Solved

Can not connect Outlook Anywhere in exchange 2013

Posted on 2014-10-18
27
158 Views
Last Modified: 2016-03-11
Dear All


                Currently i have a exchange 2013, and i,m planning to setup outlook anywhere, already applied a 3rd party certificate from startcom and successfully imported to the exchange server, and below is the screenshot from exchange 2013 and outlook 2013, any area i have done wrong ? from outlook 2013 i wont be able to connect to outlook anywhere, Hope anyone can help with this, Thanks !

1
2
3
4

Keith
0
Comment
Question by:piaakit
  • 17
  • 7
  • 3
27 Comments
 

Author Comment

by:piaakit
ID: 40389210
the box keep poping up in outlook 2013

5
0
 
LVL 18

Expert Comment

by:suriyaehnop
ID: 40389552
On pictire no.3 could you click on services. Need to verify does the certificate had been assigned to any services
0
 

Author Comment

by:piaakit
ID: 40389590
is it correct ?


6
0
 
LVL 18

Expert Comment

by:suriyaehnop
ID: 40389593
Yes, it is correct, could you run connectivity analyzer again, and upload the full of testing in xml format
0
 

Author Comment

by:piaakit
ID: 40389629
There you go in english version


<?xml version="1.0" encoding="UTF-8"?>

-<testresult elapsedMilliseconds="28025" additionaldetails="" resultdescription="The Outlook connectivity test completed successfully." testdescription="Testing Outlook connectivity." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="SuccessWithWarnings">


-<children>


-<testresult elapsedMilliseconds="3652" additionaldetails="" resultdescription="Autodiscover was tested successfully." testdescription="The Microsoft Connectivity Analyzer is attempting to test Autodiscover for keith@gemmali.hk." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="SuccessWithWarnings">


-<children>


-<testresult elapsedMilliseconds="3652" additionaldetails="" resultdescription="The Autodiscover service was tested successfully." testdescription="Attempting each method of contacting the Autodiscover service." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="SuccessWithWarnings">


-<children>


-<testresult elapsedMilliseconds="3651" additionaldetails="" resultdescription="Testing of the Autodiscover URL was successful." testdescription="Attempting to test potential Autodiscover URL https://gemmali.hk:443/Autodiscover/Autodiscover.xml" contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="SuccessWithWarnings">


-<children>


-<testresult elapsedMilliseconds="497" additionaldetails="IP addresses returned: 113.28.54.219" resultdescription="The host name resolved successfully." testdescription="Attempting to resolve the host name gemmali.hk in DNS." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult elapsedMilliseconds="433" additionaldetails="" resultdescription="The port was opened successfully." testdescription="Testing TCP port 443 on host gemmali.hk to ensure it's listening and open." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult elapsedMilliseconds="428" additionaldetails="" resultdescription="The certificate passed all validation requirements." testdescription="Testing the SSL certificate to make sure it's valid." contentUrl="" errorid="734044ef-11c2-4e30-9ee6-450d49e9d92c" status="SuccessWithWarnings">


-<children>


-<testresult elapsedMilliseconds="334" additionaldetails="Remote Certificate Subject: E=piaakit@hotmail.com, CN=webmail.gemmali.hk, C=HK, Description=yJfW7J71X96VnYR1, Issuer: CN=StartCom Class 1 Primary Intermediate Server CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL." resultdescription="The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate." testdescription="The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server gemmali.hk on port 443." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult elapsedMilliseconds="1" additionaldetails="Host name gemmali.hk was found in the Certificate Subject Alternative Name entry." resultdescription="The certificate name was validated successfully." testdescription="Validating the certificate name." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult additionaldetails="" resultdescription="The certificate is trusted and all certificates are present in the chain." testdescription="Certificate trust is being validated." contentUrl="" errorid="734044ef-11c2-4e30-9ee6-450d49e9d92c" status="SuccessWithWarnings">


-<children>


-<testresult elapsedMilliseconds="37" additionaldetails="A total of 1 chains were built. The highest quality chain ends in root certificate CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL." resultdescription="One or more certificate chains were constructed successfully." testdescription="The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate E=piaakit@hotmail.com, CN=webmail.gemmali.hk, C=HK, Description=yJfW7J71X96VnYR1." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult elapsedMilliseconds="5" additionaldetails="The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled." resultdescription="Potential compatibility problems were identified with some versions of Windows." testdescription="Analyzing the certificate chains for compatibility problems with versions of Windows." contentUrl="" errorid="1339c33a-8f21-427b-a323-4cee1a13f517" status="Warning">

