Solved

Cannot connect Outlook 2007 to Exchange 2013

Posted on 2015-01-02
37
395 Views
Last Modified: 2015-01-04
I'm in the process of migrating mailboxes over to exchange 2013 server from exchange 2007 server.  Mailflow is still configured through exchange 2007.  I migrated a single mailbox from ex2007 to ex2013 and attempted to connect from a 2007 client and I can't seem to do it.  The client computer is running Win8.1 Pro 64bit with Outlook 2007 sp3 + Nov 2012 patch.  I'm not exactly sure how the email profile should be configured in order to connect.  I'd like to get this worked out first before I continue on with the migration.  I haven't configured a new owa certificate for ex2013 yet because I was thinking I could test LAN connectivity first before I redirect the OWA flow.  Some guidance would be appreciated very much.  Thanks.

Pete
0
Comment
Question by:sndmnsix
  • 22
  • 6
  • 6
  • +2
37 Comments
 
LVL 19

Expert Comment

by:R--R
Comment Utility
0
 

Author Comment

by:sndmnsix
Comment Utility
Unfortunately, this company doesn't have any licensing for outlook 2010.   Do you think I can download on a trial basis?
0
 

Author Comment

by:sndmnsix
Comment Utility
Are there any common Outlook 2007 configuration problems that have seemed to be issues in the past that I could check on?  I'll work on getting a copy of office 2010 for troubleshooting purposes in the meantime.  thanks.
0
 

Author Comment

by:sndmnsix
Comment Utility
I recently discovered that I can connect to that mailbox via owa if that helps you.
0
 
LVL 12

Expert Comment

by:David Paris Vicente
Comment Utility
Can you provide more intel.

What happens when outlook try to connect?
What is reported when you ctrl+right click the Outlook Icon in your bottom right corner and choose test email configuration, insert the email address and password or Run -> Outlook /rpcdiag and check what is reported.

Also if you can provide intel about your virtual directories.
•Get-WebServicesVirtualDirectory
•Get-OwaVirtualDirectory
•Get-ActiveSyncVirtualDirectory
•Get-AutodiscoverVirtualDirectory
•Get-EcpVirtualDirectory


Regards
0
 

Author Comment

by:sndmnsix
Comment Utility
Thanks...I'll gather those things for you
0
 
LVL 30

Expert Comment

by:Gareth Gudger
Comment Utility
I haven't configured a new owa certificate for ex2013 yet because I was thinking I could test LAN connectivity first before I redirect the OWA flow.

I always recommend to get your certificate and URLs in place before attempting to connect with Outlook. I assume you can log in via 2013 OWA with this moved user okay?

Check my article on 2013 namespace design, DNS, certificates and URL configuration.
https://supertekboy.com/2014/07/08/designing-simple-namespace-exchange-2013/
0
 
LVL 53

Expert Comment

by:Will Szymkowski
Comment Utility
When first create an Outlook profile for this user does autodiscover find the mailbox etc? Does Outlook even open? Also when you launch outlook hold crtl+right click and check the Connection Status. You should see the mailbox GUID and it attempting to connect.

Certs are not manditory to get this working for this one individual user (you will receive a lot of cert errors) but as Gareth stated it is a best practice to have all certs in place before moving mailboxes to the new Exchange environment.

Will.
0
 

Author Comment

by:sndmnsix
Comment Utility
I always recommend to get your certificate and URLs in place before attempting to connect with Outlook. I assume you can log in via 2013 OWA with this moved user okay?

Yes, on the moved user's mailbox, I was able to access OWA successfully from the same machine.
0
 

Author Comment

by:sndmnsix
Comment Utility
When first create an Outlook profile for this user does autodiscover find the mailbox etc? Does Outlook even open? Also when you launch outlook hold crtl+right click and check the Connection Status. You should see the mailbox GUID and it attempting to connect.

 Certs are not manditory to get this working for this one individual user (you will receive a lot of cert errors) but as Gareth stated it is a best practice to have all certs in place before moving mailboxes to the new Exchange environment.

**
The autodiscover does find the mailbox when I first set up the user for an outlook profile.  I'll check on the ctrl+right click and see what I get.  Thanks
0
 

Author Comment

by:sndmnsix
Comment Utility
What happens when outlook try to connect?
 What is reported when you ctrl+right click the Outlook Icon in your bottom right corner and choose test email configuration, insert the email address and password or Run -> Outlook /rpcdiag and check what is reported
.

When I run outlook /rpcdiag:
I get a CID value of 6, null data for proxy server, server field is populated, empty brackets "[]" for Auth, empty brackets for encryption, RPCport has null data, and Type is Directory.

