Link to home
Start Free TrialLog in
Avatar of keith li
keith liFlag for Hong Kong

asked on

Can not connect Outlook Anywhere in exchange 2013

Dear All


                Currently i have a exchange 2013, and i,m planning to setup outlook anywhere, already applied a 3rd party certificate from startcom and successfully imported to the exchange server, and below is the screenshot from exchange 2013 and outlook 2013, any area i have done wrong ? from outlook 2013 i wont be able to connect to outlook anywhere, Hope anyone can help with this, Thanks !

User generated image
User generated image
User generated image
User generated image

Keith
Avatar of keith li
keith li
Flag of Hong Kong image

ASKER

the box keep poping up in outlook 2013

User generated image
Avatar of suriyaehnop
suriyaehnop
Flag of Malaysia image
On pictire no.3 could you click on services. Need to verify does the certificate had been assigned to any services
Avatar of keith li
keith li
Flag of Hong Kong image

ASKER

is it correct ?


User generated image
Avatar of suriyaehnop
suriyaehnop
Flag of Malaysia image
Yes, it is correct, could you run connectivity analyzer again, and upload the full of testing in xml format
Avatar of keith li
keith li
Flag of Hong Kong image

ASKER

There you go in english version


<?xml version="1.0" encoding="UTF-8"?>

-<testresult elapsedMilliseconds="28025" additionaldetails="" resultdescription="The Outlook connectivity test completed successfully." testdescription="Testing Outlook connectivity." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="SuccessWithWarnings">


-<children>


-<testresult elapsedMilliseconds="3652" additionaldetails="" resultdescription="Autodiscover was tested successfully." testdescription="The Microsoft Connectivity Analyzer is attempting to test Autodiscover for keith@gemmali.hk." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="SuccessWithWarnings">


-<children>


-<testresult elapsedMilliseconds="3652" additionaldetails="" resultdescription="The Autodiscover service was tested successfully." testdescription="Attempting each method of contacting the Autodiscover service." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="SuccessWithWarnings">


-<children>


-<testresult elapsedMilliseconds="3651" additionaldetails="" resultdescription="Testing of the Autodiscover URL was successful." testdescription="Attempting to test potential Autodiscover URL https://gemmali.hk:443/Autodiscover/Autodiscover.xml" contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="SuccessWithWarnings">


-<children>


-<testresult elapsedMilliseconds="497" additionaldetails="IP addresses returned: 113.28.54.219" resultdescription="The host name resolved successfully." testdescription="Attempting to resolve the host name gemmali.hk in DNS." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult elapsedMilliseconds="433" additionaldetails="" resultdescription="The port was opened successfully." testdescription="Testing TCP port 443 on host gemmali.hk to ensure it's listening and open." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult elapsedMilliseconds="428" additionaldetails="" resultdescription="The certificate passed all validation requirements." testdescription="Testing the SSL certificate to make sure it's valid." contentUrl="" errorid="734044ef-11c2-4e30-9ee6-450d49e9d92c" status="SuccessWithWarnings">


-<children>


-<testresult elapsedMilliseconds="334" additionaldetails="Remote Certificate Subject: E=piaakit@hotmail.com, CN=webmail.gemmali.hk, C=HK, Description=yJfW7J71X96VnYR1, Issuer: CN=StartCom Class 1 Primary Intermediate Server CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL." resultdescription="The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate." testdescription="The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server gemmali.hk on port 443." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult elapsedMilliseconds="1" additionaldetails="Host name gemmali.hk was found in the Certificate Subject Alternative Name entry." resultdescription="The certificate name was validated successfully." testdescription="Validating the certificate name." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult additionaldetails="" resultdescription="The certificate is trusted and all certificates are present in the chain." testdescription="Certificate trust is being validated." contentUrl="" errorid="734044ef-11c2-4e30-9ee6-450d49e9d92c" status="SuccessWithWarnings">


-<children>


-<testresult elapsedMilliseconds="37" additionaldetails="A total of 1 chains were built. The highest quality chain ends in root certificate CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL." resultdescription="One or more certificate chains were constructed successfully." testdescription="The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate E=piaakit@hotmail.com, CN=webmail.gemmali.hk, C=HK, Description=yJfW7J71X96VnYR1." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult elapsedMilliseconds="5" additionaldetails="The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled." resultdescription="Potential compatibility problems were identified with some versions of Windows." testdescription="Analyzing the certificate chains for compatibility problems with versions of Windows." contentUrl="" errorid="1339c33a-8f21-427b-a323-4cee1a13f517" status="Warning">

