Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 662
  • Last Modified:

Is there a way to add an Outlook client outside the network if autodiscover is not in the certificate?

Is there a way to join an Outlook client outside of the network when autododiscover is not in the cert? Can I create a stand alone cert for the client or change authentication for him if his computer is not joined to the domain and he is outside the network? This is the only error on the Microsoft anaylyzer:

Testing TCP port 443 on host company.com to ensure it's listening and open.
       The specified port is either blocked, not listening, or not producing the expected response.
0
JRome225
Asked:
JRome225
  • 7
  • 7
1 Solution
 
it_saigeDeveloperCommented:
What Outlook client is the user connecting with?  Have you validated your settings with https://testconnectivity.microsoft.com/ (perform both of the Microsoft Office Outlook Connectivity Tests).

-saige-
0
 
JRome225Author Commented:
Outlook 2013,  I ran the testconnectivity and got the before mentioned error when trying autodiscover.
0
 
it_saigeDeveloperCommented:
I assume then that 443 is forwarded on your external firewall?

Because if it is, then you can manually specify the RPC proxy, the Exchange server, the Mutual authentication principal name and the authentication method (these settings would normally be passed automatically by the Autodiscover service).

-saige-
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
it_saigeDeveloperCommented:
What are the settings for your ExternalClientAuthenticationMethod and ExternalClientsRequireSsl for the OutlookAnywhere service?

Get-OutlookAnywhere will provide this information.

-saige-
0
 
JRome225Author Commented:
Correct, the router is forwarding 443 to the server. Here are the external settings:


ExternalClientAuthenticationMethod : Negotiate
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}
XropUrl                            :
ExternalClientsRequireSsl          : True
InternalClientsRequireSsl          : True
0
 
it_saigeDeveloperCommented:
Do you have other clients that connect externally?  Also when you run the Connectivity tests, do you manually configure the settings?

-saige-
0
 
JRome225Author Commented:
no other clients are using it outside the network. When I ran the manual test it came back good with the exception of this error:

The address book Bind operation returned ecNotSupported. This typically indicates that your server requires encryption.
0
 
JRome225Author Commented:
Since the user's computer is not on the domain I changed the authentication type to basic and ran a connectivity test which failed with this error:

Attempting to ping the MAPI Mail Store endpoint with identity: servername:6001.
       The attempt to ping the endpoint failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       
The RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime process.
Elapsed Time: 760 ms.
0
 
JRome225Author Commented:
Could I turn the outside ssl off or do you know a simple authentication setting I can use to get it to connect to RPC?
0
 
it_saigeDeveloperCommented:
If you do not have any other users externally, then yes you could.  I, however, would not leave it that way.  The better resolution would be to get a UCC cert that includes autodiscover.mydomain.com.

As a matter of completeness, domain membership not does not matter in this situation.  The user is connecting to a web service (OutlookAnwhere formerly known as RPC over HTTPs).  OutlookAnywhere verifies the users ability to connect by way of the domain username and password.

This how people can use their smart phones to send and receive Exchange emails.

-saige-
0
 
JRome225Author Commented:
The phones are working fine but this user is unable to connect to Exchange. What are the settings you recommend for the single user to connect with Outlook Anywhere?
0
 
JRome225Author Commented:
Im getting this error when I set everything to Basic:

Attempting to ping RPC proxy mail.newbeginningsarc.com.
       RPC Proxy can't be pinged.
       
      Additional Details
       
An unexpected network-level exception was encountered. Exception details:
Message: The remote server returned an error: (404) Not Found.
Type: Microsoft.Exchange.Tools.ExRca.Extensions.MapiTransportException
Stack trace:
at Microsoft.Exchange.Tools.ExRca.Extensions.MapiRpcTestClient.PingProtocolProxy(String endpointIdentifier)
at Microsoft.Exchange.Tools.ExRca.Tests.MapiPingProxyTest.PerformTestReally()
Exception details:
Message: The remote server returned an error: (404) Not Found.
Type: System.Net.WebException
Stack trace:
at System.Net.HttpWebRequest.GetResponse()
at RpcPingLib.RpcPing.PingProxy(String internalServerFqdn, String endpoint)
at Microsoft.Exchange.Tools.ExRca.Extensions.MapiRpcTestClient.PingProtocolProxy(String endpointIdentifier)
Elapsed Time: 1103 ms.
0
 
hecgomrecCommented:
Here is the thing, autodiscover is a feature added to you exchange server to help "away" users to find their servers in an easy way.  This doesn't mean you must use it!!!

As long as you know the address of your server you should be ok, no extra SSL.

Just don't let outlook to do the work, setup your server manually or using a combination but I recommend manually.  There you should put the internal server name "eserver1.domain.local" then the username "supertester@yourdomain.com" then click on more settings, go to the connection tab, enable outlook anywhere and open proxy settings, enter your server name: "mail.yourdomail.com" and in the "Only connect to proxy...." section add "msstd:mail.yourdomain.com" finally select your authentication method then ok, apply, next... the connection should be established if you have everything right and it will ask for the user password, remember to include domain\username and choose to save the password.
1
 
it_saigeDeveloperCommented:
What is the output of this cmdlet:

Get-OutlookProvider

-saige-
0
 
it_saigeDeveloperCommented:
These are the settings that I can glean from our postings thus far:

RPC Proxy Server is: mail.newbeginningsarc.com
and
Mutual authentication principal name is: msstd.mail.newbeginningsarc.com
Authentication method is Basic

-saige-
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 7
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now