Is there a way to add an Outlook client outside the network if autodiscover is not in the certificate?

Is there a way to join an Outlook client outside of the network when autododiscover is not in the cert? Can I create a stand alone cert for the client or change authentication for him if his computer is not joined to the domain and he is outside the network? This is the only error on the Microsoft anaylyzer:

Testing TCP port 443 on host company.com to ensure it's listening and open.
       The specified port is either blocked, not listening, or not producing the expected response.
LVL 1
JRome225Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

it_saigeDeveloperCommented:
What Outlook client is the user connecting with?  Have you validated your settings with https://testconnectivity.microsoft.com/ (perform both of the Microsoft Office Outlook Connectivity Tests).

-saige-
0
JRome225Author Commented:
Outlook 2013,  I ran the testconnectivity and got the before mentioned error when trying autodiscover.
0
it_saigeDeveloperCommented:
I assume then that 443 is forwarded on your external firewall?

Because if it is, then you can manually specify the RPC proxy, the Exchange server, the Mutual authentication principal name and the authentication method (these settings would normally be passed automatically by the Autodiscover service).

-saige-
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

it_saigeDeveloperCommented:
What are the settings for your ExternalClientAuthenticationMethod and ExternalClientsRequireSsl for the OutlookAnywhere service?

Get-OutlookAnywhere will provide this information.

-saige-
0
JRome225Author Commented:
Correct, the router is forwarding 443 to the server. Here are the external settings:


ExternalClientAuthenticationMethod : Negotiate
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}
XropUrl                            :
ExternalClientsRequireSsl          : True
InternalClientsRequireSsl          : True
0
it_saigeDeveloperCommented:
Do you have other clients that connect externally?  Also when you run the Connectivity tests, do you manually configure the settings?

-saige-
0
JRome225Author Commented:
no other clients are using it outside the network. When I ran the manual test it came back good with the exception of this error:

The address book Bind operation returned ecNotSupported. This typically indicates that your server requires encryption.
0
JRome225Author Commented:
Since the user's computer is not on the domain I changed the authentication type to basic and ran a connectivity test which failed with this error:

Attempting to ping the MAPI Mail Store endpoint with identity: servername:6001.
       The attempt to ping the endpoint failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       
The RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime process.
Elapsed Time: 760 ms.
0
JRome225Author Commented:
Could I turn the outside ssl off or do you know a simple authentication setting I can use to get it to connect to RPC?
0
it_saigeDeveloperCommented:
If you do not have any other users externally, then yes you could.  I, however, would not leave it that way.  The better resolution would be to get a UCC cert that includes autodiscover.mydomain.com.

As a matter of completeness, domain membership not does not matter in this situation.  The user is connecting to a web service (OutlookAnwhere formerly known as RPC over HTTPs).  OutlookAnywhere verifies the users ability to connect by way of the domain username and password.

This how people can use their smart phones to send and receive Exchange emails.

-saige-
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JRome225Author Commented:
The phones are working fine but this user is unable to connect to Exchange. What are the settings you recommend for the single user to connect with Outlook Anywhere?
0
JRome225Author Commented:
Im getting this error when I set everything to Basic:

Attempting to ping RPC proxy mail.newbeginningsarc.com.
       RPC Proxy can't be pinged.
       
      Additional Details
       
An unexpected network-level exception was encountered. Exception details:
Message: The remote server returned an error: (404) Not Found.
Type: Microsoft.Exchange.Tools.ExRca.Extensions.MapiTransportException
Stack trace:
at Microsoft.Exchange.Tools.ExRca.Extensions.MapiRpcTestClient.PingProtocolProxy(String endpointIdentifier)
at Microsoft.Exchange.Tools.ExRca.Tests.MapiPingProxyTest.PerformTestReally()
Exception details:
Message: The remote server returned an error: (404) Not Found.
Type: System.Net.WebException
Stack trace:
at System.Net.HttpWebRequest.GetResponse()
at RpcPingLib.RpcPing.PingProxy(String internalServerFqdn, String endpoint)
at Microsoft.Exchange.Tools.ExRca.Extensions.MapiRpcTestClient.PingProtocolProxy(String endpointIdentifier)
Elapsed Time: 1103 ms.
0
hecgomrecCommented:
Here is the thing, autodiscover is a feature added to you exchange server to help "away" users to find their servers in an easy way.  This doesn't mean you must use it!!!

As long as you know the address of your server you should be ok, no extra SSL.

Just don't let outlook to do the work, setup your server manually or using a combination but I recommend manually.  There you should put the internal server name "eserver1.domain.local" then the username "supertester@yourdomain.com" then click on more settings, go to the connection tab, enable outlook anywhere and open proxy settings, enter your server name: "mail.yourdomail.com" and in the "Only connect to proxy...." section add "msstd:mail.yourdomain.com" finally select your authentication method then ok, apply, next... the connection should be established if you have everything right and it will ask for the user password, remember to include domain\username and choose to save the password.
1
it_saigeDeveloperCommented:
What is the output of this cmdlet:

Get-OutlookProvider

-saige-
0
it_saigeDeveloperCommented:
These are the settings that I can glean from our postings thus far:

RPC Proxy Server is: mail.newbeginningsarc.com
and
Mutual authentication principal name is: msstd.mail.newbeginningsarc.com
Authentication method is Basic

-saige-
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.