<children/>

</testresult>

</children>

</testresult>


-<testresult elapsedMilliseconds="0" additionaldetails="The certificate is valid. NotBefore = 10/17/2014 9:10:05 PM, NotAfter = 10/19/2015 4:36:33 AM" resultdescription="Date validation passed. The certificate hasn't expired." testdescription="Testing the certificate date to confirm the certificate is valid." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>

</children>

</testresult>


-<testresult elapsedMilliseconds="627" additionaldetails="Accept/Require Client Certificates isn't configured." resultdescription="Client certificate authentication wasn't detected." testdescription="Checking the IIS configuration for client certificate authentication." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult elapsedMilliseconds="1664" additionaldetails="" resultdescription="The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST." testdescription="Attempting to send an Autodiscover POST request to potential Autodiscover URLs." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">


-<children>


-<testresult elapsedMilliseconds="1663" additionaldetails="Autodiscover Account Settings XML response: <?xml version="1.0"?> <Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006"> <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a"> <User> <DisplayName>keith li</DisplayName> <LegacyDN>/o=pro/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=21e53d57fa3d4a8c8fd9f7159db06e61-keith li</LegacyDN> <DeploymentId>b9fd9747-3059-44b3-9c69-7dda73a24d80</DeploymentId> </User> <Account> <AccountType>email</AccountType> <Action>settings</Action> <Protocol> <Type>EXCH</Type> <Server>d24b9d17-f357-4a3b-bf4b-0344cb48e3b2@gemmali.hk</Server> <ServerDN>/o=pro/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=d24b9d17-f357-4a3b-bf4b-0344cb48e3b2@gemmali.hk</ServerDN> <ServerVersion>73C08204</ServerVersion> <MdbDN>/o=pro/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=d24b9d17-f357-4a3b-bf4b-0344cb48e3b2@gemmali.hk/cn=Microsoft Private MDB</MdbDN> <ASUrl>https://exserver.proserv.com/EWS/Exchange.asmx</ASUrl> <OOFUrl>https://exserver.proserv.com/EWS/Exchange.asmx</OOFUrl> <OABUrl>https://exserver.proserv.com/OAB/e804bf95-f608-4cc0-94bf-86d6595ab3f6/</OABUrl> <UMUrl>https://exserver.proserv.com/EWS/UM2007Legacy.asmx</UMUrl> <Port>0</Port> <DirectoryPort>0</DirectoryPort> <ReferralPort>0</ReferralPort> <PublicFolderServer>exserver.proserv.com</PublicFolderServer> <AD>exserver.proserv.com</AD> <EwsUrl>https://exserver.proserv.com/EWS/Exchange.asmx</EwsUrl> <EmwsUrl>https://exserver.proserv.com/EWS/Exchange.asmx</EmwsUrl> <EcpUrl>https://exserver.proserv.com/ecp/</EcpUrl> <EcpUrl-um>?rfr=olk&amp;p=customize/voicemail.aspx&amp;exsvurl=1&amp;realm=proserv.com</EcpUrl-um> <EcpUrl-aggr>?rfr=olk&amp;p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1&amp;realm=proserv.com</EcpUrl-aggr> <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&amp;exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;&amp;realm=proserv.com</EcpUrl-mt> <EcpUrl-ret>?rfr=olk&amp;p=organize/retentionpolicytags.slab&amp;exsvurl=1&amp;realm=proserv.com</EcpUrl-ret> <EcpUrl-sms>?rfr=olk&amp;p=sms/textmessaging.slab&amp;exsvurl=1&amp;realm=proserv.com</EcpUrl-sms> <EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&amp;exsvurl=1&amp;FldID=&lt;FldID&gt;&amp;realm=proserv.com</EcpUrl-publish> <EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&amp;chgPhoto=1&amp;exsvurl=1&amp;realm=proserv.com</EcpUrl-photo> <EcpUrl-tm>?rfr=olk&amp;ftr=TeamMailbox&amp;exsvurl=1&amp;realm=proserv.com</EcpUrl-tm> <EcpUrl-tmCreating>?rfr=olk&amp;ftr=TeamMailboxCreating&amp;SPUrl=&lt;SPUrl&gt;&amp;Title=&lt;Title&gt;&amp;SPTMAppUrl=&lt;SPTMAppUrl&gt;&amp;exsvurl=1&amp;realm=proserv.com</EcpUrl-tmCreating> <EcpUrl-tmEditing>?rfr=olk&amp;ftr=TeamMailboxEditing&amp;Id=&lt;Id&gt;&amp;exsvurl=1&amp;realm=proserv.com</EcpUrl-tmEditing> <EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&amp;exsvurl=1&amp;realm=proserv.com</EcpUrl-extinstall> <ServerExclusiveConnect>off</ServerExclusiveConnect> </Protocol> <Protocol> <Type>EXPR</Type> <Server>webmail.gemmali.hk</Server> <Port>0</Port> <DirectoryPort>0</DirectoryPort> <ReferralPort>0</ReferralPort> <SSL>On</SSL> <AuthPackage>Ntlm</AuthPackage> <ServerExclusiveConnect>on</ServerExclusiveConnect> </Protocol> <Protocol> <Type>WEB</Type> <Port>0</Port> <DirectoryPort>0</DirectoryPort> <ReferralPort>0</ReferralPort> <Internal> <OWAUrl