Solved

cant connect outlook to exchange 2013

Posted on 2014-10-12
17
22 Views
Last Modified: 2016-06-14
HI,
I am setting up a brand new exchange server 2013 on server 2012R2. I can send and receive email from owa but cant connect from outlook.
here is the details of my setup.
server 2012 R2, exchange CU5 installed and working ok for sending and receiving email via owa.
client computer is windows 8 pro and joined to domain. office 2013 is installed.
when I try to connect outlook for first time I cant connect. screen shots are attached.
I haven't installed SSl certificate from a provider, still running on the default certificate. Does that cause issue? I am planning to purchase a certificate soon after the server is ready to go online live.
can some one help.?
thanks in advance
Biju
1.JPG
2.JPG
3.JPG
4.JPG
5.JPG
0
Comment
Question by:bijumdam
  • 6
  • 5
  • 2
  • +2
17 Comments
 
LVL 10

Accepted Solution

by:
Maclean earned 400 total points
Comment Utility
I'd suggest buying the SSL Cert now regardless, it will only expedite having it ready, rather than using self signed, fixing any issues related to it, testing till ok, than buying SSL, and re-testing. Take out a step.

Could you run from Exchange CLI (Exchange Powershell)  the test-outlookwebservices command please?
This will show if you are having issues on any of the services..

It will want to create a default test mailbox. If not sure how to do so, on the Exchange Powershell simply go to the Exchange Scripts directory via cd $exscripts and type in  .\New-TestCasConnectivityUser.PS1

Choose a random PW (Just hit some keys on the board, no need to remember it) and run the test-outlookwebservices again.

Your client is also referencing proxy. Perhaps try disabling proxy on the user PC for testing purposes only, in order to narrow down the possible causes.
0
 
LVL 30

Expert Comment

by:Gareth Gudger
Comment Utility
I agree with Maclean. I would get the UC / SAN certificate from a third party provider. Its going to save you a lot of heartache.

The cost of the cert easily offsets your time.

Whole process on namespace, certs and DNS documented here.
http://supertekboy.com/2014/07/08/designing-simple-namespace-exchange-2013/
0
 
LVL 12

Expert Comment

by:ktaczala
Comment Utility
Self-signed should work just fine.  

Go to your exchange server and export the trusted root certificate for your exchange server and install it on the workstation.
Start > mmc > File >  add snap-in > certificates > add> computer account > next > local computer > finish > ok
find you exchange server name > right click > all tasks > export > next > next > name it > finish.
Then import it on your workstation pretty much reversing what I just showed you.
0
 
LVL 9

Expert Comment

by:VirastaR
Comment Utility
Hi,

Check this article from Technet and its resolved, i am suggesdting this solution based on the screenshots you shared.

Outlook gives an error for Proxy Server Certificate

I guess this will resolve the issue, if not feel free to shout back!
0
 
LVL 9

Expert Comment

by:VirastaR
Comment Utility
0
 

Author Comment

by:bijumdam
Comment Utility
Hi Guys
Thanks for all posts and support,
I think I could resolve the issue, I purchased new SSl certificate and installed, changed iis and SMTP services to new certificate and now outlook connects. Its really strange even self signed certificate didn't work.
Thanks again and I will keep posted if I find any further issue.
Kind regards
Biju
0
 

Author Comment

by:bijumdam
Comment Utility
hi Guys
Just want to let you know Now I am getting a different error on out look. I have new SSl certificate install on server and outlook started working but still getting certificate warning. and on outlook 2013 edition I get proxy server error every time I open outlook. Please see attachments. Outlooks works ok but always error comes in...
can help?
kind regards
Biju
Capture.JPG
2.JPG
0
 
LVL 10

Assisted Solution

by:Maclean
Maclean earned 400 total points
Comment Utility
Looks like you need to load the new certificate onto your firewall appliance.
If using Microsoft ISA or TMG, make sure you replace the existing old cert on the listener, and add the new one.

http://www.isaserver.org/articles-tutorials/configuration-general/Publishing-Outlook-Web-Access-Microsoft-Forefront-TMG.html

If you have a different type of solution you would need to refer their information.
Another thing is to test the outlook web services as per my 1st post.
0
How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

 

Author Comment

by:bijumdam
Comment Utility
Thanks Maclean
Please find the attachment , i am getting that error when trying to  test-outlookwebservices command.
thanks
1.JPG
0
 
LVL 10

Assisted Solution

by:Maclean
Maclean earned 400 total points
Comment Utility
Ok, I will need to be inventive here. Judging from first error it could be the PW.

