getting Outlook Anywhere behind IPCop to work

Hi,

I have enabled RPC / enabled Outlook Anywhere ticked NTLM authetication and made sure "Allow secure channel (SSL) offloading is NOT ticked.

The server is behind IPCop firewall and i cannot connect remotely through outlook.


1) If I set a firewall rule for 443 port, may that disrupt users browsing SSL sites ?
2) Do I need a real certified certificate or can I get away with using my own for now ?

Can someone guide me setting up the firewall IPCop to work with Outlook Anywhere.

ITBUFFAsked:
Who is Participating?
 
David AtkinConnect With a Mentor Technical DirectorCommented:
Is your certificate name the same as the DNS name your are trying to connect to?
0
 
David AtkinTechnical DirectorCommented:
Hello,

Opening 443 will have no effect on the users brosing external sites as you are only opening the port for inbound connections.

The self signed certificate is usable but a trusted third party is prefered.  I would get it working on the self signed cert and then move over to a trusted certificate if needed.

Does OWA work internally?

Can you confirm the Server OS.
0
 
ITBUFFAuthor Commented:
yes OWA works both internal and external. I will try the port now.
0
Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

 
ITBUFFAuthor Commented:
nothing
0
 
David AtkinTechnical DirectorCommented:
Try Basic Authentication in the Outlook Anywhere settings
0
 
ITBUFFAuthor Commented:
Actually SSL 443 is already set on firewall. Trying basic authentication.
0
 
ITBUFFAuthor Commented:
OK, OWA works externally when I try with outlook i get this error:


The action cannot be completed. The connection to Microsoft
Exchange is unavailable. Outlook must be online or connected to
complete this action.
0
 
ITBUFFAuthor Commented:
I'm using Microsoft SBS 2008
0
 
David AtkinTechnical DirectorCommented:
Can you take a screen shot of your Outlook anywhere settings please and upload?  Do you have the certificate installed?
0
 
ITBUFFAuthor Commented:
I'll do a screenshot soon.

I did run outlook /rpcdiag on my workstations and got a more descriptive error:

There is a problem with the proxy servers security certificate.
The security certificate is not from a trusted certifying authority.

Outlook is unable to connect to the proxy server mydomain.com. (Error
Code 18).
0
 
David AtkinTechnical DirectorCommented:
Do you have a self signed certificate installed on your SBS?

If so, you need to manually download it and install it onto the client PC into the Trusted Root authority container.

The certificate can normally be found on your SBS:   \\SBSNAME\Public\downloads
0
 
ITBUFFAuthor Commented:
screen shot of OA settings
0
 
ITBUFFAuthor Commented:
Hey scopeo,

I did as you suggested copying the certificate to the remote computer and installing it.

now I get this error that is does not match.

There is a problem with the proxy servers security certificate.
The name on the security certificate is invalid or does not match the
name of the target site mydomain.com.

Outlook is unable to connect to the proxy server. (Error Code 10)
0
 
David AtkinTechnical DirectorCommented:
The settings in that screen shot looks correct.

To run further tests please have a look here:
https://testconnectivity.microsoft.com/

Run the Outlook Anywhere test it will give you further information on configuration issues.

I suggest you create a new username and password for the test and disable/delete it after you've finished.  Although it is a Microsoft site, you can never be too careful.

Does your server certificate name match the URL you are using to conncet to it?

I.e. both are remote.domain.com or mail.domain.com?
0
 
ITBUFFAuthor Commented:
the link above has an Server Error in '/' Application. Meanwhile testing the matching domains.
0
 
ITBUFFAuthor Commented:
should I try this since I have Exchange 2007 :?
http://support.microsoft.com/kb/940726
0
 
David AtkinTechnical DirectorCommented:
You shouldn't need to providing your ran through the Setup Internet Address Name when you originally set it up.

Can you copy the results from the connectivity test into here?
0
 
ITBUFFAuthor Commented:
here's the connectivity test attached. I saved it as a html file so you should read it easily.
RCATestResult.zip
0
 
ITBUFFAuthor Commented:
No it wasn't after looking at this closely.

Thank you for your help I have solved the problem to which there were multiple reasons.

1 - Set it back to NTLM
2 - when configuring the mailbox in outlook make sure to enter the fully qualified domain of the local server.
      Server: =  FileServer.Mydomain.local
3 - enter the remote domain name in "Microsoft Exchange Proxy Settings"
    remote.Mydomain.com
0
 
David AtkinTechnical DirectorCommented:
Glad you got it resolved.  

Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.