AuthenticationMethod="Basic, Fba">https://exserver.proserv.com/owa/</OWAUrl> <Protocol> <Type>EXCH</Type> <ASUrl>https://exserver.proserv.com/EWS/Exchange.asmx</ASUrl> </Protocol> </Internal> </Protocol> <Protocol> <Type>EXHTTP</Type> <Server>exserver.proserv.com</Server> <ASUrl>https://exserver.proserv.com/EWS/Exchange.asmx</ASUrl> <OOFUrl>https://exserver.proserv.com/EWS/Exchange.asmx</OOFUrl> <OABUrl>https://exserver.proserv.com/OAB/e804bf95-f608-4cc0-94bf-86d6595ab3f6/</OABUrl> <UMUrl>https://exserver.proserv.com/EWS/UM2007Legacy.asmx</UMUrl> <Port>0</Port> <DirectoryPort>0</DirectoryPort> <ReferralPort>0</ReferralPort> <SSL>On</SSL> <AuthPackage>Ntlm</AuthPackage> <EwsUrl>https://exserver.proserv.com/EWS/Exchange.asmx</EwsUrl> <EmwsUrl>https://exserver.proserv.com/EWS/Exchange.asmx</EmwsUrl> <EcpUrl>https://exserver.proserv.com/ecp/</EcpUrl> <EcpUrl-um>?rfr=olk&amp;p=customize/voicemail.aspx&amp;exsvurl=1&amp;realm=proserv.com</EcpUrl-um> <EcpUrl-aggr>?rfr=olk&amp;p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1&amp;realm=proserv.com</EcpUrl-aggr> <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&amp;exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;&amp;realm=proserv.com</EcpUrl-mt> <EcpUrl-ret>?rfr=olk&amp;p=organize/retentionpolicytags.slab&amp;exsvurl=1&amp;realm=proserv.com</EcpUrl-ret> <EcpUrl-sms>?rfr=olk&amp;p=sms/textmessaging.slab&amp;exsvurl=1&amp;realm=proserv.com</EcpUrl-sms> <EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&amp;exsvurl=1&amp;FldID=&lt;FldID&gt;&amp;realm=proserv.com</EcpUrl-publish> <EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&amp;chgPhoto=1&amp;exsvurl=1&amp;realm=proserv.com</EcpUrl-photo> <EcpUrl-tm>?rfr=olk&amp;ftr=TeamMailbox&amp;exsvurl=1&amp;realm=proserv.com</EcpUrl-tm> <EcpUrl-tmCreating>?rfr=olk&amp;ftr=TeamMailboxCreating&amp;SPUrl=&lt;SPUrl&gt;&amp;Title=&lt;Title&gt;&amp;SPTMAppUrl=&lt;SPTMAppUrl&gt;&amp;exsvurl=1&amp;realm=proserv.com</EcpUrl-tmCreating> <EcpUrl-tmEditing>?rfr=olk&amp;ftr=TeamMailboxEditing&amp;Id=&lt;Id&gt;&amp;exsvurl=1&amp;realm=proserv.com</EcpUrl-tmEditing> <EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&amp;exsvurl=1&amp;realm=proserv.com</EcpUrl-extinstall> <ServerExclusiveConnect>On</ServerExclusiveConnect> </Protocol> <Protocol> <Type>EXHTTP</Type> <Server>webmail.gemmali.hk</Server> <Port>0</Port> <DirectoryPort>0</DirectoryPort> <ReferralPort>0</ReferralPort> <SSL>On</SSL> <AuthPackage>Ntlm</AuthPackage> <ServerExclusiveConnect>On</ServerExclusiveConnect> </Protocol> </Account> </Response> </Autodiscover> HTTP Response Headers: request-id: ce72b72d-7070-43e1-b460-a2dd0ac646e6 X-TargetBEServer: exserver.proserv.com X-DiagInfo: EXSERVER Persistent-Auth: true X-FEServer: EXSERVER Content-Length: 6563 Cache-Control: private Content-Type: text/xml; charset=utf-8 Date: Sun, 19 Oct 2014 03:51:23 GMT Set-Cookie: X-BackEndCookie=S-1-5-21-580020277-2009073952-2329768111-1132=u56Lnp2ejJqBzp7Km5qdxsbSy83JzdLLzMnL0sfMmprSncqenJzGzsbPyJnPgYHOz9DOxtDNz87L38vFz87FzczfvrI=; expires=Sun, 19-Oct-2014 04:01:23 GMT; path=/Autodiscover; secure; HttpOnly Server: Microsoft-IIS/8.5 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET " resultdescription="The Autodiscover XML response was successfully retrieved." testdescription="The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://gemmali.hk:443/Autodiscover/Autodiscover.xml for user keith@gemmali.hk." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>