Try the user creation script again, but type in a longer PW, just some numbers, letters and characters in random should do.
Also check if the username "extest_6df7519dae1e4" was created on AD. If yes delete it before running script again.

If script still fails, logon to exchange, and create the mailbox for extest_6df7519dae1e4 yourself by selecting new mailbox, and when prompted for new or existing user, select new user (Drop into default users OU if prompted)

Once done, try the test again.

Is there an internal firewall at all btw? If not, than my earlier remark on TMG/ISA should not apply. We might need to check that all paths on exchange are set correct, but the test-outlookwebservices will help here.
0
 

Author Comment

by:bijumdam
Comment Utility
yes, did same and disable all firewall, still same error..
0
 
LVL 30

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 100 total points
Comment Utility
Have you made sure all your Internal URLs are correct? They need to match a name you have on your cert.

Also, configure split-brain DNS. All in this article.
http://supertekboy.com/2014/07/08/designing-simple-namespace-exchange-2013/
0
 
LVL 10

Expert Comment

by:Maclean
Comment Utility
So when you say you "did the same", you meant you checked if the "extest_6df7519dae1e4" user/mailbox already existed, or you created it manually for testing purposes?
I have had some issues at times in the past creating the account myself, but usually they are simple to fix.

Perhaps have a look at this suggestion. You could open up the PS1 file, copy it for backup, and amend the original as per below suggestion

http://www.definit.co.uk/2011/03/exchange-2010-createtestuser-mailbox-could-not-be-created-verify-that-ou-users-exists-and-that-password-meets-complexity-requirements/

As Gareth recommends as well check that all your internal links are ok
You can locate this on the server section under virtual directories.
0
 

Author Comment

by:bijumdam
Comment Utility
I had to create "extest_6df7519dae1e4" manually. It was not there. but even creating manually it showed same error. Ok I will try as you said above. and I made changes according to http://supertekboy.com/2014/07/08/designing-simple-namespace-exchange-2013/ and all my internal URLs are now same as external including auto discover. but error stays as it was.
So I strongly believe there is something missing in my SSl certificate. I might ask to reissue again with current settings.
one question before I create new CSR.
when creating certificate request in auto discover section intranet it shows as " autodiscover.secure.mydomain.com.au" ( which is my external domain), but in auto discover internet it is " Autodiscover.mydomain.local,Autodiscover.mydomain.com.au" ( "secure" not showing there) is that correct or do i need to change it to external domain as well?
thanks
0
 
LVL 10

Assisted Solution

by:Maclean
Maclean earned 400 total points
Comment Utility
Apologies for the delays. Having a busy day at the office.

The issue likely is the cert yes. The test-outlookwebservices is just to assist in confirming that this indeed is the only issue.
But if it is going to create more work, than perhaps we can focus on just the cert, and leave the rest only if problems persist.

As per Gareth his comment, your autodiscovery URL's should be the same on the certificate.

You can either copy the autodiscovery url from the certificate onto your Exchange settings, to ensure they conform to each other, or you can get the newly configured autodiscovery URL's added to the certificate.
If there is no proxy in between which might need this cert for external connectivity than that should be no problem. If there is a proxy, make sure the proxy has the new cert loaded after creation.
The names entered on the exchange need to be accessible internally when doing a ping or nslookup to them via your local DNS.

I always thought that the below url helped explaining what to put into a cert for 2013 quite well. Perhaps it will assist you with this issue if I am unable to respond in a timely fashion. (Part 3 would be where you seem to be at)
Link to msexchange.org 2013 Certificate guide
0
 

Author Comment

by:bijumdam
Comment Utility
Thanks mate,
I will keep you posted the outcome....
cheers
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now