Outlook clients cannot connect to exchange 2007 externally

I have a new client with an exchange 2007 server that is new to me. Client called in initially with a mac with outlook 2011 no longer able to connect after the installed generic windows updates on the server. Upon inspection, we discovered that the environment had never really been setup properly, and all of the local windows desktops were configured to connect with local paths and credentials, although OWA was working externally. We resolved an issue with RPC and the setup now passes the exchange connectivity analyzer. I can also connect with an iphone, although I do have to manually input the server address. I cannot however connect an outlook client, windows or mac, outside of the office. Windows clients can connect locally inside the office, and OWA works inside or outside. Mac outlook client cannot connect locally or otherwise. Outlook setup externally appears to go through and leads to a username/password prompt, but now combination of user/pass, with domain included or not, is accepted. Credentials have been verified as they allow access via OWA. I'm seeing zero errors in the event viewer since resolving the rpc error initially. I'm out of ideas as to what could be causing this, since the connectivity analyzer gives a green light.
sdholden28Asked:
Who is Participating?
 
Kidamazon1Commented:
Hi,

This is happening to me as well since the newest Microsoft patches. Read this: http://blog.jasonsherry.net/2015/03/13/warning-kb3002657-can-break-authentication/ 

Microsoft recommends this:

https://technet.microsoft.com/en-us/library/security/ms15-027.aspx 

...If you recently updated to those patches on any of your AD or Exchange servers.

Hoe this helps! :-D
0
 
Simon Butler (Sembee)ConsultantCommented:
Do you have Windows 2003 domain controllers? If so the authentication problems could be a bad patch. It has been pulled and re-released, run Microsoft update on the domain controllers and it should be offered for installation. Install and reboot.

Is there a trusted SSL certificate on the server?
Has Autodiscover been setup correctly on external DNS records?

Simon.
0
 
sdholden28Author Commented:
Its windows 2008 r2 and all updates are current. 2007 exchange is current through today's rollup 16. The only warning I get from the connectivity analyzer is below and it is certificate related. External DNS records are setup correctly and autodiscover passes the connectivity analyzer.

      Certificate trust is being validated.
       The certificate is trusted and all certificates are present in the chain.
       
      Test Steps
       
      The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=mail.jasperlawyers.com, O="King, Wiley and Williams, LLC", L=Jasper, S=AL, C=US.
       One or more certificate chains were constructed successfully.
       
      Additional Details
      Analyzing the certificate chains for compatibility problems with versions of Windows.
       Potential compatibility problems were identified with some versions of Windows.
       
      Additional Details
       
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
Elapsed Time: 4 ms.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
sdholden28Author Commented:
Setup on a mac client just leads to repetitive username and password errors. I cannot setup an outlook client externally via autodiscover or manually. Autodiscover leads to the same username and password prompts, even with credentials that simultaneously allow access to owa
0
 
Simon Butler (Sembee)ConsultantCommented:
What are the clients? Windows XP, 7?
Which authentication method do you have enabled on Outlook Anywhere?

Simon.
0
 
sdholden28Author Commented:
That certainly looks like it Kidamazon1. Installing that update now so we'll see.

Windows 7 and up, with outlook 2007 and up, all combinations produce the same result. Have tried NTLM and basic. Same result.
0
 
Simon Butler (Sembee)ConsultantCommented:
The problem with the update only applies to Windows 2003 domain controllers. If you have later version domain controllers it does not apply.

Simon.
0
 
sdholden28Author Commented:
There was a 2003 DC, and installing the 2nd version of the patch alleviated all issues. Thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.