I am working on an issue with Outlook Anywhere in Exchange 2013 where external and also internal users cannot connect. This is a new server co-existing with an Exchange 2010 server that will soon be decommissioned.

When I run an Outlook Connectivity test on testexchangeconnectivity.com I get the following error. I am not seeing anything in the application or system logs. I already applied CU 8 and am seeing the same results. External is a TMG and publishing to CAS 2013 server, which then proxy to CAS 2010

Testexchangeconnectivity.com
Attempting to ping RPC proxy <external Exchange URL>.
RPC Proxy can't be pinged.

Additional Details

An unexpected network-level exception was encountered. Exception details:
Message: The remote server returned an error: (500) Internal Server Error.
Type: Microsoft.Exchange.Tools.ExRca.Extensions.MapiTransportException
Stack trace:
at Microsoft.Exchange.Tools.ExRca.Extensions.MapiRpcTestClient.PingProtocolProxy(String endpointIdentifier)
at Microsoft.Exchange.Tools.ExRca.Tests.MapiPingProxyTest.PerformTestReally()
Exception details:
Message: The remote server returned an error: (500) Internal Server Error.
Type: System.Net.WebException
Stack trace:
at System.Net.HttpWebRequest.GetResponse()
at RpcPingLib.RpcPing.PingProxy(String internalServerFqdn, String endpoint)
at Microsoft.Exchange.Tools.ExRca.Extensions.MapiRpcTestClient.PingProtocolProxy(String endpointIdentifier)
Elapsed Time: 290 ms.

Outlook internal

When i autoconfigure outlook all is setup OK and client and Outlook works. Do i enable the use HTTPS on fast network. Close Outlook and start again i get a login prompt where i not can login does not accept credentials as in OWA i can login with these credentials. Do i change in the HOSTS file autodisover and webmail back to CAS 2010 it also works

SetupServer Internal Hostname External Hostname Auth.(Int.) Auth. (Ext.) Auth. IIS Last modified on: 
2010-EXC01  webmail.contoso.com Ntlm Ntlm Ntlm 11/04/2013 10:34:55 
2010-EXC02  webmail.contoso.com Ntlm Ntlm Ntlm 11/04/2013 10:34:55 
2013-EXC13 webmail.contoso.com webmail.contoso.com Ntlm Ntlm Basic Ntlm Negotiate 04/13/2015 17:40:09 
2013-EXC14 webmail.contoso.com webmail.contoso.com Ntlm Ntlm Basic Ntlm Negotiate 04/13/2015 17:40:32 

• Edited by dirkverhagen123 Wednesday, June 03, 2015 10:46 PM
• Moved by Jason Johnston [MSFT]Microsoft employee Thursday, June 04, 2015 2:24 PM Not a development question.

"This is a new server co-existing with an Exchange 2010 server that will soon be decommissioned."

As per your statement i think its all together fresh installation ?

remove-windowsfeature RPC-over-HTTP-proxy

later you can use 

ServerManagerCmd -i RPC-over-HTTP-proxy 

Also i would recommend you to check the below things:

Since its a new Exchange 2013 setup ensure Host A record for Mail ,Webmail and Auto discover on internal and external  DNS is created correctly.

Make sure that the certprincipal name that you are entering matches the name of the autodiscover that you have given in the SAN certificate and internal DNS.

Check your Outlook providers 

Though Outlook providers is not required as it is changes the autodiscover settings to global level from server level .But problems might arise if the outlook providers were not set correctly and autodiscover settings are not configured correctly

1. Please check if Certificate Mapping Authentication is installed on the server
2. Go to IIS manager and check if Active Directory Client Certificate Authentication is enabled.
3. Check if required Client certificate is enabled on VD. If not, enable it.
4. Check if the ClientCertificateMappingAuth is set true.

Map all of your external public DNS records (ews,owa,activesync etc.,) to your exchange 2013 public IP if you have dedicated one for 2013 or FQDN of your internet facing CAS server.

Hi Satish,

First of all thanks for sticking in this topic!

The EX 2010 servers are older , we just introduced EX 13 Cu8 servers in co-existence.

We use a SAN certificate webmail.contoso.com with also autodiscover.contoso.com

No Outlook-provider configured, exch , expr, web are blank.
0
1) IIS Certificate Mapping Authentication is not installed on any server
2) Active Directory Client Certificate Authentication is Disabled on all server
3) Not exactly clear what i should check but SAN certificate is enabled on default and backend website on all servers, all servers use same SAN certificate
4) ClientCertificateMappingAuth is set to False

Situation is as follow:

- When we point A-host records (autodiscover & webmail) to CAS 2010, RPC Outlook Anywhere works successfull (fast network use HTTP first is enabled)

- When we switch A-host records (autodiscover & webmail) to CAS 2013, RPC Outlook Anywhere does not work for an user with mailbox on EX 2010 (still fast network use HTTP first selected). A password prompt comes up we cannot pass by even with entering correct credential Error is MSRPC 500

In HTTPERR logfiles on CAS 2013 we see:

2015-06-04 16:49:27 10.12.19.33 52786 10.212.119.31 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?exc2013-casmbx1:6001 400 2 BadRequest MSExchangeRpcProxyAppPool
2015-06-04 16:49:38 10.12.19.32 30351 10.212.119.31 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?exc2013-casmbx1:6001 400 2 Connection_Dropped MSExchangeRpcProxyAppPool
2015-06-04 16:49:44 ::1%0 48510 ::1%0 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?exc2013-casmbx1:6001 400 2 BadRequest MSExchangeRpcProxyAppPool

In IISlogs:

2015-06-06 17:57:12 10.12.19.31 RPC_IN_DATA /rpc/rpcproxy.dll exc2010-casarray.contoso.com:6002&CorrelationID=<empty>;&ClientId=FIF0LIGTUGWMCRWODVOKA&RequestId=dbfa30f9-18ef-4469-8ee0-be1718eddbb1&cafeReqId=dbfa30f9-18ef-4469-8ee0-be1718eddbb1; 443 contoso\user1 10.99.0.15 MSRPC - 500 0 64 156
2015-06-06 17:57:12 10.12.19.31 RPC_OUT_DATA /rpc/rpcproxy.dll exc2010-casarray.contoso.com:6002&CorrelationID=<empty>;&ClientId=MVUOR0KCCKCCWKFOOXG&RequestId=8f8e137c-ae90-47a8-a2ee-75aaea748651&cafeReqId=8f8e137c-ae90-47a8-a2ee-75aaea748651; 443 - 10.99.0.15 MSRPC - 401 1 2148074254 0

Outlook Anywhere:

Server Internal Hostname External Hostname Auth.(Int.) Auth. (Ext.) Auth. IIS Last modified on: 
exc2010-cas1  webmail.contoso.com Ntlm Ntlm Ntlm 11/04/2013 10:21:07 
exc2010-cas2  webmail.contoso.com Ntlm Ntlm Ntlm 11/04/2013 10:21:07 
exc2010-cas1  webmail.contoso.com Ntlm Ntlm Ntlm 11/04/2013 10:21:07 
exc2013-casmbx1  webmail.contoso.com webmail.contoso.com Ntlm Ntlm Ntlm 06/05/2015 10:41:53 
exc2013-casmbx2  webmail.contoso.com webmail.contoso.com Ntlm Ntlm Ntlm 06/05/2015 10:59:17 
exc2013-casmbx3  webmail.contoso.com webmail.contoso.com Ntlm Ntlm Ntlm 06/05/2015 10:59:31 
exc2013-casmbx4  webmail.contoso.com webmail.contoso.com Ntlm Ntlm Ntlm 06/05/2015 10:59:37 
exc2013-casmbx5  webmail.contoso.com webmail.contoso.com Ntlm Ntlm Ntlm 06/05/2015 10:59:42 
exc2013-casmbx6  webmail.contoso.com webmail.contoso.com Ntlm Ntlm Ntlm 06/05/2015 10:59:47 

Reinstall RPC Outlook Anywhere does not look necessary to me cause RPC Outlook Anywhere works against the CAS 2010 when autodiscover and webmail point to CAS 2010.
Problem occurs when CAS 2013 proxies to CAS 2010 when a mailbox is on MBX 2010

• Edited by dirkverhagen123 12 hours 38 minutes ago

Hi 

  Thanks for providing your exact issue that you are facing 

To allow your Exchange 2013 Client Access server to redirect connections to your Exchange 2010 
servers, you must enable and configure Outlook anywhere on all of the Exchange 2010 servers.
You can probably run Get-Outlookanywhere on Exchange 2010 and see all the 
internal and external urls are  assigned and configured accordingly.

Also please check the below 

1 - Check Outlook Anywhere (OA) is enabled  on the Exchange 2010 Server
2 - Make sure that the 2010 server OA URL and Auth settings the same as Exchange 2013 
3 - Ensure that OA IIS authentication methods on the Exchange 2010 must include NTLM
(Change authentication on Exchange 2010 CAS server client auth method to NTLM)
4 - Make sure that no redirection is not configured on the IIS virtual directory ( any of the VD's ) in Exchange 2010 servers.

I would open a case with Microsoft support if none of the above is working . These things can be very difficult to diagnose ,very hard to debug and may vary according to each and every environment config ( certificates, network config(proxy,wan,lan), AD setup, Exchange setup, Sites, ISP hosting providers) .., etc since most of the troubleshoot did not help us.

Please update us if any of the above helped you or if you found a solution on the same 

Good Luck !!