<children/>

</testresult>

</children>

</testresult>


-<testresult elapsedMilliseconds="0" additionaldetails="The certificate is valid. NotBefore = 10/17/2014 9:10:05 PM, NotAfter = 10/19/2015 4:36:33 AM" resultdescription="Date validation passed. The certificate hasn't expired." testdescription="Testing the certificate date to confirm the certificate is valid." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>

</children>

</testresult>


-<testresult elapsedMilliseconds="627" additionaldetails="Accept/Require Client Certificates isn't configured." resultdescription="Client certificate authentication wasn't detected." testdescription="Checking the IIS configuration for client certificate authentication." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult elapsedMilliseconds="1664" additionaldetails="" resultdescription="The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST." testdescription="Attempting to send an Autodiscover POST request to potential Autodiscover URLs." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">


-<children>


-<testresult elapsedMilliseconds="1663" additionaldetails="Autodiscover Account Settings XML response: <?xml version="1.0"?> <Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006"> <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a"> <User> <DisplayName>keith li</DisplayName> <LegacyDN>/o=pro/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=21e53d57fa3d4a8c8fd9f7159db06e61-keith li</LegacyDN> <DeploymentId>b9fd9747-3059-44b3-9c69-7dda73a24d80</DeploymentId> </User> <Account> <AccountType>email</AccountType> <Action>settings</Action> <Protocol> <Type>EXCH</Type> <Server>d24b9d17-f357-4a3b-bf4b-0344cb48e3b2@gemmali.hk</Server> <ServerDN>/o=pro/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=d24b9d17-f357-4a3b-bf4b-0344cb48e3b2@gemmali.hk</ServerDN> <ServerVersion>73C08204</ServerVersion> <MdbDN>/o=pro/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=d24b9d17-f357-4a3b-bf4b-0344cb48e3b2@gemmali.hk/cn=Microsoft Private MDB</MdbDN> <ASUrl>https://exserver.proserv.com/EWS/Exchange.asmx</ASUrl> <OOFUrl>https://exserver.proserv.com/EWS/Exchange.asmx</OOFUrl> <OABUrl>https://exserver.proserv.com/OAB/e804bf95-f608-4cc0-94bf-86d6595ab3f6/</OABUrl> <UMUrl>https://exserver.proserv.com/EWS/UM2007Legacy.asmx</UMUrl> <Port>0</Port> <DirectoryPort>0</DirectoryPort> <ReferralPort>0</ReferralPort> <PublicFolderServer>exserver.proserv.com</PublicFolderServer> <AD>exserver.proserv.com</AD> <EwsUrl>https://exserver.proserv.com/EWS/Exchange.asmx</EwsUrl> <EmwsUrl>https://exserver.proserv.com/EWS/Exchange.asmx</EmwsUrl> <EcpUrl>https://exserver.proserv.com/ecp/</EcpUrl> <EcpUrl-um>?rfr=olk&amp;p=customize/voicemail.aspx&amp;exsvurl=1&amp;realm=proserv.com</EcpUrl-um> <EcpUrl-aggr>?rfr=olk&amp;p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1&amp;realm=proserv.com</EcpUrl-aggr> <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&amp;exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;&amp;realm=proserv.com</EcpUrl-mt> <EcpUrl-ret>?rfr=olk&amp;p=organize/retentionpolicytags.slab&amp;exsvurl=1&amp;realm=proserv.com</EcpUrl-ret> <EcpUrl-sms>?rfr=olk&amp;p=sms/textmessaging.slab&amp;exsvurl=1&amp;realm=proserv.com</EcpUrl-sms> <EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&amp;exsvurl=1&amp;FldID=&lt;FldID&gt;&amp;realm=proserv.com</EcpUrl-publish> <EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&amp;chgPhoto=1&amp;exsvurl=1&amp;realm=proserv.com</EcpUrl-photo> <EcpUrl-tm>?rfr=olk&amp;ftr=TeamMailbox&amp;exsvurl=1&amp;realm=proserv.com</EcpUrl-tm> <EcpUrl-tmCreating>?rfr=olk&amp;ftr=TeamMailboxCreating&amp;SPUrl=&lt;SPUrl&gt;&amp;Title=&lt;Title&gt;&amp;SPTMAppUrl=&lt;SPTMAppUrl&gt;&amp;exsvurl=1&amp;realm=proserv.com</EcpUrl-tmCreating> <EcpUrl-tmEditing>?rfr=olk&amp;ftr=TeamMailboxEditing&amp;Id=&lt;Id&gt;&amp;exsvurl=1&amp;realm=proserv.com</EcpUrl-tmEditing> <EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&amp;exsvurl=1&amp;realm=proserv.com</EcpUrl-extinstall> <ServerExclusiveConnect>off</ServerExclusiveConnect> </Protocol> <Protocol> <Type>EXPR</Type> <Server>webmail.gemmali.hk</Server> <Port>0</Port> <DirectoryPort>0</DirectoryPort> <ReferralPort>0</ReferralPort> <SSL>On</SSL> <AuthPackage>Ntlm</AuthPackage> <ServerExclusiveConnect>on</ServerExclusiveConnect> </Protocol> <Protocol> <Type>WEB</Type> <Port>0</Port> <DirectoryPort>0</DirectoryPort> <ReferralPort>0</ReferralPort> <Internal> <OWAUrl AuthenticationMethod="Basic, Fba">https://exserver.proserv.com/owa/</OWAUrl> <Protocol> <Type>EXCH</Type> <ASUrl>https://exserver.proserv.com/EWS/Exchange.asmx</ASUrl> </Protocol> </Internal> </Protocol> <Protocol> <Type>EXHTTP</Type> <Server>exserver.proserv.com</Server> <ASUrl>https://exserver.proserv.com/EWS/Exchange.asmx</ASUrl> <OOFUrl>https://exserver.proserv.com/EWS/Exchange.asmx</OOFUrl> <OABUrl>https://exserver.proserv.com/OAB/e804bf95-f608-4cc0-94bf-86d6595ab3f6/</OABUrl> <UMUrl>https://exserver.proserv.com/EWS/UM2007Legacy.asmx</UMUrl> <Port>0</Port> <DirectoryPort>0</DirectoryPort> <ReferralPort>0</ReferralPort> <SSL>On</SSL> <AuthPackage>Ntlm</AuthPackage> <EwsUrl>https://exserver.proserv.com/EWS/Exchange.asmx</EwsUrl> <EmwsUrl>https://exserver.proserv.com/EWS/Exchange.asmx</EmwsUrl> <EcpUrl>https://exserver.proserv.com/ecp/</EcpUrl> <EcpUrl-um>?rfr=olk&amp;p=customize/voicemail.aspx&amp;exsvurl=1&amp;realm=proserv.com</EcpUrl-um> <EcpUrl-aggr>?rfr=olk&amp;p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1&amp;realm=proserv.com</EcpUrl-aggr> <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&amp;exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;&amp;realm=proserv.com</EcpUrl-mt> <EcpUrl-ret>?rfr=olk&amp;p=organize/retentionpolicytags.slab&amp;exsvurl=1&amp;realm=proserv.com</EcpUrl-ret> <EcpUrl-sms>?rfr=olk&amp;p=sms/textmessaging.slab&amp;exsvurl=1&amp;realm=proserv.com</EcpUrl-sms> <EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&amp;exsvurl=1&amp;FldID=&lt;FldID&gt;&amp;realm=proserv.com</EcpUrl-publish> <EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&amp;chgPhoto=1&amp;exsvurl=1&amp;realm=proserv.com</EcpUrl-photo> <EcpUrl-tm>?rfr=olk&amp;ftr=TeamMailbox&amp;exsvurl=1&amp;realm=proserv.com</EcpUrl-tm> <EcpUrl-tmCreating>?rfr=olk&amp;ftr=TeamMailboxCreating&amp;SPUrl=&lt;SPUrl&gt;&amp;Title=&lt;Title&gt;&amp;SPTMAppUrl=&lt;SPTMAppUrl&gt;&amp;exsvurl=1&amp;realm=proserv.com</EcpUrl-tmCreating> <EcpUrl-tmEditing>?rfr=olk&amp;ftr=TeamMailboxEditing&amp;Id=&lt;Id&gt;&amp;exsvurl=1&amp;realm=proserv.com</EcpUrl-tmEditing> <EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&amp;exsvurl=1&amp;realm=proserv.com</EcpUrl-extinstall> <ServerExclusiveConnect>On</ServerExclusiveConnect> </Protocol> <Protocol> <Type>EXHTTP</Type> <Server>webmail.gemmali.hk</Server> <Port>0</Port> <DirectoryPort>0</DirectoryPort> <ReferralPort>0</ReferralPort> <SSL>On</SSL> <AuthPackage>Ntlm</AuthPackage> <ServerExclusiveConnect>On</ServerExclusiveConnect> </Protocol> </Account> </Response> </Autodiscover> HTTP Response Headers: request-id: ce72b72d-7070-43e1-b460-a2dd0ac646e6 X-TargetBEServer: exserver.proserv.com X-DiagInfo: EXSERVER Persistent-Auth: true X-FEServer: EXSERVER Content-Length: 6563 Cache-Control: private Content-Type: text/xml; charset=utf-8 Date: Sun, 19 Oct 2014 03:51:23 GMT Set-Cookie: X-BackEndCookie=S-1-5-21-580020277-2009073952-2329768111-1132=u56Lnp2ejJqBzp7Km5qdxsbSy83JzdLLzMnL0sfMmprSncqenJzGzsbPyJnPgYHOz9DOxtDNz87L38vFz87FzczfvrI=; expires=Sun, 19-Oct-2014 04:01:23 GMT; path=/Autodiscover; secure; HttpOnly Server: Microsoft-IIS/8.5 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET " resultdescription="The Autodiscover XML response was successfully retrieved." testdescription="The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://gemmali.hk:443/Autodiscover/Autodiscover.xml for user keith@gemmali.hk." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>

