Exchange Server 2013 Outlook Anywhere issue

I am working on an issue with Outlook Anywhere in Exchange 2013 where external and also internal users cannot connect. This is a new server co-existing with an Exchange 2010 server that will soon be decommissioned.

When I run an Outlook Connectivity test on testexchangeconnectivity.com I get the following error. I am not seeing anything in the application or system logs. I already applied CU 8 and am seeing the same results. External is a TMG and publishing to CAS 2013 server, which then proxy to CAS 2010

Testexchangeconnectivity.com
Attempting to ping RPC proxy <external Exchange URL>.
RPC Proxy can't be pinged.

Additional Details

An unexpected network-level exception was encountered. Exception details:
Message: The remote server returned an error: (500) Internal Server Error.
Type: Microsoft.Exchange.Tools.ExRca.Extensions.MapiTransportException
Stack trace:
at Microsoft.Exchange.Tools.ExRca.Extensions.MapiRpcTestClient.PingProtocolProxy(String endpointIdentifier)
at Microsoft.Exchange.Tools.ExRca.Tests.MapiPingProxyTest.PerformTestReally()
Exception details:
Message: The remote server returned an error: (500) Internal Server Error.
Type: System.Net.WebException
Stack trace:
at System.Net.HttpWebRequest.GetResponse()
at RpcPingLib.RpcPing.PingProxy(String internalServerFqdn, String endpoint)
at Microsoft.Exchange.Tools.ExRca.Extensions.MapiRpcTestClient.PingProtocolProxy(String endpointIdentifier)
Elapsed Time: 290 ms.

Outlook internal

When i autoconfigure outlook all is setup OK and client and Outlook works. Do i enable the use HTTPS on fast network. Close Outlook and start again i get a login prompt where i not can login does not accept credentials as in OWA i can login with these credentials. Do i change in the HOSTS file autodisover and webmail back to CAS 2010 it also works

SetupServer Internal Hostname External Hostname Auth.(Int.) Auth. (Ext.) Auth. IIS Last modified on: 
2010-EXC01  webmail.contoso.com Ntlm Ntlm Ntlm 11/04/2013 10:34:55 
2010-EXC02  webmail.contoso.com Ntlm Ntlm Ntlm 11/04/2013 10:34:55 
2013-EXC13 webmail.contoso.com webmail.contoso.com Ntlm Ntlm Basic Ntlm Negotiate 04/13/2015 17:40:09 
2013-EXC14 webmail.contoso.com webmail.contoso.com Ntlm Ntlm Basic Ntlm Negotiate 04/13/2015 17:40:32 


June 3rd, 2015 10:45pm

Hi Satish,

First of all thanks for sticking in this topic!

The EX 2010 servers are older , we just introduced EX 13 Cu8 servers in co-existence.

We use a SAN certificate webmail.contoso.com with also autodiscover.contoso.com

No Outlook-provider configured, exch , expr, web are blank.
0
1) IIS Certificate Mapping Authentication is not installed on any server
2) Active Directory Client Certificate Authentication is Disabled on all server
3) Not exactly clear what i should check but SAN certificate is enabled on default and backend website on all servers, all servers use same SAN certificate
4) ClientCertificateMappingAuth is set to False

Situation is as follow:

- When we point A-host records (autodiscover & webmail) to CAS 2010, RPC Outlook Anywhere works successfull (fast network use HTTP first is enabled)

- When we switch A-host records (autodiscover & webmail) to CAS 2013, RPC Outlook Anywhere does not work for an user with mailbox on EX 2010 (still fast network use HTTP first selected). A password prompt comes up we cannot pass by even with entering correct credential Error is MSRPC 500

In HTTPERR logfiles on CAS 2013 we see:

2015-06-04 16:49:27 10.12.19.33 52786 10.212.119.31 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?exc2013-casmbx1:6001 400 2 BadRequest MSExchangeRpcProxyAppPool
2015-06-04 16:49:38 10.12.19.32 30351 10.212.119.31 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?exc2013-casmbx1:6001 400 2 Connection_Dropped MSExchangeRpcProxyAppPool
2015-06-04 16:49:44 ::1%0 48510 ::1%0 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?exc2013-casmbx1:6001 400 2 BadRequest MSExchangeRpcProxyAppPool

In IISlogs:

2015-06-06 17:57:12 10.12.19.31 RPC_IN_DATA /rpc/rpcproxy.dll exc2010-casarray.contoso.com:6002&CorrelationID=<empty>;&ClientId=FIF0LIGTUGWMCRWODVOKA&RequestId=dbfa30f9-18ef-4469-8ee0-be1718eddbb1&cafeReqId=dbfa30f9-18ef-4469-8ee0-be1718eddbb1; 443 contoso\user1 10.99.0.15 MSRPC - 500 0 64 156
2015-06-06 17:57:12 10.12.19.31 RPC_OUT_DATA /rpc/rpcproxy.dll exc2010-casarray.contoso.com:6002&CorrelationID=<empty>;&ClientId=MVUOR0KCCKCCWKFOOXG&RequestId=8f8e137c-ae90-47a8-a2ee-75aaea748651&cafeReqId=8f8e137c-ae90-47a8-a2ee-75aaea748651; 443 - 10.99.0.15 MSRPC - 401 1 2148074254 0

Outlook Anywhere:

Server Internal Hostname External Hostname Auth.(Int.) Auth. (Ext.) Auth. IIS Last modified on: 
exc2010-cas1  webmail.contoso.com Ntlm Ntlm Ntlm 11/04/2013 10:21:07 
exc2010-cas2  webmail.contoso.com Ntlm Ntlm Ntlm 11/04/2013 10:21:07 
exc2010-cas1  webmail.contoso.com Ntlm Ntlm Ntlm 11/04/2013 10:21:07 
exc2013-casmbx1  webmail.contoso.com webmail.contoso.com Ntlm Ntlm Ntlm 06/05/2015 10:41:53 
exc2013-casmbx2  webmail.contoso.com webmail.contoso.com Ntlm Ntlm Ntlm 06/05/2015 10:59:17 
exc2013-casmbx3  webmail.contoso.com webmail.contoso.com Ntlm Ntlm Ntlm 06/05/2015 10:59:31 
exc2013-casmbx4  webmail.contoso.com webmail.contoso.com Ntlm Ntlm Ntlm 06/05/2015 10:59:37 
exc2013-casmbx5  webmail.contoso.com webmail.contoso.com Ntlm Ntlm Ntlm 06/05/2015 10:59:42 
exc2013-casmbx6  webmail.contoso.com webmail.contoso.com Ntlm Ntlm Ntlm 06/05/2015 10:59:47 

Reinstall RPC Outlook Anywhere does not look necessary to me cause RPC Outlook Anywhere works against the CAS 2010 when autodiscover and webmail point to CAS 2010.
Problem occurs when CAS 2013 proxies to CAS 2010 when a mailbox is on MBX 2010



Free Windows Admin Tool Kit Click here and download it now
June 6th, 2015 5:29pm

Hi Sathish,

URL's, internal, external and auth are mentioned on the end in my post above yours.

Server Internal Hostname External Hostname Auth.(Int.) Auth. (Ext.) Auth. IIS Last modified on: 
exc2010-cas1  webmail.contoso.com Ntlm Ntlm Ntlm 11/04/2013 10:21:07 
exc2010-cas2  webmail.contoso.com Ntlm Ntlm Ntlm 11/04/2013 10:21:07 
exc2010-cas1  webmail.contoso.com Ntlm Ntlm Ntlm 11/04/2013 10:21:07 
exc2013-casmbx1  webmail.contoso.com webmail.contoso.com Ntlm Ntlm Ntlm 06/05/2015 10:41:53 
exc2013-casmbx2  webmail.contoso.com webmail.contoso.com Ntlm Ntlm Ntlm 06/05/2015 10:59:17 
exc2013-casmbx3  webmail.contoso.com webmail.contoso.com Ntlm Ntlm Ntlm 06/05/2015 10:59:31 
exc2013-casmbx4  webmail.contoso.com webmail.contoso.com Ntlm Ntlm Ntlm 06/05/2015 10:59:37 
exc2013-casmbx5  webmail.contoso.com webmail.contoso.com Ntlm Ntlm Ntlm 06/05/2015 10:59:42 
exc2013-casmbx6  webmail.contoso.com webmail.contoso.com Ntlm Ntlm Ntlm 06/05/2015 10:59:47 

1) OA is enabled on the 3 CAS 2010 servers

2) See above, all urls are same on 2010 and 2013

3) All OA auth are on NTLM

4) No vdir redirection in IIS on 2010 and/or 2013 servers

June 7th, 2015 3:37am

Hi 

I would suggest you to open a case with Microsoft support if none of the above is working . These things can be very difficult to diagnose ,very hard to debug since few more log analysis is required in this case. 

Its better to contact a tech support guy from MS who will be able to tell us the root cause. 

Please keep us posted about the solution you get from Microsoft.

Free Windows Admin Tool Kit Click here and download it now
June 7th, 2015 6:56am

I generally set *both* Basic auth and NTLM on the 2010 CAS for IIS Authentication and leave the 2013 CAS at the default for IIS authentication. ( I leave the defaults alone on the 2013 side which are Basic, NTLM and Negotiate)

June 7th, 2015 10:19am

Hi Andy, good to see you and thanks for replying!

OK, i did set Basic and NTLM on CAS2010 IIS Auth.

Also set Basic, NTLM and Negotitate on CAS2013 IIS Auth. (i had this initially but had the problem then also).

Did not do iisreset on CAS2010 because working hours. But in my idea an iisreset is not necessary for iis auth change right?

But after the changes problem still exists, i get login prompt and cannot login.


Free Windows Admin Tool Kit Click here and download it now
June 7th, 2015 1:29pm

Hey there!

I see TMG mentioned. Hmm, haven't used that in a coexistence env. myself.

Have you seen:

http://cloudmmunity.blogspot.com/2013/06/exchange-2013-coexistence-2010-tmg.html

https://social.technet.microsoft.com/Forums/en-US/196b24a2-ce51-4449-86e9-78c0a6989e67/publishing-exchange-coexistance-in-20102013-in-tmg?forum=exchangesvrdeploy

June 7th, 2015 4:12pm

Hi there Andy,

Correct but we use TMG only for external publication and thus for external devices.

As i hit errors via TMG i decided to test from internal to exclude TMG.

So the tests i'm performing are from internal network , so i directly access the CAS2013/CAS2010 servers on internal ip's.


Free Windows Admin Tool Kit Click here and download it now
June 7th, 2015 4:36pm

Hi Andy, good to see you and thanks for replying!

OK, i did set Basic and NTLM on CAS2010 IIS Auth.

Also set Basic, NTLM and Negotitate on CAS2013 IIS Auth. (i had this initially but had the problem then also).

Did not do iisreset on CAS2010 because working hours. But in my idea an iisreset is not necessary for iis auth change right?

But after the changes problem still exists, i get login prompt and cannot login.


June 7th, 2015 5:27pm

Problem resolved as per

https://support.microsoft.com/en-us/kb/2990117

Free Windows Admin Tool Kit Click here and download it now
June 9th, 2015 9:10am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics