Hi

I have just set up a new exchange 2013 standard server at my customers but I have come across a problem I have not been able to sort out.

All my domain joined PC's are all connected and working well but I have several remote users which are non domain joined and connect via a VPN tunnel.

When I try to connect I get a message about not been able to sync the mailbox while it is offline. I have tried recreating the profile, setting the account to allows ask for a password' deleting the clients XML file and several other things but I still cannot get it to connect.

I tried to use IMAP as an alternative but I couldn't get it to send mail.

Can anyone help?

The client is windows 7 with office 2007 32 bit.

Thanks,

Alamb200

Good evening Ed

I am new to 2013, do you have any details on how to check the auto discover?

Hi,

If the Exchange server and Outlook 2013 works fine in internal network, we believe there is no issue in Exchange system and Outlook product.

Which VPN are you used? Do you get same IP range with your Exchange server by VPN?

Please verify the following configuration in your VPN:
1. Verify the error message or prompt if you have received, it may provide useful clue for troubleshooting. 
2. If it is Exchange 2013 system, verify and insure the connection to your CAS server is working.
3. If it is domain user account you are using to login windows, verify and insure VPN allows NTLM authentication.
4. Check if VPN allows Encrypt data between Microsoft Office Outlook and Microsoft Exchange Server.

Good Morning,

I have just connected on to the server and used ECP to go to Servers, Virtual Directories.When I highlight Autodiscover and select the spanner symbol I see this:

I have added the server name in the top box and the fqdn in the bottom box. Is this correct?

Thanks,

alamb200

• Edited by alamb200 20 hours 54 minutes ago add image

This is the error I get when I try to connect to the mailbox:

Good Morning,

I have just connected on to the server and used ECP to go to Servers, Virtual Directories.When I highlight Autodiscover and select the spanner symbol I see this:

I have added the server name in the top box and the fqdn in the bottom box. Is this correct?

Thanks,

alamb200

• Edited by alamb200 Monday, July 13, 2015 10:32 AM add image

Good Morning,

I have just connected on to the server and used ECP to go to Servers, Virtual Directories.When I highlight Autodiscover and select the spanner symbol I see this:

I have added the server name in the top box and the fqdn in the bottom box. Is this correct?

Thanks,

alamb200

• Edited by alamb200 Monday, July 13, 2015 10:32 AM add image

A little more information which may help to try and find where the issue is.

While I was onsite I attached my laptop to the network and still was unable to open the mailboxes. This would rule out the VPN because I was connected locally.

Also when connecting iphones I was not able to use the exchange option but had to use an ipap connection.

Are these two things related?

The domain th eserver is using is domain.co.uk which is the same as their external email domain but there are no specific external dns records configured.

I have set up a CNAME record inside DNS on the network called autodicsover, but this has not helped either.

The records I entered in the external access domain settings have not held, when I go back in they have been cleared again.

HELP!!!!

Try this in a command window:

telnet autodiscover.domain.co.uk 443
telnet webmail.domain.co.uk 443

This is what I am getting back:

C:\Windows\system32>telnet autodiscover.domain.com 443
Connecting To autodiscover.domain.com...Could not open connection to t
he host, on port 443: Connect failed

I have put a firewall in place to allow https from all three options but my connection is still getting refused.

There is no nat involved because the PC is on the same plan as the server.

Should I add an entry for auto discover using the shell?

This is what I am getting back:

C:\Windows\system32>telnet autodiscover.domain.com 443
Connecting To autodiscover.domain.com...Could not open connection to t
he host, on port 443: Connect failed

I have put a firewall in place to allow https from all three options but my connection is still getting refused.

try nslookup autodiscover.domain.com and nslookup webmail.domain.com (where webmail is whatever you use).

I'm goign to bet autodiscover.domain.com does not resolve to anything, if it doesn't point it to the same ip as webmail.domain.com

This may sound like a really stupid question but are you talking about external dns records? As far as I know the customer does not have any external dns records set up for autodiscover or webmail

Running the nslookup internally gave met the following results:

PS C:\Users\Administrator.BSERVER2012> nslookup autodiscover.bancroft-linings.com
Server:  localhost
Address:  ::1

Name:    bserver2012.domain.com
Address:  192.168.11.1
Aliases:  autodiscover.domain.com

PS C:\Users\Administrator.BSERVER2012> nslookup bserver2012.domain.com
Server:  localhost
Address:  ::1

Name:    bserver2012.domain.com
Address:  192.168.11.1

PS C:\Users\Administrator.BSERVER2012>

Do I need external dns records in place for this to work?

