Announcement

Collapse
No announcement yet.

Outlook Anywhere not working but should?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Outlook Anywhere not working but should?

    Has anyone experienced this issue before?

    I have a SBS 2008 server and everything is running fine except for Outlook Anywhere...

    OA was working fine and nothing has been installed but in the last week it is working sporadically. OA is enabled through the Exchange Management Console, the RPC proxy is installed and running, my certificates are up to date and all the necessary services are running but my Outlook clients are in a perpetual state of "Trying to connect."

    My firewall has SSL ports open and forwarded, I can get to the SBS Remote pages and do things like view the company website, use OWA and RDP into a desktop just fine as well.

    Additionally, I'm using Basic Authentication and the Outlook clients are configured for the internal FQDN server.domain.local with the msstd:externalsubdomain.domain.com.

    Any thoughts on what I could be missing?

  • #2
    Re: Outlook Anywhere not working but should?

    Use a test account and run it through the Microsoft test site:
    https://testexchangeconnectivity.com/

    That should flag if things are working correctly or not.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Outlook Anywhere not working but should?

      I only have one public A record for mail.domain.com and the test is trying to connect to autodiscover.domain.com. Could this be my issue? Do I need my ISP to create an additional A record for the autodiscovery service?

      Comment


      • #4
        Re: Outlook Anywhere not working but should?

        Try below steps one by one and let me know the results of it:-

        a) Try to browse the https://mail.domain.com/rpc/rpcproxy.dll from the client workstation. Do you see the blank page after entering the user credential. (make sure we are not getting any certificate prompt. If its there then install the root and intermediate certificate on the client machine.)

        b) If its the single name 3rd party certificate in Exchange proxy setting you need to enter https://mail.domain .com. MSSTD value is not required. since the owa url and issued to name of the certificate is matching.

        d) are users able to configure the Outlook anywhere profile using manual configuraion? if No, then dont concentrate on Autodiscover atthis point.

        e) Try to configure the OA profile internally on LAN and then check the connection status. let me knwo on which name its failing.
        ________
        Buy Silver Surfer Vaporizer
        Last edited by Dks; 13th March 2011, 00:19.
        Rgds,

        Dks
        MCP E2K3 & MCITP E2K7
        MCITP Enterprise Win2k8

        Comment


        • #5
          Re: Outlook Anywhere not working but should?

          For full functionality you should have autodiscover.example.com pointing at your Exchange server, and also have autodiscover.example.com in the SAN/UC certificate.
          Autodiscover is not only used for the setup of the client, but it is used for the availability service as well. It is not an optional feature.

          Simon.
          --
          Simon Butler
          Exchange MVP

          Blog: http://blog.sembee.co.uk/
          More Exchange Content: http://exchange.sembee.info/
          Exchange Resources List: http://exbpa.com/
          In the UK? Hire me: http://www.sembee.co.uk/

          Sembee is a registered trademark, used here with permission.

          Comment


          • #6
            Re: Outlook Anywhere not working but should?

            Yes you are right BUT rather than concentrating on Autodiscover right now at this stage, he should make sure First outlook anywhere is working fine with manual settings.
            ________
            Herbal vaporizers
            Last edited by Dks; 13th March 2011, 00:19.
            Rgds,

            Dks
            MCP E2K3 & MCITP E2K7
            MCITP Enterprise Win2k8

            Comment


            • #7
              Re: Outlook Anywhere not working but should?

              DKS, Yes, I can browse to https://mail.domain.com/rpc/rpcproxy.dll from an external workstation without issues. I get the login diaglog box, enter my credentials and then I get the blank page.

              Plus, I removed the msstd:mail.domain.com from the require name in SSL certificate field.

              Sembee - I created an A record for autodiscover.domain.com.



              At this point things seem to be working... I do get a security pop-up now telling me that autodiscover.domain.com is does not have a trusted certificate so I guess I need to get another SSL certificate with that subdomain in the name?

              Comment


              • #8
                Re: Outlook Anywhere not working but should?

                Autodiscover is not an optional feature. If you do not get autodiscover to work then external Outlook clients will not work correctly.

                Do you already have an SSL certificate in place? Is it a SAN/UC certificate? If not then it needs to be.

                http://blog.sembee.co.uk/archive/2008/05/30/78.aspx

                Simon.
                --
                Simon Butler
                Exchange MVP

                Blog: http://blog.sembee.co.uk/
                More Exchange Content: http://exchange.sembee.info/
                Exchange Resources List: http://exbpa.com/
                In the UK? Hire me: http://www.sembee.co.uk/

                Sembee is a registered trademark, used here with permission.

                Comment


                • #9
                  Re: Outlook Anywhere not working but should?

                  From my understanding of OA, the autodiscover record should be an SRV record not an A record.

                  http://technet.microsoft.com/en-us/l.../bb332063.aspx

                  Comment


                  • #10
                    Re: Outlook Anywhere not working but should?

                    Depends which method you are using.
                    The preferred method is an A record with the SSL certificate having autodiscover.example.com listed as one of its additional names.
                    The SRV record method is only used when that isn't possible for some reason.

                    Simon.
                    --
                    Simon Butler
                    Exchange MVP

                    Blog: http://blog.sembee.co.uk/
                    More Exchange Content: http://exchange.sembee.info/
                    Exchange Resources List: http://exbpa.com/
                    In the UK? Hire me: http://www.sembee.co.uk/

                    Sembee is a registered trademark, used here with permission.

                    Comment


                    • #11
                      Re: Outlook Anywhere not working but should?

                      Oh okay! I thought non-domain joined external clients needed the SRV. My bad

                      Comment


                      • #12
                        Re: Outlook Anywhere not working but should?

                        Well at this point I have a 3rd party SSL certificate for mail.domain.com and I've created an A record for autodiscover.domain.com and the SRV record as per the Microsoft documentation.

                        Things seem to be working since I removed the msstd:mail.domain.com from the Outlook clients...

                        Sometimes the issues manifest themselves when a I have 12+ users trying to access OA at the same time...

                        Comment


                        • #13
                          Re: Outlook Anywhere not working but should?

                          12 users? Is that all.
                          I have built sites where I have had 1200 using Outlook Anywhere at the same time.

                          The bulk of the problems with Exchange 2007 are coming down to attempts to cut corners. Single name certificates rather than SAN/UC certificates are the main one that quickly turn in to a false economy.

                          Simon.
                          --
                          Simon Butler
                          Exchange MVP

                          Blog: http://blog.sembee.co.uk/
                          More Exchange Content: http://exchange.sembee.info/
                          Exchange Resources List: http://exbpa.com/
                          In the UK? Hire me: http://www.sembee.co.uk/

                          Sembee is a registered trademark, used here with permission.

                          Comment


                          • #14
                            Re: Outlook Anywhere not working but should?

                            Either you need HOST A record or SRV record. Both are not required.

                            We go for SRV record in a scenario where we have single name certificate i.e. without autodiscover.domain.com
                            ________
                            Ford model a picture
                            Last edited by Dks; 13th March 2011, 00:19.
                            Rgds,

                            Dks
                            MCP E2K3 & MCITP E2K7
                            MCITP Enterprise Win2k8

                            Comment


                            • #15
                              Re: Outlook Anywhere not working but should?

                              i believe i have the same issue to this.
                              however we have the appropriate SAN cert setup and autodiscover URLs.
                              in the end it comes down to this.
                              we use a separate fqdn for outlook anywhere for security - outlook anywhere traffic is logged on a separate IP on the firewall.
                              it is

                              autodiscover configuration adds https URL connection setting and MSSTD to this FQDN on an outlook profile.
                              this FQDN is a Subject Alternate Name on the SAN cert - it is not the CN subj name.


                              those machines that are part of our Windows 7 pilot had no issues. but XP clients did have certificate issues and it comes down to this....

                              unless your clients are on Vista SP1 or greater (and ours are on XP) - the FQDN of the outlook anywhere address - specifically the MSSTD configuration will not work unless it is the CN of the cert subject. because of this and if you are outside the network - you will get prompted and prompted and prompted. remove it and you are fine.
                              we cannot update the outlook provider as it is a global settings as we have multiple entry points for different places in other countries.
                              it will go away once we all uplift to windows 7 but thats going to be a 2010 task. MS provided no details if any private HF existed to resolve this issue.

                              Comment

                              Working...
                              X