Solved

trying to add Exchange email to client off-site but autodiscover is showing internal server name

Posted on 2014-01-06
28
173 Views
Last Modified: 2014-09-22
I have an SBS2011 server and all seems to be working well except for adding an Exchange email client to Outlook while off-site. Have an active SSL UCC from GoDaddy. When I try to set up a client off-site it gives me the attached errors (showing that it's trying to connect to the internal server name, not remote.domainname.com). When I go to testconnectivity.microsoft.com the Autodiscover app successfully passes. What am I missing? Thanks.
error-1.jpg
error-2.jpg
0
Comment
Question by:dannymyung
  • 13
  • 8
  • 7
28 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
That is the correct behaviour.
The internal name will be shown, however the client should be configured to use Outlook Anywhere which will have the correct external host name in its configuration.

You must ensure that the external host name does NOT resolve on the internet - that will cause problems if it does, because Outlook Anywhere depends on the client being unable to connect.

If you are using the same domain internally and externally then ensure that you don't have a wildcard in the domain so anythingyoulike.example.com resolves.

Simon.
0
 

Author Comment

by:dannymyung
Comment Utility
Thanks for the info. I just pinged the "sbs2011.domainname.com" and it returned pings from the wrong IP address -- is this my issue? Should I have the company who controls the DNS remove that record so it doesn't resolve anywhere?

We are using the same domain internally and externally but don't have a wildcard (that I know of).
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
That is indeed the issue.
You must have overridden the default configuration when installing SBS to use the .local domain instead.

If you are getting a return when you resolve the address then you have a wildcard (or you have an entry for that server name). Either way it needs to be removed.

Simon.
0
 

Author Comment

by:dannymyung
Comment Utility
I had the DNS manager company remove the wildcard for the domain and now the sbs2011.domainname.com is not resolving to anywhere -- however, when I try to add the account in Outlook, I still run into the same issue. The text exchange connectivity app still passes.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
It may well be cached information.
I presume that you completed all of the wizards in the SBS console for setting up the server?
Do you have a trusted SSL certificate on the server?

You should be using two host names - the server's real name and another host name for external access - remote.example.com is the default.

Simon.
0
 
LVL 11

Expert Comment

by:hecgomrec
Comment Utility
If I understood correctly, you run the test for Autodiscover, this test is on the section "Microsoft Office Outlook Connectivity Tests" if this is correct you should try the option above that one: "Outlook Anywhere (RPC over HTTP)" if this one fails then you should enable Outlook Anywhere on your server.

Autodiscover will use and URL like:  https://autodiscover.yourdomain.com this address will point to your server's IP address.  It works by taking your email's address domain for the test (username@supercom.com = autodiscover.supercom.com).

To configure a client to connect to exchange directly you have several options, but lest focus on the one you are trying; you need RPC over HTTP or Outlook Anywhere installed on your server.  If this is not installed on your server and you don't know how to do it and you are rushed to have the email for the offsite computer then you can install the email by using POP (not recommended) or IMAP.

Must likely, if you try to create the account manually using any of the possible DNS names (webmail, mail, owa, etc) and your domain name (mail.yourdomain.com) your client should run without problems.  Just need to find out your "internet facing" DNS and/or ports
0
 

Author Comment

by:dannymyung
Comment Utility
Simon -- I didn't set up this server, I just fell into it with a new client. It does have an SSL certificate installed on it. We do have host names set up with one of them being remote.domainname.com

Autodiscover did work in the past, the client moved locations, their IP changed, and I believe that is when the issue surfaced. We did update all of the records appropriately. They have other devices that are working fine (since they were set up in the past) but any new devices will not work.
0
 

Author Comment

by:dannymyung
Comment Utility
Outlook Anywhere is and has been enabled. This is where the RPC over HTTP fails in the testconnectivity app:

Attempting to ping RPC proxy remote.domainname.com.
       RPC Proxy can't be pinged.
       
      Additional Details
       
An HTTP 401 Unauthorized response was received from the remote Unknown server. This is usually the result of an incorrect username or password. If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN).
Headers received:
Content-Type: text/html
Server: Microsoft-IIS/7.5
WWW-Authenticate: Negotiate,NTLM,Basic realm="remote.domainname.com"
X-Powered-By: ASP.NET
Date: Wed, 08 Jan 2014 02:47:09 GMT
Content-Length: 58
Elapsed Time: 85 ms.


However, if I go to remote.domainname.com and log in everything seems to work fine.
0
 
LVL 11

Expert Comment

by:hecgomrec
Comment Utility
If you are able to go remote.domainname.com from outside your client's LAN then it should be a problem on your firewall, the port could be close or a port forwarding in not installed to the right machine.

Usually remote.domain.com is use for remote desktop access or to get to the company's intranet hub...but Hey!... we can do anything these days :).

Now, if you are inside his LAN, you must try it outside the company's LAN.  If there is a DNS record to map internally to the server, in your test it will fail as the test is perform from someone else server.  Therefore, you will have to call the client's ISP to add the proper DNS records to the client's IP.

Try this remote IP Ping service to see if you can ping "remote.domainname.com"
https://www.wormly.com/test_remote_ping
0
 

Author Comment

by:dannymyung
Comment Utility
I can ping the external address and access everything via remote.domainname.com outside of the lan without any issue. It's just adding an Exchange email account to Outlook outside of the office where it won't complete adding the account.
0
 
LVL 11

Expert Comment

by:hecgomrec
Comment Utility
Ok, please read the following article and hope this will help you check your settings and http://exchangeserverpro.com/how-to-configure-exchange-server-2010-outlook-anywhere/
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
Comment Utility
Run the Fix My Network wizard in the SBS Console - see if that flags anything up.

Simon.
0
 

Author Comment

by:dannymyung
Comment Utility
Thanks, guys.

I ran the fix my network wizard and did realize that port 987 wasn't open -- it's open now.

I think I narrowed down my issue -- the computer's I'm trying to add this Exchange account to are not joined to the domain so I'm thinking it's an authentication issue. Does Exchange run through the Default Web Site in IIS? Is that where I should check/update the Authentication settings?

Autodiscover should set up these settings automatically but I suppose they are wrong some how?
0
 
LVL 11

Expert Comment

by:hecgomrec
Comment Utility
you don't need to add the computers to the domain just add the domainname\username for the credentials when creating the account.

And, like I said... some times we forget about that "dam firewall" and a single closed port could give you a headache!!!
0
Do email signature updates give you a headache?

Do you feel like all of your time is spent managing email signatures? Too busy to visit every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 

Author Comment

by:dannymyung
Comment Utility
It never gets far enough for it to prompt me for the credentials.

I open Outlook with a new profile then it comes up with Auto Account Setup. I have the radio box next to E-mail Account selected then I enter the name, email address, and password. Click Next. The green check goes to Establish network connection and Search for "email address" server settings, then a window comes up per my attachment that says "The action cannot be completed". This is usually when it asks for domain credentials but it just fails and stops here.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
Is the local user account on the workstation the same as the domain user account, just with a different password? That could cause these problems, because Outlook will try and use the local credentials to begin with.

Simon.
0
 

Author Comment

by:dannymyung
Comment Utility
Negative -- local user is complete different username/user on a workgroup.
0
 
LVL 11

Expert Comment

by:hecgomrec
Comment Utility
When you get to the Auto Account Setup select the option at the bottom: "Manually configure server settings", select Exchange on the next screen and enter your settings.
0
 

Author Comment

by:dannymyung
Comment Utility
I've tried that:
-select MS Exchange
-under server I type remote.domainname.com
-under username I put "Firstname Lastname" and I've tried domain\username
-it says "Action cannot be completed....connection is unavailable..."

I've also tried going to More settings and checking Outlook Anywhere over HTTP, entering the remote.domainname.com address. When I try that method it DOES get further, prompting me for a username and password, but after I enter the credentials it says the action cannot be completed again.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
You shouldn't enter the remote.example.com but enter the server's REAL name for the Exchange server address. However Autodiscover should do everything for you.

There is something else at play here which is getting in the way, which you haven't mentioned (maybe because you don't know or don't consider it a factor).

I have seen problems before when the same subnet is used on both sides - so both locations using 192.168.0.x for example.

Simon.
0
 

Author Comment

by:dannymyung
Comment Utility
Thanks. I did try entering the server's real name and it did prompt me for the user's domain credentials but it still failed.

The server side of things is on 192.168.10.x subnet and the one I'm on is 192.168.1.x
0
 
LVL 11

Expert Comment

by:hecgomrec
Comment Utility
You can't configure and "internet facing" service from within your LAN unless you have implemented a DNS record to bypass this limitation.

Meaning:  Your Internet server name is remote.domain.com which is register with your ISP with 200.195.69.49.  If you try to get to this address from within your LAN the machine is going to look for it inside your LAN first then is going to go on the next DNS on the search (your ISP - from gateway/router) once the name is found and try to come back to your own IP the package will be refuse by your router/firewall therefore is like it doesn't exist.

Solution:  Create a DNS record with your "internet facing" name pointing to your internal server IP address.  Wait for replication to take place to all DNS servers.  Flush DNS records and Register DNS records again.  Try your changes by pinging your server with by its name.

Note:  If there is no link between subnets or your routers are not aware of multiple subnets within the LAN you won't reach to the desire server unless you are in the same subnet.
0
 

Author Comment

by:dannymyung
Comment Utility
hecgomrec -- I think you are correct but referring to setting up the client from within the internal network. If I go to the office where this server is, open up Outlook, set up the new account, everything works perfectly fine. However, if I take this device off-site Outlook loses it's connection with Exchange and will not reconnect unless I go back and connect to the internal network.

I'm trying to set up the client from off-site so the device will always work off-site. The device is a Windows Surface Pro tablet with Outlook 2010 installed on it but since we have been doing all of this troubleshooting I've been using my laptop and experiencing the exact same issues.

Everything was working perfectly fine until the office moved physical locations, their IP changed, and the internet facing router was reset. However, the server that has Exchange on it also has a couple websites and I'm wondering if anything in IIS was changed.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
SBS 2011 servers by default setup the DNS in the way described above - with the external name configured in DNS internally.

You didn't mention the other web sites before.
I would start by running the fix my network wizard and the SBS BPA tool. See whether those flag anything. It could be that the bindings are screwed up. It is not good practise to run other web sites on an Exchange server, particularly if they are public facing.

Simon.
0
 

Author Comment

by:dannymyung
Comment Utility
Thanks, Simon. I wish we could separate out roles with this server but the original IT guy who managed it set it up this way and that's the way it will be for probably 2-3 more years until it gets replaced.

It's just driving me up the wall since 99.99% of everything Exchange works fine but adding a mail client from off-site doesn't work. Tried creating a test user and a new computer and still have the same issue. Ran the network wizard before (several posts back) and I'm digging through the BPA report now.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
I don't recall saying anything about splitting up the roles.
There has to be something about the environment that hasn't been setup correctly. The fact that you aren't using the preferred domain name (domain.local) immediately indicates the server wasn't setup in the standard way.

Simon.
0
 

Author Comment

by:dannymyung
Comment Utility
Thanks, Simon. I meant splitting up the roles as in putting the other internet facing websites on a different server or vm.

The domain ending in .com is odd but everything did work (including autodiscover and rpc over http) before the office move.
0
 
LVL 11

Expert Comment

by:hecgomrec
Comment Utility
I don't know if you fix this issue yet!

You should be concentrating your efforts on checking your "internet facing" settings.

Make sure your ISP and/or your Domain name settings have your actual ip addresses, all require ports on the firewall allows the traffic to the right machine.

Did you ever run https://www.wormly.com/test_remote_ping I gave you earlier.  If this server can ping your autodiscovery and your remote domain names you are on the right track to disregard IP/DNS problems if not start there.  If these tests passed ok then most likely you have a problem or in your firewall or authentication conflict.

Once firewall is check and you are sure there are no problems there, then check once again your settings on the client, even inside the LAN, if your authentication method defers from the server it won't connect, so you either select BASIC, NTLM or Negotiate (BOTH).
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video discusses moving either the default database or any database to a new volume.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now