OutlookAnywhere Configuration
So I inherited this system but I didn't set it up. My boss came to me with a problem. He's testing the http proxy setup that a user outside our network would use to get setup using outlookAnywhere. I have 3 servers. 1 ncsbcs2 = Hub Transport/mailbox 1 Thorim = Mailbox 1 Hodir = Client access Our OWA site and OutlookAnywhere works for internal network or vpn'd users. OWA works externally. OutlookAnywhere isn't working externally. So i did some quick research and pulled up the OutlookAnywhere config via the command shell. Here is the config. "ServerName : NCSBCS2 SSLOffloading : False ExternalHostname : webmail.ibts.org ClientAuthenticationMethod : Basic IISAuthenticationMethods : {Basic} MetabasePath : IIS://NCSBCS2.ibts.org/W3SVC/1/ROOT/Rpc Path : C:\WINDOWS\System32\RpcProxy Server : NCSBCS2 AdminDisplayName : ExchangeVersion : 0.1 (8.0.535.0) Name : Rpc (Default Web Site) DistinguishedName : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols,CN=NCSBCS2,CN=Servers,C N=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Gr oups,CN=EXCHANGE,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC =ibts,DC=org Identity : NCSBCS2\Rpc (Default Web Site) Guid : 8b7aaef9-8090-4d0b-9e37-b76fa6df3957 ObjectCategory : ibts.org/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory ObjectClass : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory} WhenChanged : 5/17/2011 12:51:53 PM WhenCreated : 9/9/2009 7:15:08 PM OriginatingServer : Halfus.ibts.org IsValid : True ServerName : HODIR SSLOffloading : False ExternalHostname : webmail2.ibts.org ClientAuthenticationMethod : Basic IISAuthenticationMethods : {Basic} MetabasePath : IIS://HODIR.ibts.org/W3SVC/1/ROOT/Rpc Path : C:\Windows\System32\RpcProxy Server : HODIR AdminDisplayName : ExchangeVersion : 0.1 (8.0.535.0) Name : Rpc (Default Web Site) DistinguishedName : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols,CN=HODIR,CN=Servers,CN= Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Grou ps,CN=EXCHANGE,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=i bts,DC=org Identity : HODIR\Rpc (Default Web Site) Guid : 40ed09cd-262c-4533-bf8f-4fa31d64ff30 ObjectCategory : ibts.org/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory ObjectClass : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory} WhenChanged : 5/17/2011 12:51:53 PM WhenCreated : 9/15/2009 1:28:06 PM OriginatingServer : Halfus.ibts.org IsValid : True" Couple of things I see right off the bat. 1. ncsbcs2 isn't a client access server. I don't know why it's in this config, except that over time the rols of these servers have changed. Maybe it used to be the only mail server and had all of the roles on it? I'm afraid to try removing it from the config for fear of messing up the system. 2. In the ncsbcs2 portion, the externalhostname setting says webmai.ibts.org but it should be webmail2.ibts.org if anything. I think this might be the problem my boss came to me with. I found this article on how to set the external hostname for outlook anywhere. http://technet.microsoft.com/en-us/library/aa996902.aspx I tried to follow the EMC section but when I go to server configuration, the only server listed there is Hodir, and it already has the correct external hostname configuration. Any help is greatly appreciated!
June 23rd, 2011 11:29pm

Btw I also tried this commandlet but got this error.. [PS] C:\Documents and Settings\srubin>Set-OutlookAnywhere -externalhostname "webmail2.ibts.org" cmdlet Set-OutlookAnywhere at command pipeline position 1 Supply values for the following parameters: Identity: [PS] C:\Documents and Settings\srubin>Set-OutlookAnywhere -externalhostname "webmail2.ibts .org" cmdlet Set-OutlookAnywhere at command pipeline position 1 Supply values for the following parameters: Identity: ncsbcs2 Set-OutlookAnywhere : The operation could not be performed because object 'ncsbcs2' could not be fo und on domain controller 'Halfus.ibts.org'. At line:1 char:20 + Set-OutlookAnywhere <<<< -externalhostname "webmail2.ibts.org" + CategoryInfo : NotSpecified: (0:Int32) [Set-OutlookAnywhere], ManagementObjectNotFo undException + FullyQualifiedErrorId : 2B8842D1,Microsoft.Exchange.Management.SystemConfigurationTasks.SetR pcHttp
Free Windows Admin Tool Kit Click here and download it now
June 23rd, 2011 11:32pm

hi, can you check with connectivity tool ; https://www.testexchangeconnectivity.com/ share the result pls. Mumin CICEK | www.cozumpark.com | Please click Vote As Helpful if it is helpful for you and Propose as Answer!!!
June 23rd, 2011 11:52pm

