rojbojwani
asked on
Fail to configure Outlook 2016 to Exchange Server 2010 on SBS 2011 via VPN
Title kind of sums it up, but here's the scenario. I've been able to connect Outlook 2010 from a remote system to my Exchange 2010 server which is hosted on SBS 2011, but am failing to do so with Outlook 2016. I've seen that others have had this problem, but I can't get a clear picture of how to fix this. I'm connecting through our SonicWALL VPN. This is all kind of complex, but I can't isolate the problem. I'm getting an error stating that the certificate is not valid and read an article stating that CAs are not giving out certs for domains based upon the SBS default of .local which is how our system is configured. I also read somewhere where Outlook Anywhere is supposed to be enabled. It is on our installation, but I'm not sure it configured correctly, if that's possible. I don't know enough about this. I'm not sure that the cert issue (specifically for autodiscover) is causing me to be unable to finish the Outlook configuration either,even though I can choose the prompt to install it and/or click Yes to move past the warning), but maybe. Since Outlook 2016 no longer supports a manual configuration, i can't force it through either. Or do I need to open up something on the SonicWALL firewall? Also the remote system is Windows 10. Not sure if this info is pertinent, but I'm pretty sure it doesn't make it any simpler.
Has anyone had any luck configuring Outlook 2016 to connect to Exchange 2010 on SBS 2011 via VPN? If so, how did you do it? Thanks ahead of time.
Todd.
Has anyone had any luck configuring Outlook 2016 to connect to Exchange 2010 on SBS 2011 via VPN? If so, how did you do it? Thanks ahead of time.
Todd.
To the best of my knowledge, Outlook 2013 or earlier are the only versions supported on your version of Exchange.
Hi,
This would seem to offer some clues. See what you can do with it.
https://kb.intermedia.net/article/20784
This would seem to offer some clues. See what you can do with it.
https://kb.intermedia.net/article/20784
ASKER
Larry, do I HAVE to set up a third-party server for autodiscovery? Seems like there should be a proprietary solution.
John, Outlook 2016 works with my workstations within the office. It only fails when I'm working remotely. Not sure if this is specifically the autodiscovery issue or something else though.
John, Outlook 2016 works with my workstations within the office. It only fails when I'm working remotely. Not sure if this is specifically the autodiscovery issue or something else though.
I think that may because there is a difference in Auto Discovery in Outlook 2016 compared to earlier versions of Outlook.
Outlook 2016 works with Exchange 2010, but not with Exchange 2007.
For a start I would check if your computer is trusting the exchange certificate. Try it with accessing OWA.
It could be, that you are using self-signed certificate on sbs server. Domain computers gets this certificate automatically. On remote computer you must install it manually.
The certificate installation package is located in public/downloads folder on sbs.
For a start I would check if your computer is trusting the exchange certificate. Try it with accessing OWA.
It could be, that you are using self-signed certificate on sbs server. Domain computers gets this certificate automatically. On remote computer you must install it manually.
The certificate installation package is located in public/downloads folder on sbs.
So one of the questions not addressed yet is how up to date is your patching for Exchange and SBS
Are you using a Self Signed Cert (hopefully no) or trusted third party cert (which you can get for about 5 dollars a year)
SBS 2011 needs to be updated to Update Rollup 4 to deal with the .local certificate issue and Exchange should have the latest UR. If you have not created a new cert (local self signed or trusted 3rd party) since applying those updates, you need to do that first as that will get rid of the .local piece.
Then go here. https://testconnectivity.microsoft.com/
Run the Outlook Connectivity and the Outlook Autodiscover tests
Are you using a Self Signed Cert (hopefully no) or trusted third party cert (which you can get for about 5 dollars a year)
SBS 2011 needs to be updated to Update Rollup 4 to deal with the .local certificate issue and Exchange should have the latest UR. If you have not created a new cert (local self signed or trusted 3rd party) since applying those updates, you need to do that first as that will get rid of the .local piece.
Then go here. https://testconnectivity.microsoft.com/
Run the Outlook Connectivity and the Outlook Autodiscover tests
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Simplest way to test autodiscover with 2010 is to try out of office message from outside of your network.
If you can't get it to connect,then you have a misconfigured autodiscover record.
If you can't get it to connect,then you have a misconfigured autodiscover record.
ASKER
I don't get prompted for a certificate when I access OWA (nor do I get any errors regarding autodiscovery), but I checked my certificate (public/downloads) and the 'Issued To', 'Issued By' and 'Subject' are all the same: <doman.-<servername>-CA. The expiration is 2/24/17. Does this mean that it's self-signed and I should get one from a certified third-party? If so, what are your recommendations for a CA?
I do have RU 4 for SBS 2011 installed. Exchange is SP3 RU 11. Looks like I've got 14 new security updates to install for the OS and Exchange RU 14. I can't be sure that the latest cert was installed after RU4 for SBS 2011. Probably not. Is this where my problem lies?
I looked at setting up the SRV record through our Domain Hosting provider, Network Solutions. They are asking for a 'Target' for the configuration. I'm guessing that this is the FQDN of my server, correct? However, I'm not sure if I should be using .com or .local on that. I'm assuming that it should <servername>.<domain>.loca l for my FQDN, correct?
I do have RU 4 for SBS 2011 installed. Exchange is SP3 RU 11. Looks like I've got 14 new security updates to install for the OS and Exchange RU 14. I can't be sure that the latest cert was installed after RU4 for SBS 2011. Probably not. Is this where my problem lies?
I looked at setting up the SRV record through our Domain Hosting provider, Network Solutions. They are asking for a 'Target' for the configuration. I'm guessing that this is the FQDN of my server, correct? However, I'm not sure if I should be using .com or .local on that. I'm assuming that it should <servername>.<domain>.loca
Here is a great article written about setting up Autodiscover/SRV records in SBS 2008 and SBS 2011
http://www.thirdtier.net/2009/02/setting-up-an-external-autodiscover-record-for-sbs-2008/
As for a trusted 3rd party cert Use the SBS Wizard to create a new request (CSR) then proceed here
https://www.ssls.com/ssl-certificates/comodo-positivessl
When you get your cert, you'll re-run the wizard. If you get an error the first time, run it again, it should go fine.
http://www.thirdtier.net/2009/02/setting-up-an-external-autodiscover-record-for-sbs-2008/
As for a trusted 3rd party cert Use the SBS Wizard to create a new request (CSR) then proceed here
https://www.ssls.com/ssl-certificates/comodo-positivessl
When you get your cert, you'll re-run the wizard. If you get an error the first time, run it again, it should go fine.
When you access owa, check the details of the https certificate used. If it is issued by <doman>-<servername>-CA, then it is self-signed. The certificate you found in download folder can be a remaining from old times. But even if it is self-signed its not a big deal. You just need to take care that the certificate and CA certificate are trusted on the devices. Domain joined devices get them automatically installed, on android devices you just need to accept to trust it. Only on ios and non-domain devices you need to install them manually. If you have large number of devices, then it is a different story.
But I guess you already have 3rd party certificate, because you would know that you have self-signed :)
But I guess you already have 3rd party certificate, because you would know that you have self-signed :)
ASKER
Set up the SRV record with my domain host and we were up and running a few hours later! Thanks everyone for the help and all the additional knowledge!
Great news :)