• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Exchange 2007 Outlook Anywhere - Cannot resolve name

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2007] >> Outlook Web Access >> Exchange 2007 Outlook Anywhere - Cannot resolve name Page: [1]
Login
Message << Older Topic   Newer Topic >>
Exchange 2007 Outlook Anywhere - Cannot resolve name - 1.Aug.2009 12:19:29 AM   
mvalpreda

 

Posts: 56
Joined: 13.May2007
Status: offline
We have an internal server running Windows 2008 x64 + Exchange 2007. CAS server running Windows 2003 x64 + Exchange 2007. Self-signed certificate on the CAS server. OWA works fine. Trying to set up Outlook Anywhere and having issues.

Installed RPC over HTTP on the CAS server and checked ValidPorts under HKLM\Software\Microsoft\RPC\RpcProxy

NETBIOSINTERNALSERVER:6001-6002;NETBIOSINTERNALSERVER:6004;FQDNINTERNALSERVER:6001-6002;FQDNINTERNALSERVER:6004

Exchange management console:
Server Configuration, Client Access, CAS server, Outlook Anywhere
External host name: FQDNCASSERVER
Basic authentication

2007 autodiscovery is not working (don't have a CNAME for autodiscovery.email-domain.com just yet) and manual set up is not working either.
Outlook profile is configured like this:
Exchange server: FQDNCASSERVER
User name: the user name ;)
Exchange proxy settings:
Use this URL: FQDNCASSERVER
Only connect to proxy servers: msstd:FQDNCASSERVER
Fast networks unchecked
Slow networks checked
Basic Authentication

I tried logging in with domain\user, FQDN of the CAS server\user, NETBIOS name of the CAS server\user with no luck on any.

This is what is in the IIS logs on the CAS
2009-08-01 04:01:44 W3SVC1 EXTERNAL_IP RPC_IN_DATA /rpc/rpcproxy.dll FQDNCASSERVER:6004 443 domain\user MY_IP MSRPC 200 0 0
2009-08-01 04:01:44 W3SVC1 EXTERNAL_IP RPC_OUT_DATA /rpc/rpcproxy.dll FQDNCASSERVER:6004 443 domain\user MY_IP MSRPC 200 0 0
2009-08-01 04:02:25 W3SVC1 EXTERNAL_IP RPC_IN_DATA /rpc/rpcproxy.dll FQDNCASSERVER:6004 443 FQDNCASSERVER\user MY_IP MSRPC 401 1 1326
2009-08-01 04:02:25 W3SVC1 EXTERNAL_IP RPC_OUT_DATA /rpc/rpcproxy.dll FQDNCASSERVER:6004 443 FQDNCASSERVER\user MY_IP MSRPC 401 1 1326
2009-08-01 04:02:31 W3SVC1 EXTERNAL_IP RPC_OUT_DATA /rpc/rpcproxy.dll FQDNCASSERVER:6004 443 domain\user MY_IP MSRPC 200 0 0
2009-08-01 04:02:31 W3SVC1 EXTERNAL_IP RPC_IN_DATA /rpc/rpcproxy.dll FQDNCASSERVER:6004 443 domain\user MY_IP MSRPC 200 0 0
2009-08-01 04:03:06 W3SVC1 EXTERNAL_IP RPC_IN_DATA /rpc/rpcproxy.dll FQDNCASSERVER:6004 443 NETBIOSNAMECAS\user MY_IP MSRPC 401 1 1326
2009-08-01 04:03:06 W3SVC1 EXTERNAL_IP RPC_OUT_DATA /rpc/rpcproxy.dll FQDNCASSERVER:6004 443 NETBIOSNAMECAS\user MY_IP MSRPC 401 1 1326

I'm sure it's something simple. I included everything I did so if I a missing anything.....let me know. Any help is appreciated!
Post #: 1
RE: Exchange 2007 Outlook Anywhere - Cannot resolve name - 2.Aug.2009 5:43:46 AM   
jveldh

 

Posts: 2335
Joined: 12.Apr.2008
From: The Netherlands
Status: offline
Hi,

Please run the following commands and post the output here:

get-exchangecertificate | fl *
Get-OutlookAnywhere -Server servername | fl *
Test-OutlookWebServices user@yourdomain.com | fl

Also check if you can access the autodiscovery from external:
https://autodiscover.domain.com/autodiscover/autodiscover.xml or
https://domain.com/autodiscover/autodiscover.xml

Also run the ExBpa tool to search for issues in your environment and sent the xml to me via a private message so I can help you further solving this issue.

