?
Solved

getting Outlook Anywhere behind IPCop to work

Posted on 2013-11-13
20
Medium Priority
?
927 Views
Last Modified: 2013-11-14
Hi,

I have enabled RPC / enabled Outlook Anywhere ticked NTLM authetication and made sure "Allow secure channel (SSL) offloading is NOT ticked.

The server is behind IPCop firewall and i cannot connect remotely through outlook.


1) If I set a firewall rule for 443 port, may that disrupt users browsing SSL sites ?
2) Do I need a real certified certificate or can I get away with using my own for now ?

Can someone guide me setting up the firewall IPCop to work with Outlook Anywhere.

0
Comment
Question by:ITBUFF
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 12
  • 8
20 Comments
 
LVL 22

Expert Comment

by:David Atkin
ID: 39644178
Hello,

Opening 443 will have no effect on the users brosing external sites as you are only opening the port for inbound connections.

The self signed certificate is usable but a trusted third party is prefered.  I would get it working on the self signed cert and then move over to a trusted certificate if needed.

Does OWA work internally?

Can you confirm the Server OS.
0
 

Author Comment

by:ITBUFF
ID: 39644209
yes OWA works both internal and external. I will try the port now.
0
 

Author Comment

by:ITBUFF
ID: 39644210
nothing
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 22

Expert Comment

by:David Atkin
ID: 39644213
Try Basic Authentication in the Outlook Anywhere settings
0
 

Author Comment

by:ITBUFF
ID: 39644218
Actually SSL 443 is already set on firewall. Trying basic authentication.
0
 

Author Comment

by:ITBUFF
ID: 39644223
OK, OWA works externally when I try with outlook i get this error:


The action cannot be completed. The connection to Microsoft
Exchange is unavailable. Outlook must be online or connected to
complete this action.
0
 

Author Comment

by:ITBUFF
ID: 39644226
I'm using Microsoft SBS 2008
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 39644229
Can you take a screen shot of your Outlook anywhere settings please and upload?  Do you have the certificate installed?
0
 

Author Comment

by:ITBUFF
ID: 39644297
I'll do a screenshot soon.

I did run outlook /rpcdiag on my workstations and got a more descriptive error:

There is a problem with the proxy servers security certificate.
The security certificate is not from a trusted certifying authority.

Outlook is unable to connect to the proxy server mydomain.com. (Error
Code 18).
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 39644304
Do you have a self signed certificate installed on your SBS?

If so, you need to manually download it and install it onto the client PC into the Trusted Root authority container.

The certificate can normally be found on your SBS:   \\SBSNAME\Public\downloads
0
 

Author Comment

by:ITBUFF
ID: 39644307
screen shot of OA settings
0
 

Author Comment

by:ITBUFF
ID: 39644332
Hey scopeo,

I did as you suggested copying the certificate to the remote computer and installing it.

now I get this error that is does not match.

There is a problem with the proxy servers security certificate.
The name on the security certificate is invalid or does not match the
name of the target site mydomain.com.

Outlook is unable to connect to the proxy server. (Error Code 10)
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 39644340
The settings in that screen shot looks correct.

To run further tests please have a look here:
https://testconnectivity.microsoft.com/

Run the Outlook Anywhere test it will give you further information on configuration issues.

I suggest you create a new username and password for the test and disable/delete it after you've finished.  Although it is a Microsoft site, you can never be too careful.

Does your server certificate name match the URL you are using to conncet to it?

I.e. both are remote.domain.com or mail.domain.com?
0
 

Author Comment

by:ITBUFF
ID: 39644367
the link above has an Server Error in '/' Application. Meanwhile testing the matching domains.
0
 

Author Comment

by:ITBUFF
ID: 39644404
should I try this since I have Exchange 2007 :?
http://support.microsoft.com/kb/940726
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 39644542
You shouldn't need to providing your ran through the Setup Internet Address Name when you originally set it up.

Can you copy the results from the connectivity test into here?
0
 

Author Comment

by:ITBUFF
ID: 39644878
here's the connectivity test attached. I saved it as a html file so you should read it easily.
RCATestResult.zip
0
 
LVL 22

Accepted Solution

by:
David Atkin earned 2000 total points
ID: 39645016
Is your certificate name the same as the DNS name your are trying to connect to?
0
 

Author Comment

by:ITBUFF
ID: 39645215
No it wasn't after looking at this closely.

Thank you for your help I have solved the problem to which there were multiple reasons.

1 - Set it back to NTLM
2 - when configuring the mailbox in outlook make sure to enter the fully qualified domain of the local server.
      Server: =  FileServer.Mydomain.local
3 - enter the remote domain name in "Microsoft Exchange Proxy Settings"
    remote.Mydomain.com
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 39647374
Glad you got it resolved.  

Thanks
0

Featured Post

Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Course of the Month9 days, 11 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question