Announcement

Collapse
No announcement yet.

External connection to Exchange fails

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • External connection to Exchange fails

    Happy Friday!

    Here's some background info: We're running Essential Business Server 2008 Standard and the two suspected servers are the Messaging and Security servers. Both have Exchange 2007 on them; the Messaging acts as a hub transport and the Security acts as an edge transport and has Forefront TMG installed.

    What's going on is when I try to externally connect a Mac (using the Mail app) to our Exchange server I am seeing the error log 0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED. When I attempt an external connection from Outlook 2007, I end up seeing port 135 being blocked by the default rule. The strange thing is that I've configured smartphones (Android and iPhones) to connect to our Exchange server externally and they have no problem. Is there something I'm missing here?

    I've been able to successfully connect email clients to the internal FQDN of the Messaging server and it works perfectly. My guess is TMG is causing the trouble, suggestions? My goal is to allow clients to send/receive mail externally from any mail client they choose.

  • #2
    Re: External connection to Exchange fails

    Does Mail for Mac suuport Outlook Anywhere (RPC over HTTPS)? If it doesn't then you need Outlook, which I suspect is the only client that will work. The only other way to do it would be to allow POP/IMAP access externally, which is (IMO) a terrible idea.

    TMG is blocking port 135 which is the RPC negotiation port which suggests that the client is trying to connect via MAPI, which is not allowed except on the LAN.
    BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
    sigpic
    Cruachan's Blog

    Comment


    • #3
      Re: External connection to Exchange fails

      So just make sure RPC over HTTPS is externally accessible in order for our users to be able to use Outlook from home? Guessing by the TMG logs, this would mean making port 135 available from the outside. Correct me if I'm wrong.

      After some reading around it seems a VPN is the only way to allow Mail for Mac to work, sounds like an interesting future project!

      Comment


      • #4
        Re: External connection to Exchange fails

        DO NOT open port 135 to the internet, RPC over HTTPS access uses port 443 which channels RPC traffic securely through SSL. Use the TMG wizards to publish your Exchange protocols (OWA, ActiveSync and Outlook Anywhere) and they will open the required ports which really is only 443. If Mail does not support Outlook Anywhere then a VPN is the best option.
        BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
        sigpic
        Cruachan's Blog

        Comment


        • #5
          Re: External connection to Exchange fails

          Sounds good to me, I'll search around and see what I can find. The easiest solution would be to install Outlook onto the Mac for now. I would like to get a VPN configured eventually but I have way too much on my plate at the moment. Thank you for your help!

          Comment

          Working...
          X