Connecting through external domain name
Hi, I am setting up my Exchange 2007 server on Server 2003 R2 x64. I have everything setup except connecting to Exchange through outlook using the external domain name. I am able to access the OWA using the external domain name.ISSUE: I know that it is generating the OABs, and when I connect inside the network with outlook, it resolves everything perfectly. I checked and the OABs are being generated and I am able to update them. I am not able to navigate to them using the external domain name... If I put HTTPS://localhost/OAB/GID/oab.xml, I get the xml. When I put HTTPS://exch.domain.local/OAB/GID/oab.xml, I get the file. When I use https://exchange.domain.com/OAB/GID/oab.xml I can not access it.Thanks,Rob
September 15th, 2009 6:05am
Firstly to connect to your inhouse Exchange 2007 over internet you must eaither connect to your office through VPN or Outlook anywhere must be configured on Exchange 2007 server, once you are done and met the mentioned points, we must do some more changes on Exchange 2007 CAS server (Configuring external URL's)As mentioned Internally yoiu will not have any issues but to access your mailbox over internet the mentioned things must be in place or configuredEnabling outlook anywhere....http://technet.microsoft.com/en-us/library/bb123889.aspxConfiguring Outllook with Outlook anywhere featurehttp://technet.microsoft.com/en-us/library/cc179036.aspxChanges to be done on CAS serverhttp://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/configuring-exchange-server-2007-web-services-urls.html
Free Windows Admin Tool Kit Click here and download it now
September 15th, 2009 10:05am
Ok, I followed all of the above mentioned procedures and I am getting "The Bookmark is not valid" when trying to connect to the CAS from an external domain....I tried to look it up but I am not sure where I am going wrong.Also, I ran a health check and I am getting the following errors....
The subject alternative name (SAN) of SSL certificate for https://exch01.domain.local/Microsoft-Server-ActiveSync does not appear to match the host address. Host address: exch01.domain.local. Current SAN: DNS Name=exchange.domain.com, DNS Name=www.exchange.domain.com.How do I correct this? I got an SSL and I followed all steps to import.The other error is:
'Authenticated Users' does not have 'Read' permission of folder 'C:\Program Files\Microsoft\Exchange Server\ClientAccess\OAB\9d93e56d-3e31-443d-8f76-a86df33a54de' on server exch01.domain.local. This will cause clients fail to download Offline Address Book via HTTP(s). Please add 'Read' permission of this folder to this group.I added read permission for Authenticated users and I still get this! What am I missing...Thanks for your help in advance.
September 15th, 2009 11:00pm
Hi,First let's clarify the environment.1. rpc virtual directory has been installed.2. RPC virtual directory has been published via ISA,or CAS has been published.3. Please use get-outlookprovider |fl and then post here.4. Please use get-certificate |fl and then post here.Certificate Principal Mismatchhttp://technet.microsoft.com/en-us/library/aa998424.aspx
When, if and how do you modify Outlook Providers?
http://msexchangeteam.com/archive/2008/09/29/449921.aspx
The Autodiscover Service and Outlook Providers - how does this stuff work?
http://msexchangeteam.com/archive/2008/09/26/449908.aspx
Free Windows Admin Tool Kit Click here and download it now
September 16th, 2009 8:38am
Hi, I am setting up my Exchange 2007 server on Server 2003 R2 x64.ISSUE: I know that it is generating the OABs, and when I connect inside the network with outlook, it resolves everything perfectly. I checked and the OABs are being generated and I am able to update them. I am not able to navigate to them using the external domain name... If I put HTTPS://localhost/OAB/GID/oab.xml, I get the xml. When I put HTTPS://exch.domain.local/OAB/GID/oab.xml, I get the file. When I use https://exchange.domain.com/OAB/GID/oab.xml I can not access it.
This is known issue / feature. I guess you have problems withtest-outlookwebservices | fl as well, such as:
Id : 1013
Type : ErrorMessage : When contactinghttps://exchange.domain.com/autodiscover/autodiscove r.xml received the error The remote server returned an error: (401) U nauthorized.
Id : 1006Type : ErrorMessage : The Autodiscover service could not be contacted.
This has worked on the Exchange servers I have experimented with (my own SBS 2008 on our test environment, all of which are Windows 2008)
Disable the loopback check
1.Click Start, click Run, type regedit, and then click OK.
2.In Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3.Right-click Lsa, point to New, and then click DWORD Value.
4.Type DisableLoopbackCheck, and then press ENTER.
5.Right-click DisableLoopbackCheck, and then click Modify.
6.In the Value data box, type 1, and then click OK.
7.Quit Registry Editor, and then restart your computer.
Now you should be able to use yourhttps://exchange.domain.com/OAB/GUID/oab.xml
Note: DisableLoopbackCheck can be disabled but then the system is left open to an attack and it is not recommend disabling this function unless you will enable once testing is completed.
jas
September 16th, 2009 2:56pm
You need to first publish the Autodiscovery URL to net. http://www.exchange-genie.com/2007/07/exchange-2007-autodiscover-service-part-1/
Exchange 2007 Offline Address Book Web Distribution
http://msexchangeteam.com/archive/2006/11/15/431502.aspx Vinod
|CCNA|MCSE 2003 +Messaging|MCTS|ITIL V3|
Free Windows Admin Tool Kit Click here and download it now
September 16th, 2009 3:50pm
Vinod, either you or I misunderstand the original posting: keyangler says everything works fine, except: "When I usehttps://exchange.domain.com/OAB/GID/oab.xmlI can not access it." We have the same issue in our production (Rollup 6) and test (Rollup 7) environment, and here at my place, SBS 2008 (Rollup 9). In addition this command does not work: Test-OutlookWebSerives does not work.
My understanding is that this not a bug, but a feature, for security reasons. You can make it work by enabling the Loopback Check.
Please C for yourself. I would be surprised if it works in your environments without making this change.
jas
September 16th, 2009 4:32pm
Thanks for correcting me Jon-Alfred Smith. Looks like i missed reading everything :))Vinod
|CCNA|MCSE 2003 +Messaging|MCTS|ITIL V3|
Free Windows Admin Tool Kit Click here and download it now
September 16th, 2009 4:47pm