</children>

</testresult>

</children>

</testresult>

</children>

</testresult>

</children>

</testresult>


-<testresult elapsedMilliseconds="0" additionaldetails="" resultdescription="The Microsoft Connectivity Analyzer validated the Outlook Autodiscover settings." testdescription="Autodiscover settings for Outlook connectivity are being validated." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult elapsedMilliseconds="24371" additionaldetails="HTTP Response Headers: request-id: adf04e97-b95f-4e50-b033-808333541fe7 X-FEServer: EXSERVER Content-Length: 0 Date: Sun, 19 Oct 2014 03:51:25 GMT Server: Microsoft-IIS/8.5 WWW-Authenticate: NTLM X-Powered-By: ASP.NET " resultdescription="RPC over HTTP connectivity was verified successfully." testdescription="Testing RPC over HTTP connectivity to server webmail.gemmali.hk" contentUrl="" errorid="734044ef-11c2-4e30-9ee6-450d49e9d92c" status="SuccessWithWarnings">


-<children>


-<testresult elapsedMilliseconds="421" additionaldetails="IP addresses returned: 113.28.54.219" resultdescription="The host name resolved successfully." testdescription="Attempting to resolve the host name webmail.gemmali.hk in DNS." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult elapsedMilliseconds="366" additionaldetails="" resultdescription="The port was opened successfully." testdescription="Testing TCP port 443 on host webmail.gemmali.hk to ensure it's listening and open." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult elapsedMilliseconds="393" additionaldetails="" resultdescription="The certificate passed all validation requirements." testdescription="Testing the SSL certificate to make sure it's valid." contentUrl="" errorid="734044ef-11c2-4e30-9ee6-450d49e9d92c" status="SuccessWithWarnings">


-<children>


-<testresult elapsedMilliseconds="307" additionaldetails="Remote Certificate Subject: E=piaakit@hotmail.com, CN=webmail.gemmali.hk, C=HK, Description=yJfW7J71X96VnYR1, Issuer: CN=StartCom Class 1 Primary Intermediate Server CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL." resultdescription="The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate." testdescription="The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server webmail.gemmali.hk on port 443." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult elapsedMilliseconds="0" additionaldetails="Host name webmail.gemmali.hk was found in the Certificate Subject Common name." resultdescription="The certificate name was validated successfully." testdescription="Validating the certificate name." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult additionaldetails="" resultdescription="The certificate is trusted and all certificates are present in the chain." testdescription="Certificate trust is being validated." contentUrl="" errorid="734044ef-11c2-4e30-9ee6-450d49e9d92c" status="SuccessWithWarnings">


