Solved

cant connect outlook to exchange 2013

Posted on 2014-10-12
17
32 Views
Last Modified: 2016-06-14
HI,
I am setting up a brand new exchange server 2013 on server 2012R2. I can send and receive email from owa but cant connect from outlook.
here is the details of my setup.
server 2012 R2, exchange CU5 installed and working ok for sending and receiving email via owa.
client computer is windows 8 pro and joined to domain. office 2013 is installed.
when I try to connect outlook for first time I cant connect. screen shots are attached.
I haven't installed SSl certificate from a provider, still running on the default certificate. Does that cause issue? I am planning to purchase a certificate soon after the server is ready to go online live.
can some one help.?
thanks in advance
Biju
1.JPG
2.JPG
3.JPG
4.JPG
5.JPG
0
Comment
Question by:bijumdam
  • 6
  • 5
  • 2
  • +2
17 Comments
 
LVL 11

Accepted Solution

by:
TS4B earned 400 total points
ID: 40376181
I'd suggest buying the SSL Cert now regardless, it will only expedite having it ready, rather than using self signed, fixing any issues related to it, testing till ok, than buying SSL, and re-testing. Take out a step.

Could you run from Exchange CLI (Exchange Powershell)  the test-outlookwebservices command please?
This will show if you are having issues on any of the services..

It will want to create a default test mailbox. If not sure how to do so, on the Exchange Powershell simply go to the Exchange Scripts directory via cd $exscripts and type in  .\New-TestCasConnectivityUser.PS1

Choose a random PW (Just hit some keys on the board, no need to remember it) and run the test-outlookwebservices again.

Your client is also referencing proxy. Perhaps try disabling proxy on the user PC for testing purposes only, in order to narrow down the possible causes.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40376186
I agree with Maclean. I would get the UC / SAN certificate from a third party provider. Its going to save you a lot of heartache.

The cost of the cert easily offsets your time.

Whole process on namespace, certs and DNS documented here.
http://supertekboy.com/2014/07/08/designing-simple-namespace-exchange-2013/
0
 
LVL 12

Expert Comment

by:ktaczala
ID: 40376187
Self-signed should work just fine.  

Go to your exchange server and export the trusted root certificate for your exchange server and install it on the workstation.
Start > mmc > File >  add snap-in > certificates > add> computer account > next > local computer > finish > ok
find you exchange server name > right click > all tasks > export > next > next > name it > finish.
Then import it on your workstation pretty much reversing what I just showed you.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 9

Expert Comment

by:VirastaR
ID: 40376849
Hi,

Check this article from Technet and its resolved, i am suggesdting this solution based on the screenshots you shared.

Outlook gives an error for Proxy Server Certificate

I guess this will resolve the issue, if not feel free to shout back!
0
 
LVL 9

Expert Comment

by:VirastaR
ID: 40376960
0
 

Author Comment

by:bijumdam
ID: 40381152
Hi Guys
Thanks for all posts and support,
I think I could resolve the issue, I purchased new SSl certificate and installed, changed iis and SMTP services to new certificate and now outlook connects. Its really strange even self signed certificate didn't work.
Thanks again and I will keep posted if I find any further issue.
Kind regards
Biju
0
 

Author Comment

by:bijumdam
ID: 40383242
hi Guys
Just want to let you know Now I am getting a different error on out look. I have new SSl certificate install on server and outlook started working but still getting certificate warning. and on outlook 2013 edition I get proxy server error every time I open outlook. Please see attachments. Outlooks works ok but always error comes in...
can help?
kind regards
Biju
Capture.JPG
2.JPG
0
 
LVL 11

Assisted Solution

by:TS4B
TS4B earned 400 total points
ID: 40383311
Looks like you need to load the new certificate onto your firewall appliance.
If using Microsoft ISA or TMG, make sure you replace the existing old cert on the listener, and add the new one.

http://www.isaserver.org/articles-tutorials/configuration-general/Publishing-Outlook-Web-Access-Microsoft-Forefront-TMG.html

If you have a different type of solution you would need to refer their information.
Another thing is to test the outlook web services as per my 1st post.
0
 

Author Comment

by:bijumdam
ID: 40383384
Thanks Maclean
Please find the attachment , i am getting that error when trying to  test-outlookwebservices command.
thanks
1.JPG
0
 
LVL 11

Assisted Solution

by:TS4B
TS4B earned 400 total points
ID: 40383387
Ok, I will need to be inventive here. Judging from first error it could be the PW.