</children>

</testresult>

</children>

</testresult>

</children>

</testresult>

</children>

</testresult>


-<testresult elapsedMilliseconds="0" additionaldetails="" resultdescription="The Microsoft Connectivity Analyzer validated the Outlook Autodiscover settings." testdescription="Autodiscover settings for Outlook connectivity are being validated." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult elapsedMilliseconds="24371" additionaldetails="HTTP Response Headers: request-id: adf04e97-b95f-4e50-b033-808333541fe7 X-FEServer: EXSERVER Content-Length: 0 Date: Sun, 19 Oct 2014 03:51:25 GMT Server: Microsoft-IIS/8.5 WWW-Authenticate: NTLM X-Powered-By: ASP.NET " resultdescription="RPC over HTTP connectivity was verified successfully." testdescription="Testing RPC over HTTP connectivity to server webmail.gemmali.hk" contentUrl="" errorid="734044ef-11c2-4e30-9ee6-450d49e9d92c" status="SuccessWithWarnings">


-<children>


-<testresult elapsedMilliseconds="421" additionaldetails="IP addresses returned: 113.28.54.219" resultdescription="The host name resolved successfully." testdescription="Attempting to resolve the host name webmail.gemmali.hk in DNS." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult elapsedMilliseconds="366" additionaldetails="" resultdescription="The port was opened successfully." testdescription="Testing TCP port 443 on host webmail.gemmali.hk to ensure it's listening and open." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult elapsedMilliseconds="393" additionaldetails="" resultdescription="The certificate passed all validation requirements." testdescription="Testing the SSL certificate to make sure it's valid." contentUrl="" errorid="734044ef-11c2-4e30-9ee6-450d49e9d92c" status="SuccessWithWarnings">


-<children>


-<testresult elapsedMilliseconds="307" additionaldetails="Remote Certificate Subject: E=piaakit@hotmail.com, CN=webmail.gemmali.hk, C=HK, Description=yJfW7J71X96VnYR1, Issuer: CN=StartCom Class 1 Primary Intermediate Server CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL." resultdescription="The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate." testdescription="The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server webmail.gemmali.hk on port 443." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult elapsedMilliseconds="0" additionaldetails="Host name webmail.gemmali.hk was found in the Certificate Subject Common name." resultdescription="The certificate name was validated successfully." testdescription="Validating the certificate name." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult additionaldetails="" resultdescription="The certificate is trusted and all certificates are present in the chain." testdescription="Certificate trust is being validated." contentUrl="" errorid="734044ef-11c2-4e30-9ee6-450d49e9d92c" status="SuccessWithWarnings">


-<children>


-<testresult elapsedMilliseconds="39" additionaldetails="A total of 1 chains were built. The highest quality chain ends in root certificate CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL." resultdescription="One or more certificate chains were constructed successfully." testdescription="The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate E=piaakit@hotmail.com, CN=webmail.gemmali.hk, C=HK, Description=yJfW7J71X96VnYR1." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult elapsedMilliseconds="5" additionaldetails="The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled." resultdescription="Potential compatibility problems were identified with some versions of Windows." testdescription="Analyzing the certificate chains for compatibility problems with versions of Windows." contentUrl="" errorid="1339c33a-8f21-427b-a323-4cee1a13f517" status="Warning">