-<children>


-<testresult elapsedMilliseconds="39" additionaldetails="A total of 1 chains were built. The highest quality chain ends in root certificate CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL." resultdescription="One or more certificate chains were constructed successfully." testdescription="The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate E=piaakit@hotmail.com, CN=webmail.gemmali.hk, C=HK, Description=yJfW7J71X96VnYR1." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult elapsedMilliseconds="5" additionaldetails="The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled." resultdescription="Potential compatibility problems were identified with some versions of Windows." testdescription="Analyzing the certificate chains for compatibility problems with versions of Windows." contentUrl="" errorid="1339c33a-8f21-427b-a323-4cee1a13f517" status="Warning">

<children/>

</testresult>

</children>

</testresult>


-<testresult elapsedMilliseconds="0" additionaldetails="The certificate is valid. NotBefore = 10/17/2014 9:10:05 PM, NotAfter = 10/19/2015 4:36:33 AM" resultdescription="Date validation passed. The certificate hasn't expired." testdescription="Testing the certificate date to confirm the certificate is valid." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>

</children>

</testresult>


-<testresult elapsedMilliseconds="635" additionaldetails="Accept/Require Client Certificates isn't configured." resultdescription="Client certificate authentication wasn't detected." testdescription="Checking the IIS configuration for client certificate authentication." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult elapsedMilliseconds="465" additionaldetails="The Microsoft Connectivity Analyzer found all expected authentication methods and no disallowed methods. Methods found: NTLM HTTP Response Headers: request-id: adf04e97-b95f-4e50-b033-808333541fe7 X-FEServer: EXSERVER Content-Length: 0 Date: Sun, 19 Oct 2014 03:51:25 GMT Server: Microsoft-IIS/8.5 WWW-Authenticate: NTLM X-Powered-By: ASP.NET " resultdescription="The HTTP authentication methods are correct." testdescription="Testing HTTP Authentication Methods for URL https://webmail.gemmali.hk/rpc/rpcproxy.dll?d24b9d17-f357-4a3b-bf4b-0344cb48e3b2@gemmali.hk:6002." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult elapsedMilliseconds="1745" additionaldetails="" resultdescription="RPC Proxy was pinged successfully." testdescription="Attempting to ping RPC proxy webmail.gemmali.hk." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult elapsedMilliseconds="912" additionaldetails="The endpoint responded in 921 ms." resultdescription="The endpoint was pinged successfully." testdescription="Attempting to ping the MAPI Mail Store endpoint with identity: d24b9d17-f357-4a3b-bf4b-0344cb48e3b2@gemmali.hk:6001." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult elapsedMilliseconds="6938" additionaldetails="" resultdescription="The address book endpoint was tested successfully." testdescription="Testing the MAPI Address Book endpoint on the Exchange server." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="SuccessWithWarnings">


-<children>


-<testresult elapsedMilliseconds="2040" additionaldetails="The endpoint responded in 31 ms." resultdescription="The endpoint was pinged successfully." testdescription="Attempting to ping the MAPI Address Book endpoint with identity: d24b9d17-f357-4a3b-bf4b-0344cb48e3b2@gemmali.hk:6004." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult elapsedMilliseconds="2645" additionaldetails="The address book Bind operation returned ecNotSupported. This typically indicates that your server requires encryption. The Microsoft Connectivity Analyzer will attempt the Address Book test again with encryption. NSPI Status: 2147746050 " resultdescription="The test passed with some warnings encountered. Please expand the additional details." testdescription="Testing the address book "Check Name" operation for user keith@gemmali.hk against server d24b9d17-f357-4a3b-bf4b-0344cb48e3b2@gemmali.hk." contentUrl="http://go.microsoft.com/?linkid=9843838" errorid="90fbd7ee-f1d5-4bb2-8231-700fa746d294" status="Warning">

<children/>

</testresult>


-<testresult elapsedMilliseconds="2252" additionaldetails="DisplayName: keith li, LegDN: /o=pro/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=21e53d57fa3d4a8c8fd9f7159db06e61-keith li" resultdescription="Check Name succeeded." testdescription="Testing the address book "Check Name" operation for user keith@gemmali.hk against server d24b9d17-f357-4a3b-bf4b-0344cb48e3b2@gemmali.hk." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>

</children>

</testresult>


-<testresult elapsedMilliseconds="8066" additionaldetails="" resultdescription="The Referral service was tested successfully." testdescription="Testing the MAPI Referral service on the Exchange Server." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">


