Solved

getting Outlook Anywhere behind IPCop to work

Posted on 2013-11-13
20
914 Views
Last Modified: 2013-11-14
Hi,

I have enabled RPC / enabled Outlook Anywhere ticked NTLM authetication and made sure "Allow secure channel (SSL) offloading is NOT ticked.

The server is behind IPCop firewall and i cannot connect remotely through outlook.


1) If I set a firewall rule for 443 port, may that disrupt users browsing SSL sites ?
2) Do I need a real certified certificate or can I get away with using my own for now ?

Can someone guide me setting up the firewall IPCop to work with Outlook Anywhere.

0
Comment
Question by:ITBUFF
  • 12
  • 8
20 Comments
 
LVL 22

Expert Comment

by:David Atkin
ID: 39644178
Hello,

Opening 443 will have no effect on the users brosing external sites as you are only opening the port for inbound connections.

The self signed certificate is usable but a trusted third party is prefered.  I would get it working on the self signed cert and then move over to a trusted certificate if needed.

Does OWA work internally?

Can you confirm the Server OS.
0
 

Author Comment

by:ITBUFF
ID: 39644209
yes OWA works both internal and external. I will try the port now.
0
 

Author Comment

by:ITBUFF
ID: 39644210
nothing
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 39644213
Try Basic Authentication in the Outlook Anywhere settings
0
 

Author Comment

by:ITBUFF
ID: 39644218
Actually SSL 443 is already set on firewall. Trying basic authentication.
0
 

Author Comment

by:ITBUFF
ID: 39644223
OK, OWA works externally when I try with outlook i get this error:


The action cannot be completed. The connection to Microsoft
Exchange is unavailable. Outlook must be online or connected to
complete this action.
0
 

Author Comment

by:ITBUFF
ID: 39644226
I'm using Microsoft SBS 2008
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 39644229
Can you take a screen shot of your Outlook anywhere settings please and upload?  Do you have the certificate installed?
0
 

Author Comment

by:ITBUFF
ID: 39644297
I'll do a screenshot soon.

I did run outlook /rpcdiag on my workstations and got a more descriptive error:

There is a problem with the proxy servers security certificate.
The security certificate is not from a trusted certifying authority.

Outlook is unable to connect to the proxy server mydomain.com. (Error
Code 18).
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 39644304
Do you have a self signed certificate installed on your SBS?

If so, you need to manually download it and install it onto the client PC into the Trusted Root authority container.

The certificate can normally be found on your SBS:   \\SBSNAME\Public\downloads
0
Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

 

Author Comment

by:ITBUFF
ID: 39644307
screen shot of OA settings
0
 

Author Comment

by:ITBUFF
ID: 39644332
Hey scopeo,

I did as you suggested copying the certificate to the remote computer and installing it.

now I get this error that is does not match.

There is a problem with the proxy servers security certificate.
The name on the security certificate is invalid or does not match the
name of the target site mydomain.com.

Outlook is unable to connect to the proxy server. (Error Code 10)
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 39644340
The settings in that screen shot looks correct.

To run further tests please have a look here:
https://testconnectivity.microsoft.com/

Run the Outlook Anywhere test it will give you further information on configuration issues.

I suggest you create a new username and password for the test and disable/delete it after you've finished.  Although it is a Microsoft site, you can never be too careful.

Does your server certificate name match the URL you are using to conncet to it?

I.e. both are remote.domain.com or mail.domain.com?
0
 

Author Comment

by:ITBUFF
ID: 39644367
the link above has an Server Error in '/' Application. Meanwhile testing the matching domains.
0
 

Author Comment

by:ITBUFF
ID: 39644404
should I try this since I have Exchange 2007 :?
http://support.microsoft.com/kb/940726
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 39644542
You shouldn't need to providing your ran through the Setup Internet Address Name when you originally set it up.

Can you copy the results from the connectivity test into here?
0
 

Author Comment

by:ITBUFF
ID: 39644878
here's the connectivity test attached. I saved it as a html file so you should read it easily.
RCATestResult.zip
0
 
LVL 22

Accepted Solution

by:
David Atkin earned 500 total points
ID: 39645016
Is your certificate name the same as the DNS name your are trying to connect to?
0
 

Author Comment

by:ITBUFF
ID: 39645215
No it wasn't after looking at this closely.

Thank you for your help I have solved the problem to which there were multiple reasons.

1 - Set it back to NTLM
2 - when configuring the mailbox in outlook make sure to enter the fully qualified domain of the local server.
      Server: =  FileServer.Mydomain.local
3 - enter the remote domain name in "Microsoft Exchange Proxy Settings"
    remote.Mydomain.com
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 39647374
Glad you got it resolved.  

Thanks
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
Read this checklist to learn more about the 15 things you should never include in an email signature.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now