Try the user creation script again, but type in a longer PW, just some numbers, letters and characters in random should do.
Also check if the username "extest_6df7519dae1e4" was created on AD. If yes delete it before running script again.

If script still fails, logon to exchange, and create the mailbox for extest_6df7519dae1e4 yourself by selecting new mailbox, and when prompted for new or existing user, select new user (Drop into default users OU if prompted)

Once done, try the test again.

Is there an internal firewall at all btw? If not, than my earlier remark on TMG/ISA should not apply. We might need to check that all paths on exchange are set correct, but the test-outlookwebservices will help here.
0
 

Author Comment

by:bijumdam
ID: 40383491
yes, did same and disable all firewall, still same error..
0
 
LVL 31

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 100 total points
ID: 40383494
Have you made sure all your Internal URLs are correct? They need to match a name you have on your cert.

Also, configure split-brain DNS. All in this article.
http://supertekboy.com/2014/07/08/designing-simple-namespace-exchange-2013/
0
 
LVL 11

Expert Comment

by:TS4B
ID: 40385291
So when you say you "did the same", you meant you checked if the "extest_6df7519dae1e4" user/mailbox already existed, or you created it manually for testing purposes?
I have had some issues at times in the past creating the account myself, but usually they are simple to fix.

Perhaps have a look at this suggestion. You could open up the PS1 file, copy it for backup, and amend the original as per below suggestion

http://www.definit.co.uk/2011/03/exchange-2010-createtestuser-mailbox-could-not-be-created-verify-that-ou-users-exists-and-that-password-meets-complexity-requirements/

As Gareth recommends as well check that all your internal links are ok
You can locate this on the server section under virtual directories.
0
 

Author Comment

by:bijumdam
ID: 40385459
I had to create "extest_6df7519dae1e4" manually. It was not there. but even creating manually it showed same error. Ok I will try as you said above. and I made changes according to http://supertekboy.com/2014/07/08/designing-simple-namespace-exchange-2013/ and all my internal URLs are now same as external including auto discover. but error stays as it was.
So I strongly believe there is something missing in my SSl certificate. I might ask to reissue again with current settings.
one question before I create new CSR.
when creating certificate request in auto discover section intranet it shows as " autodiscover.secure.mydomain.com.au" ( which is my external domain), but in auto discover internet it is " Autodiscover.mydomain.local,Autodiscover.mydomain.com.au" ( "secure" not showing there) is that correct or do i need to change it to external domain as well?
thanks
0
 
LVL 11

Assisted Solution

by:TS4B
TS4B earned 400 total points
ID: 40386039
Apologies for the delays. Having a busy day at the office.

The issue likely is the cert yes. The test-outlookwebservices is just to assist in confirming that this indeed is the only issue.
But if it is going to create more work, than perhaps we can focus on just the cert, and leave the rest only if problems persist.

As per Gareth his comment, your autodiscovery URL's should be the same on the certificate.

You can either copy the autodiscovery url from the certificate onto your Exchange settings, to ensure they conform to each other, or you can get the newly configured autodiscovery URL's added to the certificate.
If there is no proxy in between which might need this cert for external connectivity than that should be no problem. If there is a proxy, make sure the proxy has the new cert loaded after creation.
The names entered on the exchange need to be accessible internally when doing a ping or nslookup to them via your local DNS.

I always thought that the below url helped explaining what to put into a cert for 2013 quite well. Perhaps it will assist you with this issue if I am unable to respond in a timely fashion. (Part 3 would be where you seem to be at)
Link to msexchange.org 2013 Certificate guide
0
 

Author Comment

by:bijumdam
ID: 40386049
Thanks mate,
I will keep you posted the outcome....
cheers
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question