_____________________________

Best regards,

Johan Veldhuis

Visit my Exchange blog

(in reply to mvalpreda)
Post #: 2
RE: Exchange 2007 Outlook Anywhere - Cannot resolve name - 2.Aug.2009 7:25:49 PM   
mvalpreda

 

Posts: 56
Joined: 13.May2007
Status: offline
Currently autodiscover is not set up external. I don't have a CNAME set up (just yet) for that. That should be done on Monday.

With the BPA....which tests should I run?

As for the rest of the information:
get-exchangecertificate | fl *

AccessRules          : {System.Security.AccessControl.CryptoKeyAccessRule, Syst
                      em.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains   : {FQDN-OUTSIDECASE}
CertificateRequest   :
IisServices          : {IIS://INSIDENETBIOSNAME/W3SVC/1}
IsSelfSigned         : False
KeyIdentifier        : B4B100B05CF641ED5E048C54D77E4D802C57AEA8
RootCAType           : Registry
Services             : IMAP, POP, IIS
Status               : Valid
PrivateKeyExportable : True
Archived             : False
Extensions           : {System.Security.Cryptography.Oid, System.Security.Crypt
                      ography.Oid, System.Security.Cryptography.Oid, System.Se
                      curity.Cryptography.Oid, System.Security.Cryptography.Oi
                      d, System.Security.Cryptography.Oid, System.Security.Cry
                      ptography.Oid, System.Security.Cryptography.Oid}
FriendlyName         : FQDN-OUTSIDECAS
IssuerName           : System.Security.Cryptography.X509Certificates.X500Distin
                      guishedName
NotAfter             : 6/15/2011 3:58:54 PM
NotBefore            : 6/15/2009 3:58:54 PM
HasPrivateKey        : True
PrivateKey           : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey            : System.Security.Cryptography.X509Certificates.PublicKey
RawData              : {48, 130, 5, 248, 48, 130, 4, 224, 160, 3, 2, 1, 2, 2, 1
                      0, 97...}
SerialNumber         : 61780AC6000000000002
SubjectName          : System.Security.Cryptography.X509Certificates.X500Distin
                      guishedName
SignatureAlgorithm   : System.Security.Cryptography.Oid
Thumbprint           : ADFBF2974D7052B2AB1FD8C4D22189E8946CB6D3
Version              : 3
Handle               : 469803472
Issuer               : CN=FQDN-OUTSIDECAS, DC=XXX, DC=XXXXXXXX, DC=com
Subject              : CN=FQDN-OUTSIDECAS, OU=IT, O=XXXXXX, L=XXXXXXXXX
                      , S=XX, C=US

AccessRules          : {System.Security.AccessControl.CryptoKeyAccessRule, Syst
                      em.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains   : {FQDN-OUTSIDECAS}
CertificateRequest   :
IisServices          : {}
IsSelfSigned         : True
KeyIdentifier        : 97C16EB67853C849BBF580B2E9639E3C2A612027
RootCAType           : Registry
Services             : IMAP, POP
Status               : Valid
PrivateKeyExportable : True
Archived             : False
Extensions           : {System.Security.Cryptography.Oid, System.Security.Crypt
                      ography.Oid, System.Security.Cryptography.Oid, System.Se
                      curity.Cryptography.Oid, System.Security.Cryptography.Oi
                      d, System.Security.Cryptography.Oid}
FriendlyName         :
IssuerName           : System.Security.Cryptography.X509Certificates.X500Distin
                      guishedName
NotAfter             : 6/15/2019 4:04:24 PM
NotBefore            : 6/15/2009 3:55:18 PM
HasPrivateKey        : True
PrivateKey           : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey            : System.Security.Cryptography.X509Certificates.PublicKey
RawData              : {48, 130, 4, 218, 48, 130, 3, 194, 160, 3, 2, 1, 2, 2, 1
                      6, 33...}
SerialNumber         : 21E98F470F9778B24B6D2B30914E32CA
SubjectName          : System.Security.Cryptography.X509Certificates.X500Distin
                      guishedName
SignatureAlgorithm   : System.Security.Cryptography.Oid
Thumbprint           : 7F61E7F20D5049E43108F6742CF3632530B5ADD5
Version              : 3
Handle               : 469804896
Issuer               : CN=FQDN-OUTSIDECAS, DC=XXX, DC=XXXXXXXX, DC=com
Subject              : CN=FQDN-OUTSIDECAS, DC=XXX, DC=XXXXXXXX, DC=com