<children/>

</testresult>

</children>

</testresult>


-<testresult elapsedMilliseconds="0" additionaldetails="The certificate is valid. NotBefore = 10/17/2014 9:10:05 PM, NotAfter = 10/19/2015 4:36:33 AM" resultdescription="Date validation passed. The certificate hasn't expired." testdescription="Testing the certificate date to confirm the certificate is valid." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>

</children>

</testresult>


-<testresult elapsedMilliseconds="635" additionaldetails="Accept/Require Client Certificates isn't configured." resultdescription="Client certificate authentication wasn't detected." testdescription="Checking the IIS configuration for client certificate authentication." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult elapsedMilliseconds="465" additionaldetails="The Microsoft Connectivity Analyzer found all expected authentication methods and no disallowed methods. Methods found: NTLM HTTP Response Headers: request-id: adf04e97-b95f-4e50-b033-808333541fe7 X-FEServer: EXSERVER Content-Length: 0 Date: Sun, 19 Oct 2014 03:51:25 GMT Server: Microsoft-IIS/8.5 WWW-Authenticate: NTLM X-Powered-By: ASP.NET " resultdescription="The HTTP authentication methods are correct." testdescription="Testing HTTP Authentication Methods for URL https://webmail.gemmali.hk/rpc/rpcproxy.dll?d24b9d17-f357-4a3b-bf4b-0344cb48e3b2@gemmali.hk:6002." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult elapsedMilliseconds="1745" additionaldetails="" resultdescription="RPC Proxy was pinged successfully." testdescription="Attempting to ping RPC proxy webmail.gemmali.hk." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult elapsedMilliseconds="912" additionaldetails="The endpoint responded in 921 ms." resultdescription="The endpoint was pinged successfully." testdescription="Attempting to ping the MAPI Mail Store endpoint with identity: d24b9d17-f357-4a3b-bf4b-0344cb48e3b2@gemmali.hk:6001." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult elapsedMilliseconds="6938" additionaldetails="" resultdescription="The address book endpoint was tested successfully." testdescription="Testing the MAPI Address Book endpoint on the Exchange server." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="SuccessWithWarnings">


-<children>


-<testresult elapsedMilliseconds="2040" additionaldetails="The endpoint responded in 31 ms." resultdescription="The endpoint was pinged successfully." testdescription="Attempting to ping the MAPI Address Book endpoint with identity: d24b9d17-f357-4a3b-bf4b-0344cb48e3b2@gemmali.hk:6004." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult elapsedMilliseconds="2645" additionaldetails="The address book Bind operation returned ecNotSupported. This typically indicates that your server requires encryption. The Microsoft Connectivity Analyzer will attempt the Address Book test again with encryption. NSPI Status: 2147746050 " resultdescription="The test passed with some warnings encountered. Please expand the additional details." testdescription="Testing the address book "Check Name" operation for user keith@gemmali.hk against server d24b9d17-f357-4a3b-bf4b-0344cb48e3b2@gemmali.hk." contentUrl="http://go.microsoft.com/?linkid=9843838" errorid="90fbd7ee-f1d5-4bb2-8231-700fa746d294" status="Warning">

<children/>

</testresult>


-<testresult elapsedMilliseconds="2252" additionaldetails="DisplayName: keith li, LegDN: /o=pro/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=21e53d57fa3d4a8c8fd9f7159db06e61-keith li" resultdescription="Check Name succeeded." testdescription="Testing the address book "Check Name" operation for user keith@gemmali.hk against server d24b9d17-f357-4a3b-bf4b-0344cb48e3b2@gemmali.hk." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>

</children>

</testresult>


-<testresult elapsedMilliseconds="8066" additionaldetails="" resultdescription="The Referral service was tested successfully." testdescription="Testing the MAPI Referral service on the Exchange Server." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">


-<children>


-<testresult elapsedMilliseconds="5442" additionaldetails="The endpoint responded in 422 ms." resultdescription="The endpoint was pinged successfully." testdescription="Attempting to ping the MAPI Referral Service endpoint with identity: d24b9d17-f357-4a3b-bf4b-0344cb48e3b2@gemmali.hk:6002." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult elapsedMilliseconds="2624" additionaldetails="The server returned by the Referral service: d24b9d17-f357-4a3b-bf4b-0344cb48e3b2@gemmali.hk" resultdescription="We got the address book server successfully." testdescription="Attempting to perform referral for user /o=pro/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=21e53d57fa3d4a8c8fd9f7159db06e61-keith li on server d24b9d17-f357-4a3b-bf4b-0344cb48e3b2@gemmali.hk." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>

