Announcement

Collapse
No announcement yet.

Exchange 2010 Outlook any where multiple domains

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange 2010 Outlook any where multiple domains

    Hi,

    I have a domain of abc.com; i have created one more domain on the exchange as xyz.com & the primary smtp address is [email protected].

    I have enabled outlook anywhere, and also autodiscover & trying to configure outlook from outside network but it is not working.

    Is SSL certificate mandatory for connecting outlook anywhere?

    Any help would be appreciated.

    Many thanks in the advance

  • #2
    Re: Exchange 2010 Outlook any where multiple domains

    SSL is not mandatory, but very strongly recommended - and Microsoft more or less assume you have a 3rd party SAN (UC) certificate (cost is about US$60 per year and configuration is extremely easy so makes good business sense to get one).

    I recommend you run, do not walk, to www.testexchangeconnectivity.com and run the various OWA (and active sync) tests to see what isn't configured properly. The reports you get from there pretty much walk you through any configuration you need to do.
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Exchange 2010 Outlook any where multiple domains

      Thank you Ossian,

      I have already raised a PO for UC.

      I have verified @ www.testexchangeconnectivity.com; kindly go through the attached for the errors (i got the same error for outllook any where & auto discover) i assume to be an issue. Kindly help me to resolve them

      Many thanks
      Attached Files

      Comment


      • #4
        Re: Exchange 2010 Outlook any where multiple domains

        Below are the complete error details (apart from SSL error)

        Attempting to contact the Autodiscover service using the HTTP redirect method.
        The attempt to contact Autodiscover using the HTTP Redirect method failed.

        Test Steps

        Attempting to resolve the host name autodiscover.abcd.com.ef in DNS.
        The host name resolved successfully.

        Additional Details
        IP addresses returned: x.x.x.x
        Testing TCP port 80 on host autodiscover.abcd.com.ef to ensure it's listening and open.
        The port was opened successfully.
        ExRCA is checking the host autodiscover.abcd.com.ef for an HTTP redirect to the Autodiscover service.
        ExRCA failed to get an HTTP redirect response for Autodiscover.

        Additional Details
        An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body of the response: You do not have permission to view this directory or page.


        How to resolve this?
        Many thanks in advance

        Comment


        • #5
          Re: Exchange 2010 Outlook any where multiple domains

          My main issue is with the internal & external domain being different.
          Internal is: int.com
          External is: ext.com

          In my internal network outlook gets connected normally without any issue; but from outside it is unable to connect.

          int.com & ext.com both being pointed to the same hub-cas virtual IP.

          Please help me out with this

          Comment


          • #6
            Re: Exchange 2010 Outlook any where multiple domains

            The CAS role installs with a self-signed SSL certificate. Outlook Anywhere externally will not connect with a self-signed certificate. If you want to use SSL then you'll need to purchase a commercial SSL certificate.

            Comment


            • #7
              Re: Exchange 2010 Outlook any where multiple domains

              Hi Joeqwerty,

              UC is under process of purchasing.

              But as SSL cert is not mandatory; please suggest some other solutions to resolve this issue

              Many thanks

              Comment


              • #8
                Re: Exchange 2010 Outlook any where multiple domains

                Originally posted by zakir.ahmed View Post
                Hi Joeqwerty,

                UC is under process of purchasing.

                But as SSL cert is not mandatory; please suggest some other solutions to resolve this issue

                Many thanks
                SSL is mandatory for the OA handshake to be succesful as OA uses RPC/HTTPS by default. This must be negociated with TLS/SSL by using a certificate. Granted you can get this to work using self signed certificates but thats an unsupported configuration by MS, and neither is it a sound best practice. As already explained configure this once you have your SAN certificate in place.

                Comment


                • #9
                  Re: Exchange 2010 Outlook any where multiple domains

                  Internal and External domain names being different isn't an issue either, just change Exchange to use the external name everywhere:
                  http://exchange.sembee.info/2010/ins...shostnames.asp

                  Outlook Anywhere without SSL or with the self signed SSL certificate isn't supported. If you don't use an SSL certificate then your credentials are going across in the clear. You would have to undo a lot of things in Exchange not to use SSL, and then undo them everytime you update the server. It is presumed that SSL is in use.

                  Simon.
                  --
                  Simon Butler
                  Exchange MVP

                  Blog: http://blog.sembee.co.uk/
                  More Exchange Content: http://exchange.sembee.info/
                  Exchange Resources List: http://exbpa.com/
                  In the UK? Hire me: http://www.sembee.co.uk/

                  Sembee is a registered trademark, used here with permission.

                  Comment


                  • #10
                    Re: Exchange 2010 Outlook any where multiple domains

                    Hi Sembee & scurlaruntings,

                    Thank you for your suggestion, i have purchased the SSL with the external domain name & now outlook is working from outside.

                    But i got a new problem for internal outlook clients, every few minutes there is a popup security alert stating: The name on the security certificate is invalid or does not match the name of the site. Please go through the attached

                    My external domain is : external.com
                    Internal Domain is: internal.com

                    I bought an SSL for mail.external.com & the security alert which i am getting on outlook internal clients is servername.internal.com

                    Please help me out with this. Many thanks in advance
                    Attached Files

                    Comment


                    • #11
                      Re: Exchange 2010 Outlook any where multiple domains

                      AFAIK the only solution is split DNS, so mail.external.com resolves to a local IP
                      (Plenty of information on on how to set it up)

                      Did you get a single name certificate or a SAN one as normally autodiscover.external.com is needed too?
                      Tom Jones
                      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                      PhD, MSc, FIAP, MIITT
                      IT Trainer / Consultant
                      Ossian Ltd
                      Scotland

                      ** Remember to give credit where credit is due and leave reputation points where appropriate **

                      Comment


                      • #12
                        Re: Exchange 2010 Outlook any where multiple domains

                        Yes mail.external.com is already pointing to Local internal IP

                        I bought a SAN UC: for both mail.external.com & autodiscover.external.com

                        Comment


                        • #13
                          Re: Exchange 2010 Outlook any where multiple domains

                          If you can get the certificate re-issued, it is worth adding the NetBIOS name and the internal domain name (mailserver and mailserver.localdomain.local or whatever you have), but I believe this will only work on certificates for the next couple of years. If you can't add the additional names, Split DNS is the way to go
                          Tom Jones
                          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                          PhD, MSc, FIAP, MIITT
                          IT Trainer / Consultant
                          Ossian Ltd
                          Scotland

                          ** Remember to give credit where credit is due and leave reputation points where appropriate **

                          Comment


                          • #14
                            Re: Exchange 2010 Outlook any where multiple domains

                            I have the option if reissuing the certificate; but the problem is that the internal domain is not registered globally. And for issuing the SAN UC they will verify that name is registered under our company or not.

                            Split DNS- DO u mean forwarding the DNS records to other IP?

                            Comment


                            • #15
                              Re: Exchange 2010 Outlook any where multiple domains

                              I have already given you the instructions on how to correct this problem - with the link above. Did you actually read the link?

                              Getting the certificate reissued with the internal names is one answer, but if your certificate is more than two years you will not be able to, because the SSL providers will not allow internal names.

                              Setup the split dns and reconfigure Exchange to use the external name internally as per the link I posted above.

                              Simon.
                              --
                              Simon Butler
                              Exchange MVP

                              Blog: http://blog.sembee.co.uk/
                              More Exchange Content: http://exchange.sembee.info/
                              Exchange Resources List: http://exbpa.com/
                              In the UK? Hire me: http://www.sembee.co.uk/

                              Sembee is a registered trademark, used here with permission.

                              Comment

                              Working...
                              X