OutlookAnywhere Configuration
So I inherited this system but I didn't set it up. My boss came to me with a problem. He's testing the http proxy setup that a user outside our network would use to get setup using outlookAnywhere.
I have 3 servers.
1 ncsbcs2 = Hub Transport/mailbox
1 Thorim = Mailbox
1 Hodir = Client access
Our OWA site and OutlookAnywhere works for internal network or vpn'd users. OWA works externally. OutlookAnywhere isn't working externally.
So i did some quick research and pulled up the OutlookAnywhere config via the command shell. Here is the config.
"ServerName : NCSBCS2
SSLOffloading : False
ExternalHostname : webmail.ibts.org
ClientAuthenticationMethod : Basic
IISAuthenticationMethods : {Basic}
MetabasePath : IIS://NCSBCS2.ibts.org/W3SVC/1/ROOT/Rpc
Path : C:\WINDOWS\System32\RpcProxy
Server : NCSBCS2
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Rpc (Default Web Site)
DistinguishedName : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols,CN=NCSBCS2,CN=Servers,C
N=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Gr
oups,CN=EXCHANGE,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC
=ibts,DC=org
Identity : NCSBCS2\Rpc (Default Web Site)
Guid : 8b7aaef9-8090-4d0b-9e37-b76fa6df3957
ObjectCategory : ibts.org/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
WhenChanged : 5/17/2011 12:51:53 PM
WhenCreated : 9/9/2009 7:15:08 PM
OriginatingServer : Halfus.ibts.org
IsValid : True
ServerName : HODIR
SSLOffloading : False
ExternalHostname : webmail2.ibts.org
ClientAuthenticationMethod : Basic
IISAuthenticationMethods : {Basic}
MetabasePath : IIS://HODIR.ibts.org/W3SVC/1/ROOT/Rpc
Path : C:\Windows\System32\RpcProxy
Server : HODIR
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Rpc (Default Web Site)
DistinguishedName : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols,CN=HODIR,CN=Servers,CN=
Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Grou
ps,CN=EXCHANGE,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=i
bts,DC=org
Identity : HODIR\Rpc (Default Web Site)
Guid : 40ed09cd-262c-4533-bf8f-4fa31d64ff30
ObjectCategory : ibts.org/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
WhenChanged : 5/17/2011 12:51:53 PM
WhenCreated : 9/15/2009 1:28:06 PM
OriginatingServer : Halfus.ibts.org
IsValid : True"
Couple of things I see right off the bat.
1. ncsbcs2 isn't a client access server. I don't know why it's in this config, except that over time the rols of these servers have changed. Maybe it used to be the only mail server and had all of the roles on it? I'm afraid to try removing
it from the config for fear of messing up the system.
2. In the ncsbcs2 portion, the externalhostname setting says webmai.ibts.org but it should be webmail2.ibts.org if anything. I think this might be the problem my boss came to me with.
I found this article on how to set the external hostname for outlook anywhere.
http://technet.microsoft.com/en-us/library/aa996902.aspx
I tried to follow the EMC section but when I go to server configuration, the only server listed there is Hodir, and it already has the correct external hostname configuration.
Any help is greatly appreciated!
June 23rd, 2011 4:37pm
Btw I also tried this commandlet but got this error..
[PS] C:\Documents and Settings\srubin>Set-OutlookAnywhere -externalhostname "webmail2.ibts.org"
cmdlet Set-OutlookAnywhere at command pipeline position 1
Supply values for the following parameters:
Identity: [PS] C:\Documents and Settings\srubin>Set-OutlookAnywhere -externalhostname "webmail2.ibts
.org"
cmdlet Set-OutlookAnywhere at command pipeline position 1
Supply values for the following parameters:
Identity: ncsbcs2
Set-OutlookAnywhere : The operation could not be performed because object 'ncsbcs2' could not be fo
und on domain controller 'Halfus.ibts.org'.
At line:1 char:20
+ Set-OutlookAnywhere <<<< -externalhostname "webmail2.ibts.org"
+ CategoryInfo : NotSpecified: (0:Int32) [Set-OutlookAnywhere], ManagementObjectNotFo
undException
+ FullyQualifiedErrorId : 2B8842D1,Microsoft.Exchange.Management.SystemConfigurationTasks.SetR
pcHttp
Free Windows Admin Tool Kit Click here and download it now
June 23rd, 2011 4:39pm
hi,
can you check with connectivity tool ;
https://www.testexchangeconnectivity.com/
share the result pls.
Mumin CICEK | www.cozumpark.com | Please click Vote As Helpful if it is helpful for you and Propose as Answer!!!
June 23rd, 2011 5:00pm
Testing RPC/HTTP connectivity.
The RPC/HTTP test failed.
Test Steps
ExRCA is attempting to test Autodiscover for
sprice@ibts.org.
Testing Autodiscover failed.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service couldn't be contacted successfully by any method.
Test Steps
Attempting to test potential Autodiscover URL
https://ibts.org/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name ibts.org in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 69.94.124.59
Testing TCP port 443 on host ibts.org to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
Validating the certificate name.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Host name ibts.org doesn't match any name found on the server certificate CN=gray.secure-host.com, OU=Domain Control Validated - RapidSSL(R), OU=See
www.rapidssl.com/resources/cps (c)11, OU=GT79753911, O=gray.secure-host.com, C=US, SERIALNUMBER=hMoIBRSS6gxP5W1vNoA2/EZ8emT41Um/.