</children>

</testresult>


-<testresult elapsedMilliseconds="3200" additionaldetails="" resultdescription="The address book endpoint was tested successfully." testdescription="Testing the MAPI Address Book endpoint on the Exchange server." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">


-<children>


-<testresult elapsedMilliseconds="862" additionaldetails="The endpoint responded in 859 ms." resultdescription="The endpoint was pinged successfully." testdescription="Attempting to ping the MAPI Address Book endpoint with identity: d24b9d17-f357-4a3b-bf4b-0344cb48e3b2@gemmali.hk:6004." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult elapsedMilliseconds="2338" additionaldetails="DisplayName: keith li, LegDN: /o=pro/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=21e53d57fa3d4a8c8fd9f7159db06e61-keith li" resultdescription="Check Name succeeded." testdescription="Testing the address book "Check Name" operation for user keith@gemmali.hk against server d24b9d17-f357-4a3b-bf4b-0344cb48e3b2@gemmali.hk." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>

</children>

</testresult>


-<testresult elapsedMilliseconds="1224" additionaldetails="" resultdescription="We successfully tested the Mail Store endpoint." testdescription="Testing the MAPI Mail Store endpoint on the Exchange server." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">


-<children>


-<testresult elapsedMilliseconds="506" additionaldetails="The endpoint responded in 500 ms." resultdescription="The endpoint was pinged successfully." testdescription="Attempting to ping the MAPI Mail Store endpoint with identity: d24b9d17-f357-4a3b-bf4b-0344cb48e3b2@gemmali.hk:6001." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult elapsedMilliseconds="718" additionaldetails="" resultdescription="We were able to log on to the Mailbox." testdescription="Attempting to log on to the Mailbox." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>

</children>

</testresult>

</children>

</testresult>

</children>

</testresult>
Avatar of suriyaehnop
suriyaehnop
Flag of Malaysia image
It seem that the testing for outlook anywhere is working fine.

Try to change the connection type in Outlook client from NTLN to Basic
Avatar of keith li
keith li
Flag of Hong Kong image

ASKER

You mean in outlook client outlook anywhere set to basic ? How about in exchange 2013 also to basic ?
Avatar of keith li
keith li
Flag of Hong Kong image

ASKER

Already tried to change from NTLN to Basic from server side and outlook client, also same error, anything i need to do ?
Avatar of keith li
keith li
Flag of Hong Kong image

ASKER

Is there something to do with the update root certificates ?

User generated image
Avatar of keith li
keith li
Flag of Hong Kong image

ASKER

Hope below result can help to figure out what went wrong

1.    Result after run Get-OutlookAnywhere |fl and then post here.

RunspaceId                         : 87c401d9-284e-432f-acf9-ae62e02a87eb
ServerName                         : EXSERVER
SSLOffloading                      : True
ExternalHostname                   : webmail.gemmali.hk
InternalHostname                   : exserver.proserv.com
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Basic
IISAuthenticationMethods           : {Basic}
XropUrl                            :
ExternalClientsRequireSsl          : True
InternalClientsRequireSsl          : True
MetabasePath                       : IIS://exserver.proserv.com/W3SVC/1/ROOT/Rpc
Path                               : E:\exchange\FrontEnd\HttpProxy\rpc
ExtendedProtectionTokenChecking    : None
ExtendedProtectionFlags            : {}
ExtendedProtectionSPNList          : {}
AdminDisplayVersion                : Version 15.0 (Build 516.32)
Server                             : EXSERVER
AdminDisplayName                   :
ExchangeVersion                    : 0.20 (15.0.0.0)
Name                               : Rpc (Default Web Site)
DistinguishedName                  : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols,CN=EXSERVER,CN=Servers,CN=Exchan
                                     Administrative Group (FYDIBOHF23SPDLT),CN=Administrative
                                     Groups,CN=pro,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=proserv,DC=
Identity                           : EXSERVER\Rpc (Default Web Site)
Guid                               : 148c47b5-f47a-4f2e-98f6-2723ebe8b33a
ObjectCategory                     : proserv.com/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
ObjectClass                        : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
WhenChanged                        : 10/19/2014 6:58:34 PM
WhenCreated                        : 10/15/2014 5:22:51 PM
WhenChangedUTC                     : 10/19/2014 10:58:34 AM
WhenCreatedUTC                     : 10/15/2014 9:22:51 AM
OrganizationId                     :
OriginatingServer                  : exserver.proserv.com
IsValid                            : True
ObjectState                        : Changed



