trying to add Exchange email to client off-site but autodiscover is showing internal server name

I have an SBS2011 server and all seems to be working well except for adding an Exchange email client to Outlook while off-site. Have an active SSL UCC from GoDaddy. When I try to set up a client off-site it gives me the attached errors (showing that it's trying to connect to the internal server name, not When I go to the Autodiscover app successfully passes. What am I missing? Thanks.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Simon Butler (Sembee)ConsultantCommented:
That is the correct behaviour.
The internal name will be shown, however the client should be configured to use Outlook Anywhere which will have the correct external host name in its configuration.

You must ensure that the external host name does NOT resolve on the internet - that will cause problems if it does, because Outlook Anywhere depends on the client being unable to connect.

If you are using the same domain internally and externally then ensure that you don't have a wildcard in the domain so resolves.

dannymyungAuthor Commented:
Thanks for the info. I just pinged the "" and it returned pings from the wrong IP address -- is this my issue? Should I have the company who controls the DNS remove that record so it doesn't resolve anywhere?

We are using the same domain internally and externally but don't have a wildcard (that I know of).
Simon Butler (Sembee)ConsultantCommented:
That is indeed the issue.
You must have overridden the default configuration when installing SBS to use the .local domain instead.

If you are getting a return when you resolve the address then you have a wildcard (or you have an entry for that server name). Either way it needs to be removed.

Get Blueprints for Increased Customer Retention

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

dannymyungAuthor Commented:
I had the DNS manager company remove the wildcard for the domain and now the is not resolving to anywhere -- however, when I try to add the account in Outlook, I still run into the same issue. The text exchange connectivity app still passes.
Simon Butler (Sembee)ConsultantCommented:
It may well be cached information.
I presume that you completed all of the wizards in the SBS console for setting up the server?
Do you have a trusted SSL certificate on the server?

You should be using two host names - the server's real name and another host name for external access - is the default.

If I understood correctly, you run the test for Autodiscover, this test is on the section "Microsoft Office Outlook Connectivity Tests" if this is correct you should try the option above that one: "Outlook Anywhere (RPC over HTTP)" if this one fails then you should enable Outlook Anywhere on your server.

Autodiscover will use and URL like: this address will point to your server's IP address.  It works by taking your email's address domain for the test ( =

To configure a client to connect to exchange directly you have several options, but lest focus on the one you are trying; you need RPC over HTTP or Outlook Anywhere installed on your server.  If this is not installed on your server and you don't know how to do it and you are rushed to have the email for the offsite computer then you can install the email by using POP (not recommended) or IMAP.

Must likely, if you try to create the account manually using any of the possible DNS names (webmail, mail, owa, etc) and your domain name ( your client should run without problems.  Just need to find out your "internet facing" DNS and/or ports
dannymyungAuthor Commented:
Simon -- I didn't set up this server, I just fell into it with a new client. It does have an SSL certificate installed on it. We do have host names set up with one of them being

Autodiscover did work in the past, the client moved locations, their IP changed, and I believe that is when the issue surfaced. We did update all of the records appropriately. They have other devices that are working fine (since they were set up in the past) but any new devices will not work.
dannymyungAuthor Commented:
Outlook Anywhere is and has been enabled. This is where the RPC over HTTP fails in the testconnectivity app:

Attempting to ping RPC proxy
       RPC Proxy can't be pinged.
      Additional Details
An HTTP 401 Unauthorized response was received from the remote Unknown server. This is usually the result of an incorrect username or password. If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN).
Headers received:
Content-Type: text/html
Server: Microsoft-IIS/7.5
WWW-Authenticate: Negotiate,NTLM,Basic realm=""
X-Powered-By: ASP.NET
Date: Wed, 08 Jan 2014 02:47:09 GMT
Content-Length: 58
Elapsed Time: 85 ms.

However, if I go to and log in everything seems to work fine.
If you are able to go from outside your client's LAN then it should be a problem on your firewall, the port could be close or a port forwarding in not installed to the right machine.

Usually is use for remote desktop access or to get to the company's intranet hub...but Hey!... we can do anything these days :).

Now, if you are inside his LAN, you must try it outside the company's LAN.  If there is a DNS record to map internally to the server, in your test it will fail as the test is perform from someone else server.  Therefore, you will have to call the client's ISP to add the proper DNS records to the client's IP.

Try this remote IP Ping service to see if you can ping ""
dannymyungAuthor Commented:
I can ping the external address and access everything via outside of the lan without any issue. It's just adding an Exchange email account to Outlook outside of the office where it won't complete adding the account.
Ok, please read the following article and hope this will help you check your settings and
Simon Butler (Sembee)ConsultantCommented:
Run the Fix My Network wizard in the SBS Console - see if that flags anything up.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dannymyungAuthor Commented:
Thanks, guys.

I ran the fix my network wizard and did realize that port 987 wasn't open -- it's open now.

I think I narrowed down my issue -- the computer's I'm trying to add this Exchange account to are not joined to the domain so I'm thinking it's an authentication issue. Does Exchange run through the Default Web Site in IIS? Is that where I should check/update the Authentication settings?

Autodiscover should set up these settings automatically but I suppose they are wrong some how?
you don't need to add the computers to the domain just add the domainname\username for the credentials when creating the account.

And, like I said... some times we forget about that "dam firewall" and a single closed port could give you a headache!!!
dannymyungAuthor Commented:
It never gets far enough for it to prompt me for the credentials.

I open Outlook with a new profile then it comes up with Auto Account Setup. I have the radio box next to E-mail Account selected then I enter the name, email address, and password. Click Next. The green check goes to Establish network connection and Search for "email address" server settings, then a window comes up per my attachment that says "The action cannot be completed". This is usually when it asks for domain credentials but it just fails and stops here.
Simon Butler (Sembee)ConsultantCommented:
Is the local user account on the workstation the same as the domain user account, just with a different password? That could cause these problems, because Outlook will try and use the local credentials to begin with.

dannymyungAuthor Commented:
Negative -- local user is complete different username/user on a workgroup.
When you get to the Auto Account Setup select the option at the bottom: "Manually configure server settings", select Exchange on the next screen and enter your settings.
dannymyungAuthor Commented:
I've tried that:
-select MS Exchange
-under server I type
-under username I put "Firstname Lastname" and I've tried domain\username
-it says "Action cannot be completed....connection is unavailable..."

I've also tried going to More settings and checking Outlook Anywhere over HTTP, entering the address. When I try that method it DOES get further, prompting me for a username and password, but after I enter the credentials it says the action cannot be completed again.
Simon Butler (Sembee)ConsultantCommented:
You shouldn't enter the but enter the server's REAL name for the Exchange server address. However Autodiscover should do everything for you.

There is something else at play here which is getting in the way, which you haven't mentioned (maybe because you don't know or don't consider it a factor).

I have seen problems before when the same subnet is used on both sides - so both locations using 192.168.0.x for example.

dannymyungAuthor Commented:
Thanks. I did try entering the server's real name and it did prompt me for the user's domain credentials but it still failed.

The server side of things is on 192.168.10.x subnet and the one I'm on is 192.168.1.x
You can't configure and "internet facing" service from within your LAN unless you have implemented a DNS record to bypass this limitation.

Meaning:  Your Internet server name is which is register with your ISP with  If you try to get to this address from within your LAN the machine is going to look for it inside your LAN first then is going to go on the next DNS on the search (your ISP - from gateway/router) once the name is found and try to come back to your own IP the package will be refuse by your router/firewall therefore is like it doesn't exist.

Solution:  Create a DNS record with your "internet facing" name pointing to your internal server IP address.  Wait for replication to take place to all DNS servers.  Flush DNS records and Register DNS records again.  Try your changes by pinging your server with by its name.

Note:  If there is no link between subnets or your routers are not aware of multiple subnets within the LAN you won't reach to the desire server unless you are in the same subnet.
dannymyungAuthor Commented:
hecgomrec -- I think you are correct but referring to setting up the client from within the internal network. If I go to the office where this server is, open up Outlook, set up the new account, everything works perfectly fine. However, if I take this device off-site Outlook loses it's connection with Exchange and will not reconnect unless I go back and connect to the internal network.

I'm trying to set up the client from off-site so the device will always work off-site. The device is a Windows Surface Pro tablet with Outlook 2010 installed on it but since we have been doing all of this troubleshooting I've been using my laptop and experiencing the exact same issues.

Everything was working perfectly fine until the office moved physical locations, their IP changed, and the internet facing router was reset. However, the server that has Exchange on it also has a couple websites and I'm wondering if anything in IIS was changed.
Simon Butler (Sembee)ConsultantCommented:
SBS 2011 servers by default setup the DNS in the way described above - with the external name configured in DNS internally.

You didn't mention the other web sites before.
I would start by running the fix my network wizard and the SBS BPA tool. See whether those flag anything. It could be that the bindings are screwed up. It is not good practise to run other web sites on an Exchange server, particularly if they are public facing.

dannymyungAuthor Commented:
Thanks, Simon. I wish we could separate out roles with this server but the original IT guy who managed it set it up this way and that's the way it will be for probably 2-3 more years until it gets replaced.

It's just driving me up the wall since 99.99% of everything Exchange works fine but adding a mail client from off-site doesn't work. Tried creating a test user and a new computer and still have the same issue. Ran the network wizard before (several posts back) and I'm digging through the BPA report now.
Simon Butler (Sembee)ConsultantCommented:
I don't recall saying anything about splitting up the roles.
There has to be something about the environment that hasn't been setup correctly. The fact that you aren't using the preferred domain name (domain.local) immediately indicates the server wasn't setup in the standard way.

dannymyungAuthor Commented:
Thanks, Simon. I meant splitting up the roles as in putting the other internet facing websites on a different server or vm.

The domain ending in .com is odd but everything did work (including autodiscover and rpc over http) before the office move.
I don't know if you fix this issue yet!

You should be concentrating your efforts on checking your "internet facing" settings.

Make sure your ISP and/or your Domain name settings have your actual ip addresses, all require ports on the firewall allows the traffic to the right machine.

Did you ever run I gave you earlier.  If this server can ping your autodiscovery and your remote domain names you are on the right track to disregard IP/DNS problems if not start there.  If these tests passed ok then most likely you have a problem or in your firewall or authentication conflict.

Once firewall is check and you are sure there are no problems there, then check once again your settings on the client, even inside the LAN, if your authentication method defers from the server it won't connect, so you either select BASIC, NTLM or Negotiate (BOTH).
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.