AccessRules          : {System.Security.AccessControl.CryptoKeyAccessRule, Syst
                      em.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains   : {INSIDENETBIOSNAME, FQDN-INSIDE}
CertificateRequest   :
IisServices          : {}
IsSelfSigned         : True
KeyIdentifier        : 305B58362DB2EEADC78CD7367358B4283E38CBD3
RootCAType           : Unknown
Services             : None
Status               : Valid
PrivateKeyExportable : False
Archived             : False
Extensions           : {System.Security.Cryptography.Oid, System.Security.Crypt
                      ography.Oid, System.Security.Cryptography.Oid, System.Se
                      curity.Cryptography.Oid}
FriendlyName         : Microsoft Exchange
IssuerName           : System.Security.Cryptography.X509Certificates.X500Distin
                      guishedName
NotAfter             : 6/15/2010 2:12:59 PM
NotBefore            : 6/15/2009 2:12:59 PM
HasPrivateKey        : True
PrivateKey           : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey            : System.Security.Cryptography.X509Certificates.PublicKey
RawData              : {48, 130, 3, 1, 48, 130, 1, 233, 160, 3, 2, 1, 2, 2, 16,
                       43...}
SerialNumber         : 2B899262875E06944F0E7A2ABDD39CCC
SubjectName          : System.Security.Cryptography.X509Certificates.X500Distin
                      guishedName
SignatureAlgorithm   : System.Security.Cryptography.Oid
Thumbprint           : 590674811BEF7CE51DA0945DC8989463B5887DDA
Version              : 3
Handle               : 469803616
Issuer               : CN=INSSIDENETBIOSNAME
Subject              : CN=INSSIDENETBIOSNAME



Get-OutlookAnywhere -Server INSIDENETBIOSNAME | fl *

ServerName                 : INSIDENETBIOSNAME
SSLOffloading              : False
ExternalHostname           : FQDN-OUSIDE
ClientAuthenticationMethod : Basic
IISAuthenticationMethods   : {Basic}
MetabasePath               : IIS://FQDN-OUSIDE/W3SVC/1/ROOT/Rpc
Path                       : C:\WINDOWS\System32\RpcProxy
Server                     : INSIDENETBIOSNAME
AdminDisplayName           :
ExchangeVersion            : 0.1 (8.0.535.0)
Name                       : Rpc (Default Web Site)
DistinguishedName          : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols,CN=
                            INSIDENETBIOSNAME,CN=Servers,CN=Exchange Administrative Group (F
                            YDIBOHF23SPDLT),CN=Administrative Groups,CN=XXXXXXXX
                            X,CN=Microsoft Exchange,CN=Services,CN=Configurati
                            on,DC=XXX,DC=XXXXXXX,DC=com
Identity                   : INSIDENETBIOSNAME\Rpc (Default Web Site)
Guid                       : 5ba0ea74-f909-4197-9f11-3b1a47fe4930
ObjectCategory             : INSIDEDOMAINNAME/Configuration/Schema/ms-Exch-Rpc-
                            Http-Virtual-Directory
ObjectClass                : {top, msExchVirtualDirectory, msExchRpcHttpVirtual
                            Directory}
WhenChanged                : 7/31/2009 9:23:24 PM
WhenCreated                : 7/31/2009 8:38:30 PM
OriginatingServer          : FQDN-INSIDE-GC
IsValid                    : True



Test-OutlookWebServices user@emaildomain.com | fl

Id      : 1003
Type    : Information
Message : About to test AutoDiscover with the e-mail address Test@EMAILDOMAIN.com.

Id      : 1006
Type    : Information
Message : The Autodiscover service was contacted at https://FQDN-INSIDE-MAILBOXSERVER/autodiscover/autodiscover.xml.

Id      : 1016
Type    : Success
Message : [EXCH]-Successfully contacted the AS service at https://FQDN-INSIDE-MAILBOXSERVER/EWS/Exchange.asmx. The elapsed time was 312 milliseconds.

Id      : 1015
Type    : Success
Message : [EXCH]-Successfully contacted the OAB service at https://FQDN-INSIDE-MAILBOXSERVER/EWS/Exchange.asmx. The elapsed time was 0 milliseconds.

Id      : 1014
Type    : Success
Message : [EXCH]-Successfully contacted the UM service at https://FQDN-INSIDE-MAILBOXSERVER/UnifiedMessaging/Service.asmx. The elapsed time was 937 milliseconds.

Id      : 1016
Type    : Information
Message : [EXPR]-The AS is not configured for this user.

Id      : 1015
Type    : Information
Message : [EXPR]-The OAB is not configured for this user.

Id      : 1014
Type    : Information
Message : [EXPR]-The UM is not configured for this user.

Id      : 1017
Type    : Success
Message : [EXPR]-Successfully contacted the RPC/HTTP service at https://FQDN-OUSIDE-CASSERVER/Rpc. The elapsed time was 187 milliseconds.

Id      : 1006
Type    : Success
Message : The Autodiscover service was tested successfully.

(in reply to jveldh)
Post #: 3
RE: Exchange 2007 Outlook Anywhere - Cannot resolve name - 2.Aug.2009 7:38:57 PM   
mvalpreda

 

Posts: 56
Joined: 13.May2007
Status: offline
The only (significant) error I had in BPA was "Write DACL inherit (group)" and I did the Remove-ADPermission command, ran BPA again and the error was not there on the second run. The other errors were about self-signed certificates (I'm aware!), drivers and other stuff that I am pretty sure is safe to ignore.

Connectivity test came up clean.

(in reply to mvalpreda)
Post #: 4
RE: Exchange 2007 Outlook Anywhere - Cannot resolve name - 3.Aug.2009 2:27:48 PM   
jveldh

 

Posts: 2335
Joined: 12.Apr.2008
From: The Netherlands
Status: offline
Hi,

It all looks ok on the first sight please try to use www.testexchangeconnectivity.com and test the Autodiscovery option.

_____________________________

Best regards,

Johan Veldhuis

Visit my Exchange blog

(in reply to mvalpreda)
Post #: 5
RE: Exchange 2007 Outlook Anywhere - Cannot resolve name - 3.Aug.2009 2:30:05 PM   
mvalpreda

 

Posts: 56
Joined: 13.May2007
Status: offline
I don't have my CNAME populated for autodiscover.domain.com in there yet. When I configure it manually, I get the endless password prompt.

(in reply to jveldh)
Post #: 6
RE: Exchange 2007 Outlook Anywhere - Cannot resolve name - 3.Aug.2009 3:29:50 PM   
jveldh

 

Posts: 2335
Joined: 12.Apr.2008
From: The Netherlands
Status: offline
Hi,

In that case please check all virtual directories and check if they use the same authentication method. There are some issues when using NTLM in most cases changing the authentication mode to basic solved the issue.

_____________________________

Best regards,

Johan Veldhuis

Visit my Exchange blog

(in reply to mvalpreda)
Post #: 7
RE: Exchange 2007 Outlook Anywhere - Cannot resolve name - 3.Aug.2009 3:31:31 PM   
mvalpreda

 

Posts: 56
Joined: 13.May2007
Status: offline
Did the Outlook Anywhere Autodiscover Test

Attempting to Resolve the host name autodiscover.emaildomain.com in DNS.
Host successfully Resolved
Additional Details
IP(s) returned: <correct IP for my external CAS>
Testing TCP Port 443 on host autodiscover.emaildomain.com to ensure it is listening/open.
The port was opened successfully.
Testing SSL Certificate for validity.
The SSL Certificate failed one or more certificate validation checks.
Test Steps
   
Validating certificate name
Certificate name validation failed
   
Tell me more about this issue and how to resolve it
Additional Details
Host name autodiscover.emaildomain.com does not match any name found on the server certificate CN=FQDN-CAS-SERVER, OU=XX, O=XX, L=XX, S=XX, C=US
Attempting to contact the AutoDiscover service using the HTTP redirect method.
Failed to contact AutoDiscover using the HTTP Redirect method
Test Steps
   
Attempting to Resolve the host name autodiscover.emaildomain.com in DNS.
Host successfully Resolved
Additional Details
IP(s) returned: <correct IP for my external CAS>
Testing TCP Port 80 on host autodiscover.emaildomain.com to ensure it is listening/open.
The port was opened successfully.
Checking Host autodiscover.emaildomain.com for an HTTP redirect to AutoDiscover
Failed to get an HTTP redirect response for AutoDiscover
Additional Details
An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body is: <html><head><title>Error</title></head><body><head><title>Secure Channel Required</title></head> <body><h1>Secure Channel Required</h1>This Virtual Directory requires a browser that supports the configured encryption options.</body></body></html>

(in reply to jveldh)
Post #: 8
RE: Exchange 2007 Outlook Anywhere - Cannot resolve name - 3.Aug.2009 3:36:27 PM   
mvalpreda

 

Posts: 56
Joined: 13.May2007
Status: offline
I am using Basic on everything as far as I know. CAS is configured for basic authentication in the Exchange Management Console under Server Configuration, Client Access, properties of the outside CAS, Outlook Anywhere, Basic Authentication.