-<children>


-<testresult elapsedMilliseconds="5442" additionaldetails="The endpoint responded in 422 ms." resultdescription="The endpoint was pinged successfully." testdescription="Attempting to ping the MAPI Referral Service endpoint with identity: d24b9d17-f357-4a3b-bf4b-0344cb48e3b2@gemmali.hk:6002." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult elapsedMilliseconds="2624" additionaldetails="The server returned by the Referral service: d24b9d17-f357-4a3b-bf4b-0344cb48e3b2@gemmali.hk" resultdescription="We got the address book server successfully." testdescription="Attempting to perform referral for user /o=pro/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=21e53d57fa3d4a8c8fd9f7159db06e61-keith li on server d24b9d17-f357-4a3b-bf4b-0344cb48e3b2@gemmali.hk." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>

</children>

</testresult>


-<testresult elapsedMilliseconds="3200" additionaldetails="" resultdescription="The address book endpoint was tested successfully." testdescription="Testing the MAPI Address Book endpoint on the Exchange server." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">


-<children>


-<testresult elapsedMilliseconds="862" additionaldetails="The endpoint responded in 859 ms." resultdescription="The endpoint was pinged successfully." testdescription="Attempting to ping the MAPI Address Book endpoint with identity: d24b9d17-f357-4a3b-bf4b-0344cb48e3b2@gemmali.hk:6004." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult elapsedMilliseconds="2338" additionaldetails="DisplayName: keith li, LegDN: /o=pro/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=21e53d57fa3d4a8c8fd9f7159db06e61-keith li" resultdescription="Check Name succeeded." testdescription="Testing the address book "Check Name" operation for user keith@gemmali.hk against server d24b9d17-f357-4a3b-bf4b-0344cb48e3b2@gemmali.hk." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>

</children>

</testresult>


-<testresult elapsedMilliseconds="1224" additionaldetails="" resultdescription="We successfully tested the Mail Store endpoint." testdescription="Testing the MAPI Mail Store endpoint on the Exchange server." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">


-<children>


-<testresult elapsedMilliseconds="506" additionaldetails="The endpoint responded in 500 ms." resultdescription="The endpoint was pinged successfully." testdescription="Attempting to ping the MAPI Mail Store endpoint with identity: d24b9d17-f357-4a3b-bf4b-0344cb48e3b2@gemmali.hk:6001." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>


-<testresult elapsedMilliseconds="718" additionaldetails="" resultdescription="We were able to log on to the Mailbox." testdescription="Attempting to log on to the Mailbox." contentUrl="" errorid="00000000-0000-0000-0000-000000000000" status="Success">

<children/>

</testresult>

</children>

</testresult>

</children>

</testresult>

</children>

</testresult>
0
 
LVL 18

Expert Comment

by:suriyaehnop
ID: 40389671
It seem that the testing for outlook anywhere is working fine.

Try to change the connection type in Outlook client from NTLN to Basic
0
 

Author Comment

by:piaakit
ID: 40389861
You mean in outlook client outlook anywhere set to basic ? How about in exchange 2013 also to basic ?
0
 

Author Comment

by:piaakit
ID: 40389898
Already tried to change from NTLN to Basic from server side and outlook client, also same error, anything i need to do ?
0
 

Author Comment

by:piaakit
ID: 40389993
Is there something to do with the update root certificates ?