Testing RPC/HTTP connectivity. The RPC/HTTP test failed. Test Steps ExRCA is attempting to test Autodiscover for sprice@ibts.org. Testing Autodiscover failed. Test Steps Attempting each method of contacting the Autodiscover service. The Autodiscover service couldn't be contacted successfully by any method. Test Steps Attempting to test potential Autodiscover URL https://ibts.org/AutoDiscover/AutoDiscover.xml Testing of this potential Autodiscover URL failed. Test Steps Attempting to resolve the host name ibts.org in DNS. The host name resolved successfully. Additional Details IP addresses returned: 69.94.124.59 Testing TCP port 443 on host ibts.org to ensure it's listening and open. The port was opened successfully. Testing the SSL certificate to make sure it's valid. The SSL certificate failed one or more certificate validation checks. Test Steps Validating the certificate name. Certificate name validation failed. Tell me more about this issue and how to resolve it Additional Details Host name ibts.org doesn't match any name found on the server certificate CN=gray.secure-host.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)11, OU=GT79753911, O=gray.secure-host.com, C=US, SERIALNUMBER=hMoIBRSS6gxP5W1vNoA2/EZ8emT41Um/. Attempting to test potential Autodiscover URL https://autodiscover.ibts.org/AutoDiscover/AutoDiscover.xml Testing of this potential Autodiscover URL failed. Test Steps Attempting to resolve the host name autodiscover.ibts.org in DNS. The host name couldn't be resolved. Tell me more about this issue and how to resolve it Additional Details Host autodiscover.ibts.org couldn't be resolved in DNS Exception details: Message: The requested name is valid, but no data of the requested type was found Type: System.Net.Sockets.SocketException Stack trace: at System.Net.Dns.GetAddrInfo(String name) at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6) at System.Net.Dns.GetHostAddresses(String hostNameOrAddress) at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTest.PerformTestReally() . Attempting to contact the Autodiscover service using the HTTP redirect method. The attempt to contact Autodiscover using the HTTP Redirect method failed. Test Steps Attempting to resolve the host name autodiscover.ibts.org in DNS. The host name couldn't be resolved. Tell me more about this issue and how to resolve it Additional Details Host autodiscover.ibts.org couldn't be resolved in DNS Exception details: Message: The requested name is valid, but no data of the requested type was found Type: System.Net.Sockets.SocketException Stack trace: at System.Net.Dns.GetAddrInfo(String name) at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6) at System.Net.Dns.GetHostAddresses(String hostNameOrAddress) at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTest.PerformTestReally() . Attempting to contact the Autodiscover service using the DNS SRV redirect method. ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method. Test Steps Attempting to locate SRV record _autodiscover._tcp.ibts.org in DNS. The Autodiscover SRV record wasn't found in DNS. Tell me more about this issue and how to resolve it
Free Windows Admin Tool Kit Click here and download it now
June 24th, 2011 12:22am

Hi, The test result indicates the DNS error and the certificate error for your Outlook Anywhere. Besides, I tested in my side and it appears the Outlook Anywhere is not well installed. My suggestion is: 1. Make sure RPC over HTTP component is installed in your OWA server. 2. Make sure the URL https://YourExternalURL/RPC/RPCproxy.dll is accessible from external network (the expected result is a blank page after credential prompt). 3. The current certificate you installed is issued to gray.secure-host.com, which does not match your domain name ibts.org. You need a valid certificate which contains your external URL domain name, and it is recommended a third party certificate that could be trusted by your client computer. 4. You also need an external DNS A record to resolve https://ibts.org. (it appears it is working now with an certificate error). Make sure Https:/ibts.org/autodiscover/autodiscover.xml is accessible from external network. 5. For more information, see the brief summary in http://social.technet.microsoft.com/Forums/en-US/exchangesvrgeneral/thread/bdea4dd3-52c0-4e78-8949-790812786180. BTW, I noticed that http://ibts.org/owa is a web page for your company. Please note that, it is not recommended to install other web application in CAS server, since it might cause confusions and make it complex for troubleshooting. If it is a SBS server (or it is limit for internet-facing server), create a new web site to separate different web applications. Hope it is useful. Best regards, Fiona Liao Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
June 27th, 2011 6:01am

I was able to fix this by just repairing each item that had a problem that showed up using the www.testexchangeconnectivity.com site. I added external dns for autodiscover.mydomain.com, I added an internal DNS service record for autodiscover in Active Directory DNS. I purchased a new UCC SSL cert and added autodiscover to that. This part though "BTW, I noticed thathttp://ibts.org/owa is a web page for your company. Please note that, it is not recommended to install other web application in CAS server, since it might cause confusions and make it complex for troubleshooting. If it is a SBS server (or it is limit for internet-facing server), create a new web site to separate different web applications." is good advice and I noticed it too. ibts.org is just a web page and does not run anything exchange. ibts.org/owa should resolve to nothing. I'll look more into that.
Free Windows Admin Tool Kit Click here and download it now
June 27th, 2011 11:43pm

I'm a little confused about this part Https:/ibts.org/autodiscover/autodiscover.xml ibts.org is our main site but has nothing to do with exchange. Webmail2.ibts.org is our CLA site/server. Unfortunately it does run other services with websites like Blackberry and Deltek. I will be rebuilding our email infrastucture soon in Exchange 2010 and I'll make sure everything is done right and best practices are followed then (I didn't build this system) ibts.org itself is our internal domain. I can have an external dns record made that points that to www.ibts.org which is an externally hosted website. Internally though, it points to domain controllers.
June 27th, 2011 11:51pm

Https://ibts.org/autodiscover/autodiscover.xml is not exactly correct since you have multiple internet-facing servers. I would say https://externalURL/autodiscover/autodiscover.xml. The reason is that, Autodiscover service for external users uses the following URLs in sequence to attempt to connect CAS server: https://<smtpdomain>/Autodiscover/Autodiscover.xml https://autodiscover.<smtpdomain>/Autodiscover/Autodiscover.xml Here smtpdomain is the suffix of user’s email address. This DNS record does not affect Outlook Anywhere connection, but affect the useage including Free/busy, Out of office, OAB downloading, etc. For more information, see Microsoft articles below: Background http://support.microsoft.com/kb/940881 Autodiscover and Exchange 2007 http://technet.microsoft.com/en-us/library/bb232838(EXCHG.80).aspx Best regards, Fiona Liao Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
June 28th, 2011 5:54am

I had a weird problem today and I think it had to do with my "fixes" for this. Everyone lost the ability to log in to mail. To fix it I has to remove the autodiscover service record in active directory. The external dns is still there and I hope it works.
June 28th, 2011 8:35pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics