Announcement

Collapse
No announcement yet.

Outlook any where not working

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Outlook any where not working

    Hi all,
    I have a exchange server 2007 with SP1 installed on windows 2003(x64) operating system, We are using SSL certificate from our own Certificate Server. All Exchange server roles are installed on this machine.


    Now we are trying to implement RPC over HTTP/S. we did the following steps
    1. Install RPC Over HTTP from windows component.
    2. Enabled Outlook any where with NTLM authentication method.
    3. RPC Proxy registry settings for port 6001, 6002 & 6004 checked.
    After all these steps "Outlook any where" was not working from external ip, when i connect the same outlook settings from internal network it works.

    i have also performed some test from https://www.testexchangeconnectivity.com, initially the test end with the following error:.
    Test Steps Validating certificate name Successfully validated the certificate nameAdditional Details Found hostname mails.mydomain.com in Certificate Subject Common name Validating certificate trust Certificate trust validation failed Tell me more about this issue and how to resolve itAdditional Details The certificate chain did not end in a trusted root. Root = CN=<Certificate Server>, DC=mydomain, DC=com

    after that I have replaced Certificate with a new certificate from a public certificate Authority.
    Now it came up with new error:


    Attempting to ping RPC Endpoint 6001 (Exchange Information Store) on server mails.Mydomain.com Failed to ping Endpoint Tell me more about this issue and how to resolve itAdditional Details RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime

    But when I enable three ports on firewall 1026, 1392 & 135 it works from external ip also. I didn't find any article where enabling of these three ports is suggested. Kindly correct me if i am doing something wrong.

    Thanks
    Manoj Bhardwaj

  • #2
    Re: Outlook any where not working

    Originally posted by Manojbhardwaj View Post
    3. RPC Proxy registry settings for port 6001, 6002 & 6004 checked.

    Did you include the internal FQDN, external FQDN and NETBIOS name for all of you Mailbox servers here?

    You can use the rpcnofrontend tool found here to check.

    http://www.petri.com/software/rpcnofrontend.zip

    Comment


    • #3
      Re: Outlook any where not working

      If the certificate is self issued (even from a CA) it will not be trusted by any external body unless the CA is, itself, trusted by having a certificate from a commercial CA

      Your best bet is to buy a commercial SAN certificate (well under $100 per year) and use that
      If you find Sembee's articles and follow them, all will go very smoothly
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd
      Scotland

      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment


      • #4
        Re: Outlook any where not working

        Thanks for quick reply,
        Internal and external FQDN for my mail server is same. Entries for String value "ValidPorts" are given below

        "MAILS:6001-6002;MAILS:6004;mails.mydomain.com:6001-6002;mails.mydomain.com:6004"

        Thanks
        Manoj Bhardwaj

        Comment


        • #5
          Re: Outlook any where not working

          Hi Ossain,
          Now I am not using self signed Certificate. I have installed SSL certificate from PUBLIC/Commercial CA.

          Regards
          Manoj

          Comment


          • #6
            Re: Outlook any where not working

            Can you please upload the ourput of >>>netstat -ano... You need to run this command on the exchange server command prompt....
            ________
            FERRARI F430 CHALLENGE SPECIFICATIONS
            Last edited by Dks; 13th March 2011, 00:20.
            Rgds,

            Dks
            MCP E2K3 & MCITP E2K7
            MCITP Enterprise Win2k8

            Comment


            • #7
              Re: Outlook any where not working

              Hi DKS,
              I am sending you the output of netstat-aon command.
              Thanks
              Manoj Bhardwaj
              Attached Files

              Comment


              • #8
                Re: Outlook any where not working

                Hi,

                I reveiwed the netstat-ano O/P and its semms they are not able to connect on below ports. So Verify the below registry values on the exchange server:

                HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\ParametersSystemValue name: Rpc/HTTP PortValue type: REG_DWORDValue data: 0x1771 (Decimal 6001)

                HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeSA\ParametersValue name: HTTP PortValue type: REG_DWORDValue data: 0x1772 (Decimal 6002)

                HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeSA\Pa rametersValue name: Rpc/HTTP NSPI PortValue type: REG_DWORDValue data: 0x1774 (Decimal 6004) + Whats the output when you try to browse https://<CAS-SERVER-NAME/rpc/rpcproxy.dll For above URL test the expected output should be a blank page.
                ________
                BUY VAPORIZERS
                Last edited by Dks; 13th March 2011, 00:20.
                Rgds,

                Dks
                MCP E2K3 & MCITP E2K7
                MCITP Enterprise Win2k8

                Comment


                • #9
                  Re: Outlook any where not working

                  Hi DKS,
                  I have verified the registry values and all are correct. The output of https://<CAS-SERVER-NAME/rpc/rpcproxy.dll is blank page from out side and inside. But still getting "RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime " from https://www.testexchangeconnectivity.com/.
                  Thanks for ur intrest so far and please help me out to resolve it.

                  Regards
                  Manoj Bhardwaj

                  Comment


                  • #10
                    Re: Outlook any where not working

                    Thanks for the update. Try below things:

                    a) Use exchange management shell and enable the outlook anywhere for Basic authentication. Currently you have set it for NTLM.

                    b) User manual settings in outlook 2007 to configure outlook anywhere. Now when u r confguring the outlook profile for outlook anywhere then Under "Microsoft Exchange server" Name enter the exchange server FQDN name in it.

                    c) Under exchange proxy setting make sure you have correct OWA url Set and "Proxy authentication" is set to Basic auth.

                    Now relaunch the outlook and let me know how it behave.

                    Couple of questions for you:

                    a) Is your exchange server also a domain controller?

                    b)How many exchange 2007 server you have?

                    c) Please share your public owa URl as i would like to check the certificate on it.

                    d) Do you have ISA in front of your exchange server?
                    ________
                    WEBSITE HOST
                    Last edited by Dks; 13th March 2011, 00:20.
                    Rgds,

                    Dks
                    MCP E2K3 & MCITP E2K7
                    MCITP Enterprise Win2k8

                    Comment


                    • #11
                      Re: Outlook any where not working

                      Hi DKS,
                      I have send required information as a personal message.
                      Regards
                      Manoj Bhardwaj

                      Comment


                      • #12
                        Re: Outlook any where not working

                        Manoj,
                        For other people to be able to help you, posting all the information would have been a better option than a private message (which is, by definition, not available to anyone else)
                        Tom Jones
                        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                        PhD, MSc, FIAP, MIITT
                        IT Trainer / Consultant
                        Ossian Ltd
                        Scotland

                        ** Remember to give credit where credit is due and leave reputation points where appropriate **

                        Comment


                        • #13
                          Re: Outlook any where not working

                          hi ossain,
                          i am sharing some confidential information, so i have send a personal message.
                          regrads
                          Manoj

                          Comment


                          • #14
                            Re: Outlook any where not working

                            Hi DKS,
                            Finally I fixed it up. I found some solution in a well known forum, and i have made the changes in IIS and now its working fine and passing all the tests in https://www.testexchangeconnectivity.com/Default.aspx. For others reference steps are given below-

                            Assuming you have Windows 2003->Open IIS manager-> locate RPC -> Right click and choose properties -> select Directory security tab -> Click on the bottom most edit button -> Under Client Certificates -> choose ignore.

                            For Windows 2008 -> Locate RPC in IIS manager -> Open SSL settings -> Under Client Certificates -> choose ignore.
                            Thanks for your cooperation so far.

                            Regards
                            Manoj Bhardwaj

                            Comment

                            Working...
                            X