Attempting to test potential Autodiscover URL
https://autodiscover.ibts.org/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name autodiscover.ibts.org in DNS.
The host name couldn't be resolved.
Tell me more about this issue and how to resolve it
Additional Details
Host autodiscover.ibts.org couldn't be resolved in DNS Exception details:
Message: The requested name is valid, but no data of the requested type was found
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Dns.GetAddrInfo(String name)
at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostAddresses(String hostNameOrAddress)
at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTest.PerformTestReally()
.
Attempting to contact the Autodiscover service using the HTTP redirect method.
The attempt to contact Autodiscover using the HTTP Redirect method failed.
Test Steps
Attempting to resolve the host name autodiscover.ibts.org in DNS.
The host name couldn't be resolved.
Tell me more about this issue and how to resolve it
Additional Details
Host autodiscover.ibts.org couldn't be resolved in DNS Exception details:
Message: The requested name is valid, but no data of the requested type was found
Type: System.Net.Sockets.SocketException
Stack trace:
at System.Net.Dns.GetAddrInfo(String name)
at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostAddresses(String hostNameOrAddress)
at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTest.PerformTestReally()
.
Attempting to contact the Autodiscover service using the DNS SRV redirect method.
ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.ibts.org in DNS.
The Autodiscover SRV record wasn't found in DNS.
Tell me more about this issue and how to resolve it
Free Windows Admin Tool Kit Click here and download it now
June 23rd, 2011 5:29pm
Hi,
The test result indicates the DNS error and the certificate error for your Outlook Anywhere. Besides, I tested in my side and it appears the Outlook
Anywhere is not well installed.
My suggestion is:
1.
Make sure RPC over HTTP component is installed in your OWA server.
2.
Make sure the URL
https://YourExternalURL/RPC/RPCproxy.dll is accessible from external network (the expected result is a blank page after credential prompt).
3.
The current certificate you installed is issued to gray.secure-host.com, which does not match your domain name ibts.org. You need a valid certificate which
contains your external URL domain name, and it is recommended a third party certificate that could be trusted by your client computer.
4.
You also need an external DNS A record to resolve
https://ibts.org. (it appears it is working now with an certificate error). Make sure Https:/ibts.org/autodiscover/autodiscover.xml is accessible from external network.
5.
For more information, see the brief summary in
http://social.technet.microsoft.com/Forums/en-US/exchangesvrgeneral/thread/bdea4dd3-52c0-4e78-8949-790812786180.
BTW, I noticed that
http://ibts.org/owa is a web page for your company. Please note that, it is not recommended to install other web application in CAS server, since it might cause confusions and make it complex
for troubleshooting. If it is a SBS server (or it is limit for internet-facing server), create a new web site to separate different web applications.
Hope it is useful.
Best regards,
Fiona Liao
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
June 26th, 2011 11:02pm
I was able to fix this by just repairing each item that had a problem that showed up using the
www.testexchangeconnectivity.com site.
I added external dns for autodiscover.mydomain.com, I added an internal DNS service record for autodiscover in Active Directory DNS. I purchased a new UCC SSL cert and added autodiscover to that.
This part though "BTW, I noticed thathttp://ibts.org/owa is a web page for your company. Please note that,
it is not recommended to install other web application in CAS server, since it might cause confusions and make it complex for troubleshooting. If it is a SBS server (or it is limit for internet-facing server), create a new web site to separate different web
applications." is good advice and I noticed it too. ibts.org is just a web page and does not run anything exchange. ibts.org/owa should resolve to nothing. I'll look more into that.
Free Windows Admin Tool Kit Click here and download it now
June 27th, 2011 11:43pm
I'm a little confused about this part
Https:/ibts.org/autodiscover/autodiscover.xml ibts.org is our main site but has nothing to do with exchange. Webmail2.ibts.org is our CLA site/server. Unfortunately it does
run other services with websites like Blackberry and Deltek. I will be rebuilding our email infrastucture soon in Exchange 2010 and I'll make sure everything is done right and best practices are followed then (I didn't build this system) ibts.org
itself is our internal domain. I can have an external dns record made that points that to
www.ibts.org which is an externally hosted website. Internally though, it points to domain controllers.
June 27th, 2011 11:51pm
Https://ibts.org/autodiscover/autodiscover.xml is
not exactly correct since you have multiple internet-facing servers. I would say
https://externalURL/autodiscover/autodiscover.xml.
The reason is that, Autodiscover service for external users uses the following URLs in sequence to attempt to connect CAS server:
https://<smtpdomain>/Autodiscover/Autodiscover.xml
https://autodiscover.<smtpdomain>/Autodiscover/Autodiscover.xml
Here smtpdomain is the suffix of user’s email address.
This DNS record does not affect Outlook Anywhere connection, but affect the useage including Free/busy, Out of office, OAB downloading, etc.
For more information, see Microsoft articles below:
Background
http://support.microsoft.com/kb/940881
Autodiscover and Exchange 2007
http://technet.microsoft.com/en-us/library/bb232838(EXCHG.80).aspx
Best regards,
Fiona Liao
Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
June 28th, 2011 5:54am
I had a weird problem today and I think it had to do with my "fixes" for this. Everyone lost the ability to log in to mail. To fix it I has to remove the autodiscover service record in active directory.
The external dns is still there and I hope it works.
June 28th, 2011 1:36pm