Is there some other place I should check it? Make sure that "Basic Authentication" is on every virtual directory in IIS in my default site? I checked and OAB, RpcWthCert, UnifiedMessaging and the Default Web Site did not have Basic Authentication checked.

< Message edited by mvalpreda -- 3.Aug.2009 3:43:45 PM >

(in reply to jveldh)
Post #: 9
RE: Exchange 2007 Outlook Anywhere - Cannot resolve name - 3.Aug.2009 4:27:33 PM   
jveldh

 

Posts: 2335
Joined: 12.Apr.2008
From: The Netherlands
Status: offline
Hi,

Please try to change the one from OAB to basic.

_____________________________

Best regards,

Johan Veldhuis

Visit my Exchange blog

(in reply to mvalpreda)
Post #: 10
RE: Exchange 2007 Outlook Anywhere - Cannot resolve name - 3.Aug.2009 4:40:13 PM   
mvalpreda

 

Posts: 56
Joined: 13.May2007
Status: offline
No dice. I get a password prompt and says "The connection to Microsoft Exchange is unavailable."

If I go past without clicking on "Check name" and then start Outlook, I get the same error after typing in my username/password.

< Message edited by mvalpreda -- 3.Aug.2009 4:41:37 PM >

(in reply to jveldh)
Post #: 11
RE: Exchange 2007 Outlook Anywhere - Cannot resolve name - 3.Aug.2009 4:47:21 PM   
mvalpreda

 

Posts: 56
Joined: 13.May2007
Status: offline
I have been doing the manual config with Outlook Anywhere until now. Just for kicks I tried doing an autodiscovery since I have the CNAME set up now.

When I type in my name and password, I get the same message about Exchange not being available. What is interesting is that when it comes up with the server name/mailbox window, it has the INTERNAL mailbox server listed and =SMTP:user@emaildomain.com listed. That mailbox server is 100% behind the firewall.

autodiscover.emaildomain.com points to the CAS on the outside.

(in reply to mvalpreda)
Post #: 12
RE: Exchange 2007 Outlook Anywhere - Cannot resolve name - 3.Aug.2009 6:30:21 PM   
mvalpreda

 

Posts: 56
Joined: 13.May2007
Status: offline
I added a CNAME for autodiscover.emaildomain.com to point to my external CAS and I also got a legit cert from GoDaddy today and it seems to be working better. I was able to get a non-domain machine outside of the network to autoconfigure.

Now my freaking iPhone won't connect! I deleted the account, restarted the phone and created a new Exchange account. It does the autodiscover (I guess) and comes back with the INTERNAL server name. There's no way to get to that internal mailbox from the outside. I put in the external server name and the account verification fails.

One step forward, one step back.

(in reply to mvalpreda)
Post #: 13
RE: Exchange 2007 Outlook Anywhere - Cannot resolve name - 4.Aug.2009 2:06:22 PM   
jveldh

 

Posts: 2335
Joined: 12.Apr.2008
From: The Netherlands
Status: offline
Hi,

Please check if the external url for Activsync is configured correctly.

_____________________________

Best regards,

Johan Veldhuis

Visit my Exchange blog

(in reply to mvalpreda)
Post #: 14
RE: Exchange 2007 Outlook Anywhere - Cannot resolve name - 14.Apr.2015 6:06:53 AM   
shukoormon

 

Posts: 2
Joined: 14.Apr.2015
Status: offline
I have setup Exchange 2010 server – all working fine inside the organisation.

I am trying to configure outlook 2010 to use the imap/outlook anyware accounts on exchange 2010, but can’t access these remotely (outside the office network).

I know I could use OWA, or exchange with RPC, or even a VPN – but I would like to use IMAP as I have around 10 email accounts, some on different domains, that I need to check regularly / at the same time.

I have the correct ports open on your firewall to allow IMAP traffic to pass through to our exchange server .
while I telnet with public ip address the port 143, 993, 110 its connected and ready.

Can anyone advise on how to setup exchange 2010 / outlook 2010 that I can access the imap account remotely using outlook 2010.
Thanks

(in reply to jveldh)
Post #: 15

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2007] >> Outlook Web Access >> Exchange 2007 Outlook Anywhere - Cannot resolve name Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter