No announcement yet.

OWA + OutlookAnywhere + Other Issues!

  • Filter
  • Time
  • Show
Clear All
new posts

  • OWA + OutlookAnywhere + Other Issues!


    I have just built my first SBS2008 server. I have built a few SB2003 servers before but I find I am a bit lost with 2008 and Exchange 07!

    This is a fresh build for my own company.

    I havent really touched IIS yet OWA is not working outside of the network - it just results in a "Unable to Connect" in FF and "Internet Explorer cannot display the webpage" in IE. Works fine internally, using https://servername/owa. Externally I am using with the correct DNS record set.

    I have found that RPC-HTTPS / Outlook Anywhere is not working either, probably tied to the above? When I let the Outlook 07 automatically set my account up it was working with HTTPS. At some point it gave me an error mentioning proxy and certificate, but it still worked. I have since taken it off HTTPS and connecting directly to Exchange - I will try reproduce the error tomrrow and post it.

    I have not installed any certs onto this server, I assume SBS08 comes installed with its own temp one?

    3rd problem is to do with Exchange - I have an email Distribution Group set up. Again, works fine internally. SMTP Email address is set up, no differently then how I would have done in 03.

    This group email is on a different email domain but other (user) email addresses set up on this second email domain work fine. When doing a manual telnet the error is "No such user". ???

    Last but not least, the SMTP Banner. It was set as my internal server FQDN and wouldnt let me change it, but I read you can untick "Server Auth" on the Receive Connector to use your own banner ( This is set in the console but when I connect it is now giving me a banner or rebooting server already, apart from that, not sure where else to look!

    Thanks in advance


  • #2
    Re: OWA + OutlookAnywhere + Other Issues!

    Quick update...I have found that I can telnet to port 25 + 80 from externally but not 443, whereas I can on all 3 ports internally.

    Firewall is definately set up correctly (even tried setting server as DMZ host), so I have emailed the manufacturer (Draytek 2930) so see if they have any input.

    Is there anyway I can change the https port for OWA to something else to test?


    • #3
      Re: OWA + OutlookAnywhere + Other Issues!


      I neglected to tick the box next to the firewall rule "Enable"

      This is what happens when one insists on working on these problems at 4am!

      OWA sorted, RPC-HTTPS fails due to cert not being a trusted one (buying 3rd party cert now). Other issues still stand though, but for now, going to bed!


      • #4
        Re: OWA + OutlookAnywhere + Other Issues!

        Glad to hear that you got it figured out. Now go get some sleep!


        • #5
          Re: OWA + OutlookAnywhere + Other Issues!

          Let me know how you go.

          Having troubles myself getting ActiveSync working with SBS2008, 3rd party cert and ISA 2006.

          Not a problem with same setup in standard domain (XGE 2K3 though).


          • #6
            Re: OWA + OutlookAnywhere + Other Issues!


            Something broke!

            I got to the office this morning to find Outlook stuck on Offline. Re-opening Outlook results in "Exchange Server is unavilable".

            I recreated the mail profile and it finds and underlines the Server/User but thats as far as it goes.

            OWA will not open. All Exchange services appear to be running, just did a fresh reboot or the server. Email is not bouncing, I just cant get OWA or Outlook to connect??

            Event Log errors are (from fresh boot)

            The certificates bound to the HTTPS listener for IPv4 and IPv6 do not match. For SSTP connections, certificates should be configured for for IPv4, and [::]:Port for IPv6. The port is the listener port configured to be used with SSTP. The default listener port is 443.

            The Routing and Remote Access service terminated with service-specific error 16389 (0x4005).

            The Network Policy Server service terminated with the following error:
            Unspecified error

            Thats it. I have a feeling the first SSTP message has somethingto do with it...but unsure where to look next.


            • #7
              Re: OWA + OutlookAnywhere + Other Issues!


              Not sure what happened but OWA started working...??

              Outlook still cannot connect to Exchange.

              Removed RRAS Role as I dont plan on using it.

              Reboot, event logs are clear now.

              Current problems are:

              1. Server will not update. Update Services seems borked, the Updates tab in the SBS Console just shows "An Error Occured while retreving updates information" in all sections.

              On the Home tab it says "Update Services is not properly installed. The following file or one of its dependencies is missing: Microsoft.Update.Services.Administration,Version=3 .1.6001.1, Culture=neutral, PublicKeyToken=31bf3856ad364e35

              Tried this link

              When doing that, Update Services service is not even in my services.msc list and running that command the server does nothing at all...

              2. Under Server Manager > Roles, I have a red X next to 6 Roles:
              Active Directory Certificate Services
              Active Directory Domain Services
              File Services
              Network Policy and Access Services
              Terminal Services
              Web Server (IIS)

              3. Outlook wont connect to Exchange!!

              Please, any suggestions...I dont feel like I am getting anywhere with this. I dont userstand why its so messed up, it was a clean install with no errors. I havent changed anything I can think of to cause all of this


              • #8
                Re: OWA + OutlookAnywhere + Other Issues!