This may sound like a really stupid question but are you talking about external dns records? As far as I know the customer does not have any external dns records set up for autodiscover or webmail

Running the nslookup internally gave met the following results:

PS C:\Users\Administrator.BSERVER2012> nslookup autodiscover.bancroft-linings.com
Server:  localhost
Address:  ::1

Name:    bserver2012.domain.com
Address:  192.168.11.1
Aliases:  autodiscover.domain.com

PS C:\Users\Administrator.BSERVER2012> nslookup bserver2012.domain.com
Server:  localhost
Address:  ::1

Name:    bserver2012.domain.com
Address:  192.168.11.1

PS C:\Users\Administrator.BSERVER2012>

Do I need external dns records in place for this to work?

I have just added public dns records for autodiscover and webmail and tested the nslookup again.

This is the result:

Y:\>nslookup autodiscover.domain.com
Server:  rdsmail.mydomain.co.uk
Address:  local_ip

Non-authoritative answer:
Name:    webmail.domain.com
Address:  correct_public_ip
Aliases:  autodiscover.domain.com


Y:\>nslookup webmail.domain.com
Server:  rdsmail.mydomain.co.uk
Address:  local_ip

Non-authoritative answer:
Name:    webmail.domain.com
Address:  correct_public_ip

Is this correct?

I have just added public dns records for autodiscover and webmail and tested the nslookup again.

This is the result:

Y:\>nslookup autodiscover.domain.com
Server:  rdsmail.mydomain.co.uk
Address:  local_ip

Non-authoritative answer:
Name:    webmail.domain.com
Address:  correct_public_ip
Aliases:  autodiscover.domain.com


Y:\>nslookup webmail.domain.com
Server:  rdsmail.mydomain.co.uk
Address:  local_ip

Non-authoritative answer:
Name:    webmail.domain.com
Address:  correct_public_ip

Is this correct?

Looks good.. now try running through this and see if everythign comes back happy:

https://testconnectivity.microsoft.com/

Looks good.. now try running through this and see if everythign comes back happy:

https://testconnectivity.microsoft.com/

Thanks everyone for there help with this but in the end I had to go to Microsoft.

There answer is below but for some reason it is cutting off part of the information:

Solution

========

  Ran the command using Exchange Management Shell to fix the Outlook Anywhere settings:

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Get-OutlookAnywhere | Set-OutlookAnywhere -ExternalHostname webmail.bancroft-linings.com -ExternalClientAuthenticationMethod NTLM -ExternalClientsRequireSsl $true -InternalClientsRequireSsl $true

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

  Externally webmail.bancroft-linings.com is published and we do not have the URL webmail.bancroft-linings.com present in the SSL certificate

  Hence created new self-signed certificate using Exchange Management Console including the server Netbios name, webmail.bancroft-linings.com, autodiscover.bancroft-linings.com

  Deployed new SSL certificate using Group Policy so that domain users will not face any issues

  Assigned IIS service to the new SSL certificate

  Deleted the CNAME record in external DNS for autodiscover.brancroft-linings.com

  Created SRV record for autodiscover.brancroft-linings.com

-----------------------------------------------------------------

_autodiscover._tcp.bancroft-linings.com SRV service location:

          priority       = 10

          weight         = 10

          port           = 443

          svr hostname   = webmail.bancroft-linings.com

-----------------------------------------------------------------

  Fixed the ExternalUrls for OAB, OWA, EWS, Microsoft-Server-ActiveSync and pointed it to webmail.bancroft-linings.com using Exchange Admin Center

  On external Outlook client machine installed the self-signed SSL certificate first

  Now connected Outlook using Autodiscover and it connected automatically without any issues

  Post above steps issue stands resolved

• Marked as answer by alamb200 15 hours 50 minutes ago