Unable to connect with Outlook Anywhere
Internal connection works fine. I verify this by looking at Exchange Connection Status (right-click the Outlook system tray icon and click Connection Status...) and can see that Connection is via HTTPS instead of TCP/IP.However, when connectioning from the outside I'm promted for logon at my mailbox server. Not the CAS server the but mailbox server. From the inside I connect to webmail07.insidedomain.netFrom the outside I connect to webmail07.outsidedomain.comMy certificate is correct, it has both names in the SAN. OWA and ActiveSync work fine.I ideas on what to check?ThanksChad.
September 9th, 2008 1:31am
I've tried Basic Auth.
Free Windows Admin Tool Kit Click here and download it now
September 9th, 2008 1:48am
Firstly, please confirm me following items.
1. Would you please let me know when the logon pop-up is prompting? Configure Profile, Logon Mailbox or perform other operations?( if possible, Please capture a screenshot and upload it to some space which I can access)
2. Can the external domain name be resolved by client? whether the autodiscover host record on DNS point to CAS server?
3. Please run get-exchangecertificate and post the result on there or send to me at v-jassol@microsoft.com
4. If you have ISA firewall before Exchange server, have you published it properly and make sure SSL certificate is working with it?
At this time, I suggest you use RPCping to test RPC Proxy Server and backend ports. Before you run rpcping commands, You need download RPCping tool, please refer to KB article:
http://support.microsoft.com/kb/831051
Testing the RPC Proxy Server
=====================
When you troubleshoot for connectivity problems in Outlook 2007 and in Outlook 2003 using the Exchange over the Internet feature, first determine if the RPC Proxy server is responding correctly. The following sample shows how to determine if the RPC Proxy server is responding correctly.
Syntax:
rpcping -t ncacn_http -s ExchServer -o RpcProxy=RPCProxyServer -P "user,domain,*" -I "user,domain,*" -H 2 -u 10 -a connect -F 3 -v 3 -E -R none
You will receive a prompt to enter your password for your Exchange server, and then you will receive a prompt for your password for the RPC Proxy server. If the RPC Ping Utility test was successful, you will receive the following reply:
RPCPinging proxy server ExchServer with Echo Request Packet
Sending ping to server
Response from server received: 200
Pinging successfully completed in Response_Time ms
How to Verify That the Client Can Contact Backend Ports
============================================
By default, the RPC Proxy server does not publish the EPM port location. Therefore, you cannot ping the EPM from outside your intranet or use the UUID of the service.
However, you can specify the backend port that you want to test. By default, the store is on port 6001 and DsProxy is on port 6004. If these locations have been changed, the ports can be verified by using the RpcDump utility. The RpcDump utility is available from the Microsoft Windows Server 2003 Resource Kit package. Additionally, Microsoft does not recommend publishing the global catalog Directory Service or the Exchange referral service.
The following RPC Ping Utility examples are typed in at the command prompt. To access the command prompt, click Start, point to All Programs, point to Accessories, and then click Command Prompt.
How to Use Basic Authentication and SSL to Connect to the Stores Port
Syntax:
RpcPing t ncacn_http s ExchangeMBXServer -o RpcProxy=RpcProxyServer -P "user,domain,password" -I "user,domain,password" -H 1 F 3 a connect u 10 v 3 e 6001
How to Use Basic Authentication, SSL, and Mutual Authentication to Connect to the Stores Port
Syntax:
RpcPing t ncacn_http s ExchangeMBXServer -o RpcProxy=RpcProxyServer -P "user,domain,password" -I "user,domain,password" -H 1 F 3 a connect u 10 v 3 e 6001 B msstderver_certificate_subject
How to use NTLM Authentication and Non-SSL to Connect to DsProxy Service
Syntax :
RpcPing t ncacn_http s ExchangeMBXServer -o RpcProxy=RpcProxyServer -P "user,domain,password" -I "user,domain,password" -H 2 F 2 a connect u 10 v 3 e 6004
Please let me know the RPC ping result as more information as you can.
Jason
September 10th, 2008 8:46am
Hello,
According to my further test, It is expected behavior that user and password require to type for once while using outlook anywhere external to connect exchange mailbox server. Also, it's right that password dialog box shows to connect mailbox server instead of CAS server. I would like to explain that this is because the destination server should be mailbox server instead of RPC proxy server. please let me know if you can access mailbox this time after typing the domain name\user and password correctly on the dialog box.
Thanks,
-Jason
Free Windows Admin Tool Kit Click here and download it now
September 11th, 2008 8:38am
No, I cannot access the mailbox. The password is accepted at the CAS server but not at the Mailbox server.
September 11th, 2008 5:16pm
How you verify that the password is accepted at the CAS Server?
This is complicated case, you may follow troubleshooting CAS Server to Mailbox Server with RPCing tool as my previous post suggested. However, Since the forum post is no more interactive than phone Support, I also recommend your submit an case to our Profession Support Team to solve this issue if it's a urgent situation.
-Jason
Free Windows Admin Tool Kit Click here and download it now
September 15th, 2008 9:57am