:
David Atkin earned 500 total points
ID: 39645016
Is your certificate name the same as the DNS name your are trying to connect to?
0
 

Author Comment

by:ITBUFF
ID: 39645215
No it wasn't after looking at this closely.

Thank you for your help I have solved the problem to which there were multiple reasons.

1 - Set it back to NTLM
2 - when configuring the mailbox in outlook make sure to enter the fully qualified domain of the local server.
      Server: =  FileServer.Mydomain.local
3 - enter the remote domain name in "Microsoft Exchange Proxy Settings"
    remote.Mydomain.com
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 39647374
Glad you got it resolved.  

Thanks
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now