[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 461
  • Last Modified:

Cannot connect Outlook 2007 to Exchange 2013

I'm in the process of migrating mailboxes over to exchange 2013 server from exchange 2007 server.  Mailflow is still configured through exchange 2007.  I migrated a single mailbox from ex2007 to ex2013 and attempted to connect from a 2007 client and I can't seem to do it.  The client computer is running Win8.1 Pro 64bit with Outlook 2007 sp3 + Nov 2012 patch.  I'm not exactly sure how the email profile should be configured in order to connect.  I'd like to get this worked out first before I continue on with the migration.  I haven't configured a new owa certificate for ex2013 yet because I was thinking I could test LAN connectivity first before I redirect the OWA flow.  Some guidance would be appreciated very much.  Thanks.

Pete
0
sndmnsix
Asked:
sndmnsix
  • 22
  • 6
  • 6
  • +2
3 Solutions
 
sndmnsixAuthor Commented:
Unfortunately, this company doesn't have any licensing for outlook 2010.   Do you think I can download on a trial basis?
0
 
sndmnsixAuthor Commented:
Are there any common Outlook 2007 configuration problems that have seemed to be issues in the past that I could check on?  I'll work on getting a copy of office 2010 for troubleshooting purposes in the meantime.  thanks.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
sndmnsixAuthor Commented:
I recently discovered that I can connect to that mailbox via owa if that helps you.
0
 
David Paris VicenteCommented:
Can you provide more intel.

What happens when outlook try to connect?
What is reported when you ctrl+right click the Outlook Icon in your bottom right corner and choose test email configuration, insert the email address and password or Run -> Outlook /rpcdiag and check what is reported.

Also if you can provide intel about your virtual directories.
•Get-WebServicesVirtualDirectory
•Get-OwaVirtualDirectory
•Get-ActiveSyncVirtualDirectory
•Get-AutodiscoverVirtualDirectory
•Get-EcpVirtualDirectory


Regards
0
 
sndmnsixAuthor Commented:
Thanks...I'll gather those things for you
0
 
Gareth GudgerCommented:
I haven't configured a new owa certificate for ex2013 yet because I was thinking I could test LAN connectivity first before I redirect the OWA flow.

I always recommend to get your certificate and URLs in place before attempting to connect with Outlook. I assume you can log in via 2013 OWA with this moved user okay?

Check my article on 2013 namespace design, DNS, certificates and URL configuration.
https://supertekboy.com/2014/07/08/designing-simple-namespace-exchange-2013/
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
When first create an Outlook profile for this user does autodiscover find the mailbox etc? Does Outlook even open? Also when you launch outlook hold crtl+right click and check the Connection Status. You should see the mailbox GUID and it attempting to connect.

Certs are not manditory to get this working for this one individual user (you will receive a lot of cert errors) but as Gareth stated it is a best practice to have all certs in place before moving mailboxes to the new Exchange environment.

Will.
0
 
sndmnsixAuthor Commented:
I always recommend to get your certificate and URLs in place before attempting to connect with Outlook. I assume you can log in via 2013 OWA with this moved user okay?

Yes, on the moved user's mailbox, I was able to access OWA successfully from the same machine.
0
 
sndmnsixAuthor Commented:
When first create an Outlook profile for this user does autodiscover find the mailbox etc? Does Outlook even open? Also when you launch outlook hold crtl+right click and check the Connection Status. You should see the mailbox GUID and it attempting to connect.

 Certs are not manditory to get this working for this one individual user (you will receive a lot of cert errors) but as Gareth stated it is a best practice to have all certs in place before moving mailboxes to the new Exchange environment.

**
The autodiscover does find the mailbox when I first set up the user for an outlook profile.  I'll check on the ctrl+right click and see what I get.  Thanks
0
 
sndmnsixAuthor Commented:
What happens when outlook try to connect?
 What is reported when you ctrl+right click the Outlook Icon in your bottom right corner and choose test email configuration, insert the email address and password or Run -> Outlook /rpcdiag and check what is reported
.

When I run outlook /rpcdiag:
I get a CID value of 6, null data for proxy server, server field is populated, empty brackets "[]" for Auth, empty brackets for encryption, RPCport has null data, and Type is Directory.

I'm actually running an remote desktop session to the client computer right now so I couldn't right-click successfully.  Thanks
0
 
sndmnsixAuthor Commented:
Hi David,
When I try to get the virtual directory information, I can't read everything on the screen.  Is there a way to pipe the return data so I can see everything returned?