root certificate
0
 

Author Comment

by:piaakit
ID: 40390086
Hope below result can help to figure out what went wrong

1.    Result after run Get-OutlookAnywhere |fl and then post here.

RunspaceId                         : 87c401d9-284e-432f-acf9-ae62e02a87eb
ServerName                         : EXSERVER
SSLOffloading                      : True
ExternalHostname                   : webmail.gemmali.hk
InternalHostname                   : exserver.proserv.com
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Basic
IISAuthenticationMethods           : {Basic}
XropUrl                            :
ExternalClientsRequireSsl          : True
InternalClientsRequireSsl          : True
MetabasePath                       : IIS://exserver.proserv.com/W3SVC/1/ROOT/Rpc
Path                               : E:\exchange\FrontEnd\HttpProxy\rpc
ExtendedProtectionTokenChecking    : None
ExtendedProtectionFlags            : {}
ExtendedProtectionSPNList          : {}
AdminDisplayVersion                : Version 15.0 (Build 516.32)
Server                             : EXSERVER
AdminDisplayName                   :
ExchangeVersion                    : 0.20 (15.0.0.0)
Name                               : Rpc (Default Web Site)
DistinguishedName                  : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols,CN=EXSERVER,CN=Servers,CN=Exchan
                                     Administrative Group (FYDIBOHF23SPDLT),CN=Administrative
                                     Groups,CN=pro,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=proserv,DC=
Identity                           : EXSERVER\Rpc (Default Web Site)
Guid                               : 148c47b5-f47a-4f2e-98f6-2723ebe8b33a
ObjectCategory                     : proserv.com/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
ObjectClass                        : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
WhenChanged                        : 10/19/2014 6:58:34 PM
WhenCreated                        : 10/15/2014 5:22:51 PM
WhenChangedUTC                     : 10/19/2014 10:58:34 AM
WhenCreatedUTC                     : 10/15/2014 9:22:51 AM
OrganizationId                     :
OriginatingServer                  : exserver.proserv.com
IsValid                            : True
ObjectState                        : Changed



2.    Result after  run Get-outlookprovider expr |fl and then post here.

RunspaceId           : 87c401d9-284e-432f-acf9-ae62e02a87eb
CertPrincipalName    :
Server               :
TTL                  : 1
OutlookProviderFlags : None
AdminDisplayName     :
ExchangeVersion      : 0.1 (8.0.535.0)
Name                 : EXPR
DistinguishedName    : CN=EXPR,CN=Outlook,CN=AutoDiscover,CN=Client Access,CN=pro,CN=Microsoft
                       Exchange,CN=Services,CN=Configuration,DC=proserv,DC=com
Identity             : EXPR
Guid                 : f739ad04-3be2-4f48-8be3-4ff94a7c0a07
ObjectCategory       : proserv.com/Configuration/Schema/ms-Exch-Auto-Discover-Config
ObjectClass          : {top, msExchAutoDiscoverConfig}
WhenChanged          : 10/15/2014 5:13:15 PM
WhenCreated          : 10/15/2014 5:13:15 PM
WhenChangedUTC       : 10/15/2014 9:13:15 AM
WhenCreatedUTC       : 10/15/2014 9:13:15 AM
OrganizationId       :
OriginatingServer    : exserver.proserv.com
IsValid              : True
ObjectState          : Unchanged



3.    Result after run https://domian.com/rpc/rpcproxy.dll and then post the result here.

it prompt for login, after logged in, show empty page


4.    After check settings on RPC virtual directory, if any redirection has been set there.

the check box was uncheck
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40390385
Are you currently connecting to Exchange with Outlook? If so, then you are currently using Outlook Anywhere. It is the ONLY connection method for Outlook with Exchange 2013, even internally.
The feature either works or it does not.

Does OWA work? Do you get any authentication prompts?
Does Outlook work internally correctly? If so, which authentication method are you using? NTLM authentication can often be broken by firewalls, so you may have to use basic.

In most environments on Exchange 2013, the only "configuration" of Outlook Anywhere you need to do is set an external URL and open port 443.

Simon.
0
 

Author Comment

by:piaakit
ID: 40391071
OWA work perfectly well, external URL and port 443 already oened in firewall, since this is a new installed exchange 2013 haven't tested the internal outlook yet, and both in outlook client and exchange 2013 is using basic authentication, will test the internal outlook will let you know !
0
 

Author Comment

by:piaakit
ID: 40401266
Just wonder in order to connect via outlook anywhere in remote network, do i need to connect the outlook client one time first in the same internal network as the exchange 2013 server, as i have tried to setup outlook anywhere in outlook client in remote site, and that outlook client had never connected with the exchange server in the past,
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40401792
For a remote client to work correctly you MUST have Autodiscover working. Autodiscover is not optional.
That means either having Autodiscover.example.com in the SSL certificate and DNS, or using SRV records in your external DNS.

Simon.
0
 

Author Comment

by:piaakit
ID: 40403516
as checked the 3rd SSL Certificate, i cant see there is one for autodiscover.domain.com ssl , and i have a external DNS record for autodiscover.domain.com , is it something wrong with the ssl certificate ?


1

2
0
 

Author Comment

by:piaakit
ID: 40403806
i,m getting below warning when doing a Autodiscover test, will that will affect the outlook anywhere connection ?


1
2
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40405171
Going by your first screenshot, you don't have autodiscover in the SSL certificate.
That means you need to configure an SRV record instead for external use and ensure that autodiscover.example.com does not resolve.

The second screen would only apply if the clients are not being updated with the latest root certificates.

Trust issues with the SSL certificate will stop Autodiscover from working correctly.

Simon.
0
 

Author Comment

by:piaakit
ID: 40405783
does it means that i must have Autodiscover ssl certificate ? although i have a SRV Record for external autodiscover.example.com ?  how do i apple another ssl certificate for autodiscover ? and i,m using  3rd party  StartCom ssl certificate, hope you can help, thx !
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40407360
If you have an SRV record in place, then you MUST ensure that Autodiscover.example.com does NOT resolve. That will force Outlook and other Autodiscover clients to attempt the other methods with no errors.

Simon.
0
 

Author Comment

by:piaakit
ID: 40408287
This is the dns setting from one of my dns server, as i do not have SSL Certificate for autodiscover.example.com (for this part i do not need to do anything more in ssl certificate ? am i correct) as for the SRV record you mention, i do need to create SRV record in my external dns ? is below step correct to create SRV record in external dns ? and in order to make the outlook anywhere work, is it for all the steps i need to do ?


Create and Verify DNS SRV and A Records for Client Automatic Client Sign-in

You must create DNS SRV records in your internal DNS for every SIP domain. The procedure assumes that your internal DNS has zones for your SIP user domains.



 
To create a DNS SRV record

1.       On the DNS server, click Start, click Control Panel, click Administrative Tools, and then click DNS.

2.       In the console tree for your SIP domain, expand Forward Lookup Zones, and then right-click the SIP domain in which your Office Communications Server will be installed.

3.       Click Other New Records.

4.       In Select a resource record type, click Service Location (SRV), and then click Create Record.

5.       Click Service, and then type _sipinternaltls.

6.       Click Protocol, and then type _tcp.

7.       Click Port Number, and then type 5061.

8.       Click Host offering this service, and then type the FQDN of the pool.

9.       Click OK.

10.    Click Done.



DNS
0
 

Author Comment

by:piaakit
ID: 40408307
Am i doing it correctly for new created SRV record ?

1
2
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40408313
You have posted instructions for SIP, not Autodiscover. Autodiscover requires different records.
http://semb.ee/srv

Furthermore, you have a DNS entry for Autodiscover in your second screenshot. As I said above, you need to ensure that Autodiscover does NOT resolve. Otherwise you would need to get a paid certificate rather than a free one, so that you can get a Unified Communications, aka multiple domain certificate and include Autodiscover as one of the additional hosts.

Simon.
0
 

Author Comment

by:piaakit
ID: 40411046
Sorry simon i do not quite understand "you need to ensure that autodiscover does not resolve?does it means that i need to remove the external dns A record for autodiscover ? and i need SRV for autodiscover instead ? 

Would like to ask is below link correct way to create Autodiscover record in my external dns ? once i have created this record, i can start to test the outlook anywhere ? sorry for asking so many question as i am new in exchange, Thanks!


http://support2.microsoft.com/kb/940881
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40411278
I am not sure what else I can say.
For an SRV record to be used, the other methods have to fail.
For the other methods to fail that means the DNS entry for Autodiscover.example.com must not resolve. If it resolves to the Exchange server but is not on the SSL certificate, then it will fail on the SSL certificate, but the client will NOT attempt any other methods.

The KB article is correct for the SRV record.

Simon.
0
 

Author Comment

by:piaakit
ID: 40425390
realized the ssl cerificate i applied is not contan autodiscover, and i created the SRV Record in my external dns server, is below look correct to you ?

SRV Record
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 40425716
Is that your public DNS? If so it is fine, If not then you have done it in the wrong place.

Simon.
0
 

Author Comment

by:piaakit
ID: 40427561
yes it is in external DNS, just wonder i have created 2 SRV record on my 2 external dns server, the outlook anywhere seem still can not connect, and confirmed the free SSL Certificate dont contain autodiscover, and i created SRV Record on my 2 external DNS record, i,m doing the correct steps right ?
0

Featured Post

Integrate social media with email signatures

Is your company active on social media? Do you also use email signatures? Including social media icons in your email signature is a great way to get fans for free. Let all your email users know you’re on social media quickly and easily, in a single click.

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now