I'm actually running an remote desktop session to the client computer right now so I couldn't right-click successfully.  Thanks
0
 

Author Comment

by:sndmnsix
Comment Utility
Hi David,
When I try to get the virtual directory information, I can't read everything on the screen.  Is there a way to pipe the return data so I can see everything returned?

Also if you can provide intel about your virtual directories.
•Get-WebServicesVirtualDirectory
•Get-OwaVirtualDirectory
•Get-ActiveSyncVirtualDirectory
•Get-AutodiscoverVirtualDirectory
•Get-EcpVirtualDirectory
0
 
LVL 30

Expert Comment

by:Gareth Gudger
Comment Utility
Hey sndmnsix,

You can do each command like this for example. This will dump it to a text file on the C: drive called EWS.TXT. Then you can attach those text files here. Or cut and paste.

Get-WebServicesVirtualDirectory >> c:\ews.txt

Open in new window


Also, Outlook 2007 is a very old client. Can you confirm if you have the latest service packs and updates applied to Outlook? Any luck with the Outlook 2010 client? Maybe you could get a trial of 2013 from Microsoft?
http://www.microsoft.com/en-us/evalcenter/evaluate-office-professional-plus-2013
0
 

Author Comment

by:sndmnsix
Comment Utility
thanks Gareth,
Here's the data returned.

EWS:      https://servername/EWS/Exchange.asmx
OWA:      https://servername/OWA
ASYNC:      https://servername/Microsoft-Server-ActiveSync
ECP:        https://servername/ECP
Auto:      Return the servername only.
0
 
LVL 12

Expert Comment

by:David Paris Vicente
Comment Utility
Hi sndmnsix,

do it like Gareth said  will be more easy to check the info, and check your internal and external url's for the directories.
0
 

Author Comment

by:sndmnsix
Comment Utility
Hi David,
When I run the get commands to return the URLs, I'm not getting more than just 1 virtual directory.  Not sure where I would look for the secondary URL.  When I run the Get commands, am I receiving the internal URLs?  It would seem so since its returning NetBIOS names.  Thanks

Pete
0
 

Author Comment

by:sndmnsix
Comment Utility
Oh, I'm sorry I see now.  I checked the ECP,EWS,EAS, and OWA virtual directory and there wasn't an external URL assigned yet for any of them.
0
 
LVL 12

Assisted Solution

by:David Paris Vicente
David Paris Vicente earned 334 total points
Comment Utility
At least check the autodiscover virtual directory  because AutoDiscover feature in Exchange 2013 let’s client application such as Office Outlook 2007, 2010 and 2013 to connect to Exchange server automatically. AutoDiscover feature automatically discovers the mailbox settings for user profile in Office Outlook application. AutoDiscover also works for supported mobile applications. In Exchange 2013, you must configure URLs for AutoDiscover service via Exchange Management Shell.
The command below will configure the URL for AutoDiscover service.

Set-ClientAccessServer -Identity "Name of the server" -AutoDiscoverServiceInternalUri https://autodiscover.yourdomain.com/Autodiscover/Autodiscover.xml

Open in new window

then use this one to check
Get-ClientAccessServer | FL AutoDiscoverServiceInternalUri 

Open in new window


After this use the test email configuration in outlook to see if Outlook is detecting the autodiscover url and if is pointing to the correct one.
0
Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

 
LVL 53

Expert Comment

by:Will Szymkowski
Comment Utility
Just for your reference for on screen to show it for all CAS servers in the environment easily use the following PS command.

Get-WebServicesVirtualDirectory | fl Identity, Internal*, External*

Open in new window


You can use this piped command for all of the PS virtual directory commands get-owavirtualdirectory, get-activesyncvirtualdirectory etc.

Will.
0
 

Author Comment

by:sndmnsix
Comment Utility
Hi David,
When I run Get-ClientAccessServer | FL AutoDiscoverServiceInternalURi, this is what is returned.   Doesn't seem right.  Would the InternalUri be the machine name of the exchange server?


AutoDiscoverServiceInternalUri : https://{externalservername}/autodiscover/autodiscover.xml

AutoDiscoverServiceInternalUri : https://{autodiscover.domain}/Autodiscover/Autodiscover.xml
0
 

Author Comment

by:sndmnsix
Comment Utility
Hi Will,
Thanks for that.  I'll keep that in my book.  

Pete
0
 
LVL 12

Expert Comment

by:David Paris Vicente
Comment Utility
Can you past here the output??
0
 

Author Comment

by:sndmnsix
Comment Utility
When I run this

[PS] C:\Windows\system32>Get-Autodiscovervirtualdirectory | fl Identity, Internal*, External*


Identity                      : {ex2007server\Autodiscover (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
InternalUrl                   :
ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
ExternalUrl                   :

Identity                      : ex2013server\Autodiscover (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity, OAuth}
InternalUrl                   :
ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity, OAuth}
ExternalUrl                   :
0
 

Author Comment

by:sndmnsix
Comment Utility
Hi David,

Below is the capture of that command:

[PS] C:\Windows\system32>Get-ClientAccessServer | FL AutoDiscoverServiceInternalUri


AutoDiscoverServiceInternalUri : https://{externalname.domain.com/autodiscover/autodiscover.xml

AutoDiscoverServiceInternalUri : https://autodiscover.domain.com/Autodiscover/Autodiscover.xml
0
 
LVL 12

Accepted Solution

by:
David Paris Vicente earned 334 total points
Comment Utility
That it seems correct, but as you can see your autodiscover is pointing to an externalname.domain.com and you didn't setup a certificate for Exchange 2013 to answer for that name.

You can export the certificate from the Exchange 2007 and install it in the 2013 and set up the services that will answer by that externalname (SMTP,OWA, etc).
You should also set up the external url for the other services to the externalname.domain.com

Let us know if helped.
0
 

Author Comment

by:sndmnsix
Comment Utility
Hi David,
If I try to export the certificate from 2007, it won't let me export the private key.  I kinda assuming this is a necessity for this to be successful right ?

Pete
0
 
LVL 12

Expert Comment

by:David Paris Vicente
Comment Utility
Yeap.

You need to Export the certificate with private key from the IIS server where it is installed the Exchange 2007.
0
 
LVL 30

Expert Comment

by:Gareth Gudger
Comment Utility
If you can't export the cert, you should be able to go back to whoever issued it and ask for it to be rekeyed.
0
 

Author Comment

by:sndmnsix
Comment Utility
Hi David,
The reissued certificate has been install and tested successfully with this site:
https://testconnectivity.microsoft.com/

The hostname which is returned regarding the internalUri is pointed to the new exchange server internally.  The record already exisited but was pointing to the 2007 server.  I pointed it to the new server's private IP.

AutoDiscoverServiceInternalUri : https://{externalname.domain.com}/Autodiscover/Autodiscover.xml

On a side note:
When I go to reconfigure the outlook 2007 profile, I'll try to specify the new server that this person's mailbox is on but it can't resolve the account.  If I specify the old server, it immediate changes the name to the new server and then resolves the name ???  It's strange how I can't just type in the new server name for resolution.

Pete
0
 

Author Comment

by:sndmnsix
Comment Utility
If you can't export the cert, you should be able to go back to whoever issued it and ask for it to be rekeyed.

Hi Gareth,
Yep.. I went ahead and did that.  Everything checks out in those regards.  I read your article about split brain DNS.  There was already a record there for the hostname that would resolve externally so I just changed it to point to the internal address of the 2013 server.   Let me know what you think.

Pete
0
 
LVL 30

Expert Comment

by:Gareth Gudger
Comment Utility
Just to clarify. So your environment was configured for split-brain already. You had a record for autodiscover.yourdomain.com and you changed that from the IP of 2007 to the IP of 2013. If so, that is fine. :)

So, to go back to when you said you can't resolve with the new server name. You said the autodiscover test succeeds at https://testconnectivity.microsoft.com/. Is your autodiscover DNS record externally pointing to the 2013 server? Just want to make sure the test isn't succeeding against the old 2007 server.
0
 

Author Comment

by:sndmnsix
Comment Utility
Hi Gareth,
After the test, I went ahead to the secured owa website of that domain and logged in as a valid user who currently exists on the new 2013 box.  Seemed to test out perfectly.  

I'm not really sure if I'm split-brain or not.  Anyway I could find out if I did this part right?
0
 
LVL 30

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 166 total points
Comment Utility
Generally if you have a zone on your internal DNS servers for your external DNS namespace and those external DNS entries point to the internal IPs of the servers, that is split brain DNS. Also, all your internal URLs and external URLs in Exchange would be configured with the same value.

Lastly, did you confirm whether Outlook 2007 was fully patched? Or did you get a trial of 2013?
0
 

Author Comment

by:sndmnsix
Comment Utility
OH.. I'll check the 2007 client version real quick.  I'm fairly certain they are.  

As far as zones are concerned.  I only have one lookup zone.  Do I need to create another zone and make a new record for that host ?  Does the hostname need to exist on both zones with public and private addressing ?
0
 

Author Comment

by:sndmnsix
Comment Utility
Outlook 2007 (12.0.6665.5003) SP3 MSO (12.0.6607.1000)
0
 

Author Closing Comment

by:sndmnsix
Comment Utility
As a result of the certificate reissue and proper DNS records the 2007 client can finally connect to the mailbox.  Thanks very much guys for your patience on this one.  I learned some very valuable things from this.  Take care and happy new year.

Pete
0
 
LVL 30

Expert Comment

by:Gareth Gudger
Comment Utility
Glad to help Pete!
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now