Also if you can provide intel about your virtual directories.
•Get-WebServicesVirtualDirectory
•Get-OwaVirtualDirectory
•Get-ActiveSyncVirtualDirectory
•Get-AutodiscoverVirtualDirectory
•Get-EcpVirtualDirectory
0
 
Gareth GudgerCommented:
Hey sndmnsix,

You can do each command like this for example. This will dump it to a text file on the C: drive called EWS.TXT. Then you can attach those text files here. Or cut and paste.

Get-WebServicesVirtualDirectory >> c:\ews.txt

Open in new window


Also, Outlook 2007 is a very old client. Can you confirm if you have the latest service packs and updates applied to Outlook? Any luck with the Outlook 2010 client? Maybe you could get a trial of 2013 from Microsoft?
http://www.microsoft.com/en-us/evalcenter/evaluate-office-professional-plus-2013
0
 
sndmnsixAuthor Commented:
thanks Gareth,
Here's the data returned.

EWS:      https://servername/EWS/Exchange.asmx
OWA:      https://servername/OWA
ASYNC:      https://servername/Microsoft-Server-ActiveSync
ECP:        https://servername/ECP
Auto:      Return the servername only.
0
 
David Paris VicenteCommented:
Hi sndmnsix,

do it like Gareth said  will be more easy to check the info, and check your internal and external url's for the directories.
0
 
sndmnsixAuthor Commented:
Hi David,
When I run the get commands to return the URLs, I'm not getting more than just 1 virtual directory.  Not sure where I would look for the secondary URL.  When I run the Get commands, am I receiving the internal URLs?  It would seem so since its returning NetBIOS names.  Thanks

Pete
0
 
sndmnsixAuthor Commented:
Oh, I'm sorry I see now.  I checked the ECP,EWS,EAS, and OWA virtual directory and there wasn't an external URL assigned yet for any of them.
0
 
David Paris VicenteCommented:
At least check the autodiscover virtual directory  because AutoDiscover feature in Exchange 2013 let’s client application such as Office Outlook 2007, 2010 and 2013 to connect to Exchange server automatically. AutoDiscover feature automatically discovers the mailbox settings for user profile in Office Outlook application. AutoDiscover also works for supported mobile applications. In Exchange 2013, you must configure URLs for AutoDiscover service via Exchange Management Shell.
The command below will configure the URL for AutoDiscover service.

Set-ClientAccessServer -Identity "Name of the server" -AutoDiscoverServiceInternalUri https://autodiscover.yourdomain.com/Autodiscover/Autodiscover.xml

Open in new window

then use this one to check
Get-ClientAccessServer | FL AutoDiscoverServiceInternalUri 

Open in new window


After this use the test email configuration in outlook to see if Outlook is detecting the autodiscover url and if is pointing to the correct one.
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Just for your reference for on screen to show it for all CAS servers in the environment easily use the following PS command.

Get-WebServicesVirtualDirectory | fl Identity, Internal*, External*

Open in new window


You can use this piped command for all of the PS virtual directory commands get-owavirtualdirectory, get-activesyncvirtualdirectory etc.

Will.
0
 
sndmnsixAuthor Commented:
Hi David,
When I run Get-ClientAccessServer | FL AutoDiscoverServiceInternalURi, this is what is returned.   Doesn't seem right.  Would the InternalUri be the machine name of the exchange server?


AutoDiscoverServiceInternalUri : https://{externalservername}/autodiscover/autodiscover.xml

AutoDiscoverServiceInternalUri : https://{autodiscover.domain}/Autodiscover/Autodiscover.xml
0
 
sndmnsixAuthor Commented:
Hi Will,
Thanks for that.  I'll keep that in my book.  

Pete
0
 
David Paris VicenteCommented:
Can you past here the output??
0
 
sndmnsixAuthor Commented:
When I run this

[PS] C:\Windows\system32>Get-Autodiscovervirtualdirectory | fl Identity, Internal*, External*


Identity                      : {ex2007server\Autodiscover (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
InternalUrl                   :
ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
ExternalUrl                   :

Identity                      : ex2013server\Autodiscover (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity, OAuth}
InternalUrl                   :
ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity, OAuth}
ExternalUrl                   :
0
 
sndmnsixAuthor Commented:
Hi David,

Below is the capture of that command:

[PS] C:\Windows\system32>Get-ClientAccessServer | FL AutoDiscoverServiceInternalUri


AutoDiscoverServiceInternalUri : https://{externalname.domain.com/autodiscover/autodiscover.xml

AutoDiscoverServiceInternalUri : https://autodiscover.domain.com/Autodiscover/Autodiscover.xml
0
 
David Paris VicenteCommented:
That it seems correct, but as you can see your autodiscover is pointing to an externalname.domain.com and you didn't setup a certificate for Exchange 2013 to answer for that name.

You can export the certificate from the Exchange 2007 and install it in the 2013 and set up the services that will answer by that externalname (SMTP,OWA, etc).
You should also set up the external url for the other services to the externalname.domain.com

Let us know if helped.
0
 
sndmnsixAuthor Commented:
Hi David,
If I try to export the certificate from 2007, it won't let me export the private key.  I kinda assuming this is a necessity for this to be successful right ?

Pete
0
 
David Paris VicenteCommented:
Yeap.

You need to Export the certificate with private key from the IIS server where it is installed the Exchange 2007.
0
 
Gareth GudgerCommented:
If you can't export the cert, you should be able to go back to whoever issued it and ask for it to be rekeyed.
0
 
sndmnsixAuthor Commented:
Hi David,
The reissued certificate has been install and tested successfully with this site:
https://testconnectivity.microsoft.com/

The hostname which is returned regarding the internalUri is pointed to the new exchange server internally.  The record already exisited but was pointing to the 2007 server.  I pointed it to the new server's private IP.

AutoDiscoverServiceInternalUri : https://{externalname.domain.com}/Autodiscover/Autodiscover.xml

On a side note:
When I go to reconfigure the outlook 2007 profile, I'll try to specify the new server that this person's mailbox is on but it can't resolve the account.  If I specify the old server, it immediate changes the name to the new server and then resolves the name ???  It's strange how I can't just type in the new server name for resolution.

Pete
0
 
sndmnsixAuthor Commented:
If you can't export the cert, you should be able to go back to whoever issued it and ask for it to be rekeyed.

Hi Gareth,
Yep.. I went ahead and did that.  Everything checks out in those regards.  I read your article about split brain DNS.  There was already a record there for the hostname that would resolve externally so I just changed it to point to the internal address of the 2013 server.   Let me know what you think.

Pete
0
 
Gareth GudgerCommented:
Just to clarify. So your environment was configured for split-brain already. You had a record for autodiscover.yourdomain.com and you changed that from the IP of 2007 to the IP of 2013. If so, that is fine. :)

So, to go back to when you said you can't resolve with the new server name. You said the autodiscover test succeeds at https://testconnectivity.microsoft.com/. Is your autodiscover DNS record externally pointing to the 2013 server? Just want to make sure the test isn't succeeding against the old 2007 server.
0
 
sndmnsixAuthor Commented:
Hi Gareth,
After the test, I went ahead to the secured owa website of that domain and logged in as a valid user who currently exists on the new 2013 box.  Seemed to test out perfectly.  

I'm not really sure if I'm split-brain or not.  Anyway I could find out if I did this part right?
0
 
Gareth GudgerCommented:
Generally if you have a zone on your internal DNS servers for your external DNS namespace and those external DNS entries point to the internal IPs of the servers, that is split brain DNS. Also, all your internal URLs and external URLs in Exchange would be configured with the same value.

Lastly, did you confirm whether Outlook 2007 was fully patched? Or did you get a trial of 2013?
0
 
sndmnsixAuthor Commented:
OH.. I'll check the 2007 client version real quick.  I'm fairly certain they are.  

As far as zones are concerned.  I only have one lookup zone.  Do I need to create another zone and make a new record for that host ?  Does the hostname need to exist on both zones with public and private addressing ?
0
 
sndmnsixAuthor Commented:
Outlook 2007 (12.0.6665.5003) SP3 MSO (12.0.6607.1000)
0
 
sndmnsixAuthor Commented:
As a result of the certificate reissue and proper DNS records the 2007 client can finally connect to the mailbox.  Thanks very much guys for your patience on this one.  I learned some very valuable things from this.  Take care and happy new year.

Pete
0
 
Gareth GudgerCommented:
Glad to help Pete!
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

  • 22
  • 6
  • 6
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now