                I feel like I'm just journaling my progress here but...

                I have a XP / Office 07 machine that I just looked at....and that is working fine?!?!?

                Apart from the user logged on, Outlook is configured the same. Just send/received external email to double check.

                What The F.


                • #9
                  Re: OWA + OutlookAnywhere + Other Issues!


                  Uninstalled Network Policy and Access Services and TS Gateway.

                  Restarted Server.

                  Recreated a new Outlook Profile, and it works!!

                  Lot less errors now too...

                  Active Directory Certificate Services

                  Could not connect to the Active Directory.  Active Directory Certificate Services will retry when processing requires Active Directory access.
                  Active Directory Certificate Services DOMAIN-SVRDC-CA can not open the certificate store at CN=NTAuthCertificates,CN=Public Key Services,CN=Services in the Active Directory's configuration container.
                  Active Directory Domain Services

                  The security of this directory server can be significantly enhanced by configuring the server to reject SASL (Negotiate,  Kerberos, NTLM, or Digest) LDAP binds that do not request signing (integrity verification) and LDAP simple binds that  are performed on a cleartext (non-SSL/TLS-encrypted) connection.  Even if no clients are using such binds, configuring the server to reject them will improve the security of this server. 
                  Some clients may currently be relying on unsigned SASL binds or LDAP simple binds over a non-SSL/TLS connection, and will stop working if this configuration change is made.  To assist in identifying these clients, if such binds occur this  directory server will log a summary event once every 24 hours indicating how many such binds  occurred.  You are encouraged to configure those clients to not use such binds.  Once no such events are observed  for an extended period, it is recommended that you configure the server to reject such binds. 
                  For more details and information on how to make this configuration change to the server, please see 
                  You can enable additional logging to log an event each time a client makes such a bind, including information on which client made the bind.  To do so, please raise the setting for the "LDAP Interface Events" event logging category to level 2 or higher.

                  The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.
                  File Services

                  Volume Shadow Copy Service error: The process that hosts the writer with name NPS VSS Writer and ID {35e81631-13e1-48db-97fc-d5bc721bb18a} does not run under a user with sufficient access rights.  Consider running this process under a local account which is either Local System, Administrator, Network Service, or Local Service. 
                     Initializing Writer
                     Writer Class Id: {35e81631-13e1-48db-97fc-d5bc721bb18a}
                     Writer Name: NPS VSS Writer


                  • #10
                    Re: OWA + OutlookAnywhere + Other Issues!

                    Fixed the Distribution Group Problem.

                    According to this link Email groups created in 07 require sender auth by default so if you want to accept external connections you need to turn that off.


                    Fixed WSUS problem. Uninstalled again and rebooted, reinstalled from SBS2008 CD2 setup file.

                    -Slight annoyance, SBS Console says "The Software Update has been modified and no longer meets the recommended configuration".

                    I'll come back to this later.

                    I'm going to create a new thread for the left over issues I have, as I think it would be more appropriate.

                    Sorry for my ramblings, hopefully this helps someone along the way.


                    • #11
                      Re: OWA + OutlookAnywhere + Other Issues!

                      Hongman, you are doing great. This Community appreciates you sharing the knowledge you are gaining as you learn more and more during your IT "travels".

                      Keep up the ramblings.
                      Joined: 23rd December 2003
                      Departed: 23rd December 2015


                      • #12
                        Re: OWA + OutlookAnywhere + Other Issues!

                        I have now solved the cert problems.

                        I bought an SSL cert (single) from ipsca. However, once it arrived and I tried completing the "Add a trusted certificate" wizard, it didnt work! Error message was that it could the website name did not match...

                        However, I knew it matched.

                        Instead I had to manually install it follwoing this guide here:


                        One additional problem I had though was that my browsers still threw up an error about it not recognising the CA. After a lot of time wasting searching I found out that Ipsca's root ca cert expired, and you have to download and install their new one (it is now also available as part of the MS Root Cert Update).

                        Now, no errrors, and Outlook Anywhere works a treat all SSL'ed up


                        • #13
                          Re: OWA + OutlookAnywhere + Other Issues!

                          Just one comment:
                          OWA url in SBS 2003:
                          OWA url in SBS 2008:
                          Perhaps that is why your certificates don't "match", but otherwise good documentation of the problems and the process - just try UTFW (using the wizards) more and you should have less problems.

                          Steven Teiger [SBS-MVP(2003-2009)]
                          Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

                          We donít stop playing because we grow old, we grow old because we stop playing.


                          • #14
                            Re: OWA + OutlookAnywhere + Other Issues!

                            This was a brand new 08 install and cert so no importing of old certs.

                            Strange thing is, it complained the the addresses didnt mathc but the problem all along was that the server didnt have the newest root cert updates.