Announcement

Collapse
No announcement yet.

Failed to authenticate to Outlook Anywhere provider ?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Failed to authenticate to Outlook Anywhere provider ?

    Hi Everyone,

    I have successfully published Exchange Activesync using TMG 2010 and OWA internally only but somehow when I tried to publish the Outlook Anywhere it failed ( as can be seen from the https://www.testexchangeconnectivity.com )

    Settings:
    IIS 7 settings, I have
    Code:
    unchecked the require SSL and "Ignore" the client certificate
    Exchange 2007 CAS settings:

    Code:
        ServerName                 : ExCAS02-VM
        SSLOffloading              : True
        ExternalHostname           : activesync.domain.com
        ClientAuthenticationMethod : Basic
        IISAuthenticationMethods   : {Basic}
        MetabasePath               : IIS://ExCAS02-VM.domainad.com/W3SVC/1/ROOT/Rpc
        Path                       : C:\Windows\System32\RpcProxy
        Server                     : ExCAS02-VM
        AdminDisplayName           :
        ExchangeVersion            : 0.1 (8.0.535.0)
        Name                       : Rpc (Default Web Site)
        DistinguishedName          : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols,CN=ExCAS02-VM,CN=Servers,CN=Exchange Administrative.......
        Identity                   : ExCAS02-VM\Rpc (Default Web Site)
        Guid                       : 59873fe5-3e09-456e-9540-f67abc893f5e
        ObjectCategory             : domainad.com/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
        ObjectClass                : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
        WhenChanged                : 18/02/2011 4:31:54 PM
        WhenCreated                : 18/02/2011 4:30:27 PM
        OriginatingServer          : ADDC01.domainad.com
        IsValid                    : True
    Test-OutlookWebServices settings:

    Code:
        1013 Error When contacting https://activesync.domain.com/Rpc received the error The remote server returned an error: (500) Internal Server Error.
        1017 Error [EXPR]-Error when contacting the RPC/HTTP service at https://activesync.domain.com/Rpc. The elapsed time was 0 milliseconds.
    https://www.testexchangeconnectivity.com testing result:

    Code:
        Checking the IIS configuration for client certificate authentication.
         	Client certificate authentication was detected.
         	
        	Additional Details
         	Accept/Require client certificates were found. Set the IIS configuration to Ignore Client Certificates if you aren't using this type of authentication.
    environment:
    Windows Server 2008 (HT-CAS)
    Exchange Server 2007 SP1
    TMG 2010 Standard
    Outlook 2007 client SP2.

    Any kind of help would be greatly appreciated.

    Thanks.

  • #2
    Re: Failed to authenticate to Outlook Anywhere provider ?

    It seems that I still got the error after adding the autodiscover.domain.com as the A record to pointto the TMG 2010 external interface with publicIP address.

    Even though I typed the ExCAS02.domain.com the Exchange CAS server address, or the same server address that is used bythe Activesync (which works both internal and externally), somehow it doesn't work for this OA in and externally.


    Code:
    	A network error occurred while communicating with the remote host.
    		Exception details:
    		Message: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 1.2.3.4:443
    		Type: System.Net.Sockets.SocketException
    		Stack trace:
    		at System.Net.Sockets.TcpClient.Connect(String hostname, Int32 port)
    		at Microsoft.Exchange.Tools.ExRca.Tests.TcpPortTest.PerformTestReally()
    
    Checking the IIS configuration for client certificate authentication.
     	Client certificate authentication was detected.
     	
    	Additional Details
     	Accept/Require client certificates were found. Set the IIS configuration to Ignore Client Certificates if you aren't using this type of authentication.
    	
    Testing TCP port 80 on host autodiscover.domain.com to ensure it's listening and open.
     	The specified port is either blocked, not listening, or not producing the expected response.
     	 Tell me more about this issue and how to resolve it
     	
    	Additional Details
    		A network error occurred while communicating with the remote host.
    		Exception details:
    		Message: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 1.2.3.4:80
    		Type: System.Net.Sockets.SocketException
    		Stack trace:
    		at System.Net.Sockets.TcpClient.Connect(String hostname, Int32 port)
    		at Microsoft.Exchange.Tools.ExRca.Tests.TcpPortTest.PerformTestReally()
    Here's my Windows Server 2008 IIS 7.0 settings:

    Code:
    Autodiscover
    	Authentication Enabled: Basic, Windows
    	SSL Settings: Require SSL, Require 128-bit SSL
    		Client Certificates: Ignore
    
    Microsoft-Server-ActiveSync
    	Authentication Enabled: Windows
    	SSL Settings: Require SSL, Require 128-bit SSL
    		Client Certificates: Ignore
    
    Rpc
    	Authentication Enabled: Basic
    	SSL Settings: (None checked)
    		Client Certificates: Ignore
    
    RpcWithCert
    	Authentication Enabled: (None Enabled)
    	SSL Settings: Require SSL, Require 128-bit SSL
    		Client Certificates: Ignore
    Last edited by Albertwt; 10th March 2011, 07:28.

    Comment


    • #3
      Re: Failed to authenticate to Outlook Anywhere provider ?

      I would approach the problem this way:
      I would try https://server.domain.com/RPC from on the server itself
      then i would try it from the ISA Server, and make sure I can reach it.
      THEN, I'd start looking at my rule on the ISA Server, and make sure I can contact that from outside.

      I suspect however, that there's an issue with your rule on the ISA server
      Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

      Comment


      • #4
        Re: Failed to authenticate to Outlook Anywhere provider ?

        Originally posted by tehcamel View Post
        I would approach the problem this way:
        I would try https://server.domain.com/RPC from on the server itself
        then i would try it from the ISA Server, and make sure I can reach it.
        THEN, I'd start looking at my rule on the ISA Server, and make sure I can contact that from outside.

        I suspect however, that there's an issue with your rule on the ISA server
        Thanks for your reply mate,
        What should I expect in accessing that URL from my IE ?

        Comment


        • #5
          Re: Failed to authenticate to Outlook Anywhere provider ?

          basically, nothing.

          it should authenticate you, then gie you nothin
          Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

          Comment


          • #6
            Re: Failed to authenticate to Outlook Anywhere provider ?

            Originally posted by tehcamel View Post
            basically, nothing.

            it should authenticate you, then gie you nothin
            ok, here it is the result:

            from my laptop: https://server.domain.com/RPC --> result timed out ? no response back

            from the TMG 2010 standard server: https://server.domain.com/RPC --> continuously prompted for credentials and then when I press ESC button, it failed with 401 ?

            from the Exchange server CAS role itself: https://server.domain.com/RPC --> Page Cannot be Displayed 404 ?

            from the external internet: https://Activesync.domain.com/RPC --> I got prompted for credentials and then You do not have permission to view this directory or page.

            Comment

            Working...
            X