• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 93
  • Last Modified:

outlook 2016 wont connect to the exchange server externally althought works fine internally

all our laptops with outlook works fine when in the office but when take offsite the outlooks wont connect and constantly ask for the user name and password.

even though when we run the Microsoft testconductivity  all tests pass ok when run on the laptops externally
0
Alan Duck
Asked:
Alan Duck
  • 19
  • 15
  • 4
  • +1
2 Solutions
 
Tom CieslikIT EngineerCommented:
Is your OWA works externally ?
If not double check your firewall settings and make sure Exchange is published to outside with all required ports.
0
 
yo_beeDirector of Information TechnologyCommented:
Do you have Outlook anywhere setup?
If this is not configured on Outlook then Outlook external will not work.

https://technet.microsoft.com/en-us/library/bb123741(v=exchg.150).aspx
0
 
Tom CieslikIT EngineerCommented:
Another question, your laptops using Windows Home or Pro edition ?
I had issue with my Home edition laptops connecting to Exchange 2013 from Outlook 2013 and 2016 and to resolve this issue I had to disable Network Security: Restrict NTLM: NTLM Authentication in this domain - using GPO / Computer configuration / Policies / Windows Settings / Security Settings / Local Policies / Security Option

After refreshing GPO on DC and Exchange and restart IIS, all start working OK
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Alan DuckAuthor Commented:
Hi OWA will work on the laptops when Externally, Email on Phones works too
outlook anywhere is also setup
0
 
Tom CieslikIT EngineerCommented:
Try NTLM I've suggested before. I had same issue with new outlook software when old outlook works.
0
 
Alan DuckAuthor Commented:
all laptops are installed with Windows 10 Pro, office 2013 or 2016

the exchange software is 2010 with all service packs and the autodiscover mods I could find run
0
 
Alan DuckAuthor Commented:
I will try the NTLM has suggested
0
 
yo_beeDirector of Information TechnologyCommented:
Look at the Outlook anywhere setting before diving into anything else.
0
 
Alan DuckAuthor Commented:
I have checked Outlook Anywhere setting it is enabled and set to Basic authentication
0
 
yo_beeDirector of Information TechnologyCommented:
Does active sync work?  This is what Is used for Outlook anywhere.
0
 
Alan DuckAuthor Commented:
The Microsoft remote Connectivity Analyzer pass on both tests on a external laptop  and the exchange server
0
 
yo_beeDirector of Information TechnologyCommented:
That tool is only for external testing. When you run this it has no awareness if you are running it from an internal connection or externally.  

Did you also confirm if Outlook Anywhere is enabled on your Exchange server.
https://practical365.com/exchange-server/how-to-configure-exchange-server-2010-outlook-anywhere/
0
 
Alan DuckAuthor Commented:
yes  outlook anywhere is enabled on the exchange server
0
 
Alan DuckAuthor Commented:
I just ran outlook setup using active sync on a remote laptop and it say it cant find the exchange server although if I do nslookup autodiscover domain name it gives the correct wan IP address for the site
0
 
yo_beeDirector of Information TechnologyCommented:
Auto discover and active sync are not the same thing.
0
 
yo_beeDirector of Information TechnologyCommented:


Deploying Outlook Anywhere
--------------------------------------------------------------------------------
In Exchange 2013, Outlook Anywhere is enabled by default, because all Outlook connectivity takes place via Outlook Anywhere. The only post-deployment task you must perform to successfully use Outlook Anywhere is to install a valid SSL certificate on your Client Access server. Mailbox servers in your organization only require the default self-signed SSL certificate.


https://technet.microsoft.com/en-us/library/bb123741(v=exchg.150).aspx#Anchor_2
0
 
Alan DuckAuthor Commented:
we purchased a GEOTrust SSL certificate which was installed into the exchange server certificates and on to the server
0
 
yo_beeDirector of Information TechnologyCommented:
At least that rules that out.