2.    Result after  run Get-outlookprovider expr |fl and then post here.

RunspaceId           : 87c401d9-284e-432f-acf9-ae62e02a87eb
CertPrincipalName    :
Server               :
TTL                  : 1
OutlookProviderFlags : None
AdminDisplayName     :
ExchangeVersion      : 0.1 (8.0.535.0)
Name                 : EXPR
DistinguishedName    : CN=EXPR,CN=Outlook,CN=AutoDiscover,CN=Client Access,CN=pro,CN=Microsoft
                       Exchange,CN=Services,CN=Configuration,DC=proserv,DC=com
Identity             : EXPR
Guid                 : f739ad04-3be2-4f48-8be3-4ff94a7c0a07
ObjectCategory       : proserv.com/Configuration/Schema/ms-Exch-Auto-Discover-Config
ObjectClass          : {top, msExchAutoDiscoverConfig}
WhenChanged          : 10/15/2014 5:13:15 PM
WhenCreated          : 10/15/2014 5:13:15 PM
WhenChangedUTC       : 10/15/2014 9:13:15 AM
WhenCreatedUTC       : 10/15/2014 9:13:15 AM
OrganizationId       :
OriginatingServer    : exserver.proserv.com
IsValid              : True
ObjectState          : Unchanged



3.    Result after run https://domian.com/rpc/rpcproxy.dll and then post the result here.

it prompt for login, after logged in, show empty page


4.    After check settings on RPC virtual directory, if any redirection has been set there.

the check box was uncheck
Avatar of Simon Butler (Sembee)
Simon Butler (Sembee)
Flag of United Kingdom of Great Britain and Northern Ireland image
Are you currently connecting to Exchange with Outlook? If so, then you are currently using Outlook Anywhere. It is the ONLY connection method for Outlook with Exchange 2013, even internally.
The feature either works or it does not.

Does OWA work? Do you get any authentication prompts?
Does Outlook work internally correctly? If so, which authentication method are you using? NTLM authentication can often be broken by firewalls, so you may have to use basic.

In most environments on Exchange 2013, the only "configuration" of Outlook Anywhere you need to do is set an external URL and open port 443.

Simon.
Avatar of keith li
keith li
Flag of Hong Kong image

ASKER

OWA work perfectly well, external URL and port 443 already oened in firewall, since this is a new installed exchange 2013 haven't tested the internal outlook yet, and both in outlook client and exchange 2013 is using basic authentication, will test the internal outlook will let you know !
Avatar of keith li
keith li
Flag of Hong Kong image

ASKER

Just wonder in order to connect via outlook anywhere in remote network, do i need to connect the outlook client one time first in the same internal network as the exchange 2013 server, as i have tried to setup outlook anywhere in outlook client in remote site, and that outlook client had never connected with the exchange server in the past,
Avatar of Simon Butler (Sembee)
Simon Butler (Sembee)
Flag of United Kingdom of Great Britain and Northern Ireland image
For a remote client to work correctly you MUST have Autodiscover working. Autodiscover is not optional.
That means either having Autodiscover.example.com in the SSL certificate and DNS, or using SRV records in your external DNS.

Simon.
Avatar of keith li
keith li
Flag of Hong Kong image

ASKER

as checked the 3rd SSL Certificate, i cant see there is one for autodiscover.domain.com ssl , and i have a external DNS record for autodiscover.domain.com , is it something wrong with the ssl certificate ?


User generated image

User generated image
Avatar of keith li
keith li
Flag of Hong Kong image

ASKER

i,m getting below warning when doing a Autodiscover test, will that will affect the outlook anywhere connection ?


User generated image
User generated image
Avatar of Simon Butler (Sembee)
Simon Butler (Sembee)
Flag of United Kingdom of Great Britain and Northern Ireland image
Going by your first screenshot, you don't have autodiscover in the SSL certificate.
That means you need to configure an SRV record instead for external use and ensure that autodiscover.example.com does not resolve.

The second screen would only apply if the clients are not being updated with the latest root certificates.

Trust issues with the SSL certificate will stop Autodiscover from working correctly.

Simon.
Avatar of keith li
keith li
Flag of Hong Kong image

ASKER

does it means that i must have Autodiscover ssl certificate ? although i have a SRV Record for external autodiscover.example.com ?  how do i apple another ssl certificate for autodiscover ? and i,m using  3rd party  StartCom ssl certificate, hope you can help, thx !
Avatar of Simon Butler (Sembee)
Simon Butler (Sembee)
Flag of United Kingdom of Great Britain and Northern Ireland image
If you have an SRV record in place, then you MUST ensure that Autodiscover.example.com does NOT resolve. That will force Outlook and other Autodiscover clients to attempt the other methods with no errors.

Simon.
Avatar of keith li
keith li
Flag of Hong Kong image

ASKER

This is the dns setting from one of my dns server, as i do not have SSL Certificate for autodiscover.example.com (for this part i do not need to do anything more in ssl certificate ? am i correct) as for the SRV record you mention, i do need to create SRV record in my external dns ? is below step correct to create SRV record in external dns ? and in order to make the outlook anywhere work, is it for all the steps i need to do ?


Create and Verify DNS SRV and A Records for Client Automatic Client Sign-in

You must create DNS SRV records in your internal DNS for every SIP domain. The procedure assumes that your internal DNS has zones for your SIP user domains.



 
To create a DNS SRV record

1.       On the DNS server, click Start, click Control Panel, click Administrative Tools, and then click DNS.

2.       In the console tree for your SIP domain, expand Forward Lookup Zones, and then right-click the SIP domain in which your Office Communications Server will be installed.

3.       Click Other New Records.

4.       In Select a resource record type, click Service Location (SRV), and then click Create Record.

5.       Click Service, and then type _sipinternaltls.

6.       Click Protocol, and then type _tcp.

7.       Click Port Number, and then type 5061.

8.       Click Host offering this service, and then type the FQDN of the pool.

9.       Click OK.

10.    Click Done.



User generated image
Avatar of keith li
keith li
Flag of Hong Kong image

ASKER

Am i doing it correctly for new created SRV record ?

User generated image
User generated image
Avatar of Simon Butler (Sembee)
Simon Butler (Sembee)
Flag of United Kingdom of Great Britain and Northern Ireland image
You have posted instructions for SIP, not Autodiscover. Autodiscover requires different records.
http://semb.ee/srv

Furthermore, you have a DNS entry for Autodiscover in your second screenshot. As I said above, you need to ensure that Autodiscover does NOT resolve. Otherwise you would need to get a paid certificate rather than a free one, so that you can get a Unified Communications, aka multiple domain certificate and include Autodiscover as one of the additional hosts.

Simon.
Avatar of keith li
keith li
Flag of Hong Kong image

ASKER

Sorry simon i do not quite understand "you need to ensure that autodiscover does not resolve?does it means that i need to remove the external dns A record for autodiscover ? and i need SRV for autodiscover instead ? 

Would like to ask is below link correct way to create Autodiscover record in my external dns ? once i have created this record, i can start to test the outlook anywhere ? sorry for asking so many question as i am new in exchange, Thanks!


http://support2.microsoft.com/kb/940881
Avatar of Simon Butler (Sembee)
Simon Butler (Sembee)
Flag of United Kingdom of Great Britain and Northern Ireland image
I am not sure what else I can say.
For an SRV record to be used, the other methods have to fail.
For the other methods to fail that means the DNS entry for Autodiscover.example.com must not resolve. If it resolves to the Exchange server but is not on the SSL certificate, then it will fail on the SSL certificate, but the client will NOT attempt any other methods.

The KB article is correct for the SRV record.

Simon.
Avatar of keith li
keith li
Flag of Hong Kong image

ASKER

realized the ssl cerificate i applied is not contan autodiscover, and i created the SRV Record in my external dns server, is below look correct to you ?

User generated image
ASKER CERTIFIED SOLUTION
Avatar of Simon Butler (Sembee)
Simon Butler (Sembee)
Flag of United Kingdom of Great Britain and Northern Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of keith li
keith li
Flag of Hong Kong image

ASKER

yes it is in external DNS, just wonder i have created 2 SRV record on my 2 external dns server, the outlook anywhere seem still can not connect, and confirmed the free SSL Certificate dont contain autodiscover, and i created SRV Record on my 2 external DNS record, i,m doing the correct steps right ?