Announcement

Collapse
No announcement yet.

Proper setup of Outlook for Remote Users

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Proper setup of Outlook for Remote Users

    Hi All,

    Thanks in advance for helping out:

    I am a little confused on the proper way of setting up remote users with Outlook connecting to 2003 Exchange server.

    Clients using Outlook 2003/2007. (no vpn)

    so far I've tried the following:

    HTTP/Other - connecting to mail.xxx.com/exchange - "from reading different articles I got the feeling this should NOT be used. (not sure why) - but the functionality is weird - Calendar & Contacts appear as emails.

    IMAP - I'm currently using this - so far it's been ok, my only issue is relay errors for external users (I have to add the IP to the Exchange Relay) for this to work. (con: gotta keep track of every IP they connect from?) hmm...

    I read a little about RPC over HTTPS - not too familiar with Certificate server/service so I shied away from it.

    What is the closest scenario to being in the office LAN connecting to Exchange server? (the users don't like OWA) what do most ppl use aside of owa?

    I'd appreciate if you can include a link to set it up, whichever option is the proper one.

    thanks a lot,

    YosiNYC

  • #2
    Re: Proper setup of Outlook for Remote Users

    RPC over HTTPS is the preferred option to be honest. It can be a pig to setup, but once it works it gives the remote users the best experience.

    Daniel's kb article is a good starting point. You don't have to use HTTPS (thus avoiding certificate issues) but it is highly recommended that you do from a security point of view.
    BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
    sigpic
    Cruachan's Blog

    Comment


    • #3
      Re: Proper setup of Outlook for Remote Users

      I agree, RPC over HTTP is the way to go. If you must use IMAP, you don't need to set up relaying (for SMTP) based on their ip address, you can set up authenticated relaying. In any event, allowing relaying is asking for trouble.

      Comment


      • #4
        Re: Proper setup of Outlook for Remote Users

        Thanks guys. Would setting up RPC over HTTP affect current operations? Is it smart to do it over the weekend or it should not be a problem?

        Also regarding my current IMAP setting joeqwerty mentioned "authenticated relaying" - is that the "Grant or Deny relay permissions to specific users or groups" option?

        thanks much,

        YosiNYC
        Last edited by YosiNYC; 12th February 2009, 15:19.

        Comment


        • #5
          Re: Proper setup of Outlook for Remote Users

          Setting up RPC over HTTP on the server and clients shouldn't require any downtime for either. As far as the authenticated relay is concerned: In ESM, on the Access tab of the properties of the SMTP protocol on your server click the relay button and select the "Allow all computers which successfully authenticate to relay..." check box. Again, I don't recommend allowing relaying but in some cases it is neccessary.

          Comment


          • #6
            Re: Proper setup of Outlook for Remote Users

            When I have this option checked the Outlook remote user gets:
            SMTP 550 5.7.1 Unable to relay error when sending emails to external domains like aol and such.

            Comment


            • #7
              Re: Proper setup of Outlook for Remote Users

              When you are setting the outgoing server in Outlook, are you specifically setting authentication credentials? If not then that is the problem.

              However RPC over HTTPS is the preferred solution. It is easily setup during production hours. It does require a commercial certificate to work correctly. That isn't anything complex, you should have a certificate anyway for OWA use. Certificates are cheap. GoDaddy sell them for US$30/year http://DomainsForExchange.net/

              Simon.
              --
              Simon Butler
              Exchange MVP

              Blog: http://blog.sembee.co.uk/
              More Exchange Content: http://exchange.sembee.info/
              Exchange Resources List: http://exbpa.com/
              In the UK? Hire me: http://www.sembee.co.uk/

              Sembee is a registered trademark, used here with permission.

              Comment


              • #8
                Re: Proper setup of Outlook for Remote Users

                thanks guys.

                Got me a cert from godaddy. Server is configured for RPC over HTTPS with the help of Daniel's step-by-step guide.

                Regarding the client. I launch outlook, I get login screen. I type user name in the format domain\user & password and I get:

                "The connection to Microsoft Exchange is unavailable"

                where do I start troubleshooting it?

                tnx

                Comment


                • #9
                  Re: Proper setup of Outlook for Remote Users

                  This feature either works or it doesn't. There are no half measures.

                  Three causes for failure

                  - certificate trust issues
                  - registry settings incorrect
                  - authentication mismatch

                  If you have a commercial certificate then that would rule out the trust issue.
                  Authentication mismatch is quite common. Setting the client to use Basic but Integrated is enabled on the RPC virtual directory, or vice versa. Therefore I would suggest that you check those first.

                  Use a test account with the MS test site and see if that flags anything:
                  https://www.testexchangeconnectivity.com

                  Simon.
                  --
                  Simon Butler
                  Exchange MVP

                  Blog: http://blog.sembee.co.uk/
                  More Exchange Content: http://exchange.sembee.info/
                  Exchange Resources List: http://exbpa.com/
                  In the UK? Hire me: http://www.sembee.co.uk/

                  Sembee is a registered trademark, used here with permission.

                  Comment


                  • #10
                    Re: Proper setup of Outlook for Remote Users

                    Thanks, I guess this is a start: Here's the test result:

                    Test Details

                    Copy to ClipboardExpand/CollapseTesting RPC/HTTP connectivityRPC/HTTP test failed
                    Test StepsAttempting to Resolve the host name https://mail.tyrxpharma.com in DNS.The Host could not be resolved.
                    Tell me more about this issue and how to resolve it

                    Additional DetailsHost https://mail.tyrxpharma.com could not be resolved in DNS Exception Details: Message: No such host is known Type:
                    System.Net.Sockets.SocketException Stack Trace: at System.Net.Dns.GetAddrInfo(String name) at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6) at System.Net.Dns.GetHostAddresses(String hostNameOrAddress) at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTe st.PerformTestReally()

                    This is the first week of us using https with a cert from godaddy. I havn't added any records to the DNS server.

                    I ran the following on my mail-server.

                    C:\>nslookup
                    Default Server: tyrx-mail.tyrxpharma.com
                    Address: 192.168.1.3
                    > set q=A
                    > tyrx-mail
                    Server: tyrx-mail.tyrxpharma.com
                    Address: 192.168.1.3
                    Name: tyrx-mail.tyrxpharma.com
                    Address: 192.168.1.3

                    note: my certificate was for mail.tyrxpharma.com


                    Not sure why, but when I VPN to my office and launch that failed Outlook profile it registers
                    & works from that point on without VPN hmmm...

                    Comment


                    • #11
                      Re: Proper setup of Outlook for Remote Users

                      some more clues: Now with the MS test I get:

                      all successful but:

                      Testing NSPI "Check Name" for user [email protected] against server tyrx-mail.tyrxpharma.com

                      An error occured while attempting to resolve the name
                      Additional Details:

                      An RPC Error was thrown by the RPC Runtime. Error 1717 UnknownIf


                      2- running rpcdump I get:

                      E:\Program Files\Windows Resource Kits\Tools>rpcdump /p ncacn_http
                      Querying Endpoint Mapper Database...
                      RpcMgmtEpEltInqNextAccess is denied. ).
                      rpcdump failed after 1 seconds

                      3- IIS Log shows:

                      RPC_IN_DATA /rpc/rpcproxy.dll tyrx-mail.tyrxpharma.com:6004 443 - 71.172.x.x MSRPC 401 2 2148074254

                      RPC_IN_DATA /rpc/rpcproxy.dll tyrx-mail.tyrxpharma.com:6004 443 - 71.172.x.x MSRPC 401 1 0

                      RPC_OUT_DATA /rpc/rpcproxy.dll tyrx-mail.tyrxpharma.com:6004 443 - 71.172.x.x MSRPC 401 1 0

                      RPC_IN_DATA /rpc/rpcproxy.dll tyrx-mail.tyrxpharma.com:6004 443 tyrxpharma\yosi 71.172.x.x MSRPC 200 0 0

                      RPC_OUT_DATA /rpc/rpcproxy.dll tyrx-mail.tyrxpharma.com:6004 443 tyrxpharma\yosi 71.172.x.x MSRPC 200 0 0

                      RPC_IN_DATA /rpc/rpcproxy.dll tyrx-mail.tyrxpharma.com:6004 443 tyrxpharma\yosi 71.172.x.x MSRPC 200 0 64

                      RPC_OUT_DATA /rpc/rpcproxy.dll tyrx-mail.tyrxpharma.com:6004 443 tyrxpharma\yosi 71.172.x.x MSRPC 200 0 64


                      4- With my current profile that I created while connected to the LAN, when I compose an email and choose TO: to choose an address from the address book, I get: "the connection to ms exchange is unavailable".

                      Wow what a mess... I'm losing it...

                      In case I didn't mention it, everything is on one server, I'm not using ISA server, nor sharepoint. Global Catalog is on another server. For Directory Security I have Basic Auth. & Integrated Checked. Cert is working fine based on tests I've followed from MS site. I'm using Outlook 2007.

                      Thanks for anything you may suggest.

                      Yosi
                      Last edited by YosiNYC; 15th February 2009, 22:43.

                      Comment


                      • #12
                        Re: Proper setup of Outlook for Remote Users

                        I came across this on another website:
                        -------------------------------------------------------------------------------
                        This is your first problem.
                        "Exchange server that is also a DC (no GC) "

                        If Exchange is installed on a domain controller then it MUST be a global catalog. Make it a Global Catalog and reboot.
                        Exchange will only use itself for domain functionality.
                        You shouldn't be making registry changes on Exchange 2007. That could also be causing you problems. Exchange should be making all of the changes for you.

                        Simon.
                        ---------------------------------------------------------------------------------
                        Is this true for 2003 server as well? Do I need to make my Exchange server a GC?

                        Comment


                        • #13
                          Re: Proper setup of Outlook for Remote Users

                          What about using "Outlook Connector" on the client machine??

                          Comment


                          • #14
                            Solved: Proper setup of Outlook for Remote Users

                            Connectivity Test Successful

                            Test Details

                            Testing RPC/HTTP connectivity RPC/HTTP test completed successfully.

                            wow- I need a cold glass of Coca-Cola now!


                            After reading about 30 articles & guides, it's back to the one and only Sembee

                            I made my mail server a Global Catalog server... reboot - Voila

                            Many thanks to all who took their time and effort in resolving this matter....

                            Comment


                            • #15
                              Re: Proper setup of Outlook for Remote Users

                              To confirm the above post - if Exchange is installed on a domain controller - it doesn't matter what version of Exchange or Windows, then the DC must also be a GC.

                              Simon.
                              --
                              Simon Butler
                              Exchange MVP

                              Blog: http://blog.sembee.co.uk/
                              More Exchange Content: http://exchange.sembee.info/
                              Exchange Resources List: http://exbpa.com/
                              In the UK? Hire me: http://www.sembee.co.uk/

                              Sembee is a registered trademark, used here with permission.

                              Comment

                              Working...
                              X