Do you have public DNS for active sync.  
Try running this on your Exchange CAS server

Get-ActiveSyncVirtualDirectory| Select InternalUrl,ExternalURL

Open in new window

0
 
Alan DuckAuthor Commented:
running the above line gives me the following  message
https://mail.domainname.com/Microsoft-Server-ActiveSync and https://mail.domainname .uk.coml/Microsoft-Server-ActiveSync

which I believe to be correct
0
 
yo_beeDirector of Information TechnologyCommented:
You have DNS records to resolve the IP?
0
 
Alan DuckAuthor Commented:
internal or external IP
0
 
yo_beeDirector of Information TechnologyCommented:
External.  We know that it works internally.
0
 
Alan DuckAuthor Commented:
I am not seeing one in the servers DNS settings
0
 
yo_beeDirector of Information TechnologyCommented:
if you ping mail.domainame.com  from an external device (off your network) does it resolve an public IP-Address that matches your public DNS records.

(e.g. www.google.com --> Pinging www.google.com [216.58.204.36])
0
 
Alan DuckAuthor Commented:
yes it does give the right  Public IP address but all pings timeout
0
 
yo_beeDirector of Information TechnologyCommented:
The timeouts are fine.  Your firewall can block PING request.

Can you post your Outlook settings from Control Panel.
I would like to see how your Outlook Anywhere is setup.
If you want to send me a private message for security please do.
0
 
Tom CieslikIT EngineerCommented:
PING timeout is because your firewall simply not allow ICMP packets go through but this is not require to setup Outlook outside.
Did you tray NTLM ?
0
 
yo_beeDirector of Information TechnologyCommented:
Run Outlook.exe /rpcdiag on both an internal and external connection and see what you get.

Here is mine:

Internal:
RPCDIAG_internal.png
External:
RPCDIAG.png
0
 
Alan DuckAuthor Commented:
I will arrange to run thoughts tests
0
 
Alan DuckAuthor Commented:
here is a screen shot attached of the laptop loading outlook from an external network (at home)
laptop-outlook.png
0
 
Alan DuckAuthor Commented:
Here is a screen shot of a internal desktop which connects fine
desktop-internal.png
0
 
Alan DuckAuthor Commented:
I have having a look to see the NTLM setting in the Group Policy Management on the main server an yet to locate the NTLM setting
0
 
yo_beeDirector of Information TechnologyCommented:
It looks like it making an attempt, but fails.  You may have a firewall setting that needs to be allowed.
This link will outline the steps for you.
https://4sysops.com/archives/how-to-install-the-powershell-active-directory-module/
0
 
Alan DuckAuthor Commented:
just has extra information on the windows 10 Laptops that outlook won't connect offsite, the mail program that comes with windows 10 connects and works ok
0
 
Alan DuckAuthor Commented:
hi Yo_bee is the link the right one this talks of installing power shell for active directory rather than modifying the firewall
0
 
yo_beeDirector of Information TechnologyCommented:
Sorry about the link it was meant for another thread.  :(
0
 
yo_beeDirector of Information TechnologyCommented:
Something is misconfigured. Could be the firewall on your edge, could be public DNS records, could be your Exchange server.
The external screenshot of the RPCDIAG shows no proxy server, but it does prompt you for a user name and password.  This means that it is connecting from my point of view, but something else is stopping the connection.

https://blogs.technet.microsoft.com/exchange/2016/05/31/checklist-for-troubleshooting-outlook-connectivity-in-exchange-2013-and-2016-on-premises/

goto the part Troubleshooting Logs and Tools
0
 
Alan DuckAuthor Commented:
after checking out everything  it was suggested by a Microsoft engineer we try the following

+ We found that OutlookAnywhere was having basic setting we changes it to NTLM
>Get-outlookanywhere |set-outlookanywhere -ClientAuthenticationMethod ntlm -IISAuthenticationMethods Basic,Ntlm
>Iisreset

+ We found that EXPR was set in OutlookProvider
>Set-OutlookProvider -Identity expr -Certprincipalname $null
>iisreset
this seems to have cured the problem although more testing need doing.
0
 
Seth SimmonsSr. Systems AdministratorCommented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Split:
-- Alan Duck (https:#a42441620)
-- Tom Cieslik (https:#a42435317)


If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

seth2740
Experts-Exchange Cleanup Volunteer
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 19
  • 15
  • 4
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now