• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

OUTLOOK ANYWHERE IN PLAIN ENGLISH THAT REALLY WORKS

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2010] >> Outlook Web Access >> OUTLOOK ANYWHERE IN PLAIN ENGLISH THAT REALLY WORKS Page: [1]
Login
Message << Older Topic   Newer Topic >>
OUTLOOK ANYWHERE IN PLAIN ENGLISH THAT REALLY WORKS - 16.Nov.2010 5:22:38 AM   
MailMan114

 

Posts: 9
Joined: 15.Nov.2010
Status: offline
I am becoming fed up with this, I should have stayed with Kerio Mail server.....................

Anyhow, has anyone really knows step by steps with Outlook 2010 and Exchange 2010 from outside the enterprise and no VPN how to make clients work behind firewall?

I installed Exchange Enterprise in WIN 2008 R2 Enterprise and all 3 domains are go, all receive from outside and internal clients can send. Web interface ultra brilliant but...............
From the outside, no way Jose.
Read and read articles galore but they say lots with no meaning, at least to me.

Anyone really knows this stuff?
Post #: 1
RE: OUTLOOK ANYWHERE IN PLAIN ENGLISH THAT REALLY WORKS - 16.Nov.2010 10:56:23 AM   
de.blackman

 

Posts: 3542
Joined: 4.Apr.2005
From: Toronto, Canada
Status: offline
What exactly is the problem? What errors do you get?
What configurations do you have?
How many servers running the CAS roles are there?
What do you mean by "all 3 domains"?
Do you have ISA or TMG deployed?
Does OWA work properly from the internet?


_____________________________

Ibrahim Benna - Microsoft Exchange MVP
Forum Moderator
Navantis
@IbrahimBenna

(in reply to MailMan114)
Post #: 2
RE: OUTLOOK ANYWHERE IN PLAIN ENGLISH THAT REALLY WORKS - 16.Nov.2010 6:22:08 PM   
MailMan114

 

Posts: 9
Joined: 15.Nov.2010
Status: offline
Good morning and thanks (bon Jour et Merci),

Ok here is what I have:

1) One machine only doing all jobs (domain controller, split brain DNS and Exchange.

2)Cisco router/firewall RV082 to the internet with the corresponding ports duly assigned. (25,SPOP,HTTPS and HTTP).

3)The domain controller and split brain DNS hosts 3 different public domains.

4)OWA works brilliantly well from the internet. Ultra perfect !

5)Exchange recieves mail from the outside for the 3 different domains with no dramas and internal users also send with Office 2010 Pro Plus with no dramas and external users send emails via OWA.

I tried to install RPC over HTTPS but suspect that still looks for TCP port 135 and does not parse accordingly.
How do I know or suspect this?........because if I take the firewall out things work !
Needless to say I am not going to have a network without firewall.......


Cheers

(in reply to de.blackman)
Post #: 3
RE: OUTLOOK ANYWHERE IN PLAIN ENGLISH THAT REALLY WORKS - 16.Nov.2010 6:27:05 PM   
MailMan114

 

Posts: 9
Joined: 15.Nov.2010
Status: offline
Oooops.........forgto to answer you 1st question,

1) Error I get before I take the firewall out of the circuit:" Outlook cannot find and establish server connection"
As soon as the firewall is not there this problems goes away.

C'est complique...........is complicated.......well I am not doing something correct or the documentation I have still is not fool proof in guys like me.........

I am too attached to Icewarp (Merak Mail) or Kerio. They work so well and easy to do in seconds.........

Merci mon ami

(in reply to de.blackman)
Post #: 4
RE: OUTLOOK ANYWHERE IN PLAIN ENGLISH THAT REALLY WORKS - 16.Nov.2010 6:50:03 PM   
MailMan114

 

Posts: 9
Joined: 15.Nov.2010
Status: offline
1)Domain is running on WIN 2008 Enterprise R2
2)Exchange is 2010 Enterprise
3)When I use the words :" 3 domains" this is for Mail server purposes. So the DNS has got the 3 Primary zones for these domains and then no recursion and forwarder DNS to ISP for anything else.
Basically split brain behaviour.

(in reply to de.blackman)
Post #: 5
RE: OUTLOOK ANYWHERE IN PLAIN ENGLISH THAT REALLY WORKS - 17.Nov.2010 5:14:46 AM   
MailMan114

 

Posts: 9
Joined: 15.Nov.2010
Status: offline
Have FOREFRONT Mail Security 2010 for Exchange.

I did run a packet sniffer when got home and the bloody thing is always trying on port TCP 135.

(in reply to de.blackman)
Post #: 6
RE: OUTLOOK ANYWHERE IN PLAIN ENGLISH THAT REALLY WORKS - 17.Nov.2010 9:00:08 AM   
de.blackman

 

Posts: 3542
Joined: 4.Apr.2005
From: Toronto, Canada
Status: offline
What it sounds like to me is that you do not have a problem with Exchange but rather a problem with your firewall! You mentioned that if you bypass the firewall, everything works! That tells me that you need to look at your firewall again and make sure it has been properly configured (unfortunately I am not familiar with firewalls!). Thats the first thing I noticed.

In your last port you mentioned that your packet sniffer from home shows outlook trying to communicate using port 135. Does it ever try HTTPS(443)? When you bypass the firewall, can you please confirm what port Outlook uses from your home machine? Also please run through the test at https://www.testexchangeconnectivity.com/ and make sure it is able to connect using Outlook AnyWhere. Post the results when completed.

_____________________________

Ibrahim Benna - Microsoft Exchange MVP
Forum Moderator
Navantis
@IbrahimBenna

(in reply to MailMan114)
Post #: 7
RE: OUTLOOK ANYWHERE IN PLAIN ENGLISH THAT REALLY WORKS - 17.Nov.2010 2:49:32 PM   
MailMan114

 

Posts: 9
Joined: 15.Nov.2010
Status: offline
Hi and thanks for your quick reply.

The answer is no, Outlook never tries to do it on 443 and this is where I get stuck.
My understanding is that RPC over http or CAS or whatever (the more I read the more confusing it gets...............) works in a way that Outlook will try yes or yes to originate port 443 which is HTTPS protocol. And that port is open in the firewall.
Yes, if I open 135 might work but that port is a Pandora's box and should never be opened. That port is MS NetBios.
So the trick is how the hell you get Oulook client to start 443 and never use 135.

Cheers

(in reply to de.blackman)
Post #: 8
RE: OUTLOOK ANYWHERE IN PLAIN ENGLISH THAT REALLY WORKS - 17.Nov.2010 6:22:51 PM   
de.blackman

 

Posts: 3542
Joined: 4.Apr.2005
From: Toronto, Canada
Status: offline
Please go through www.testexchangeconnectivity.com and post the results.

_____________________________

Ibrahim Benna - Microsoft Exchange MVP
Forum Moderator
Navantis
@IbrahimBenna

(in reply to MailMan114)
Post #: 9
RE: OUTLOOK ANYWHERE IN PLAIN ENGLISH THAT REALLY WORKS - 18.Nov.2010 3:12:47 AM   
MailMan114

 

Posts: 9
Joined: 15.Nov.2010
Status: offline
Ok, it is finaly working !!!! %*@(&$(@*%&))!($*)!(%!(*)(%*)(*$)(*

I wish some basic things were explained. I want 10 Million Euros (no American Banks, please!) for writing the untold secret.........................

Tested with Outlook 2007 and 2010 and ok, well somehow.

1) IT WILL NEVER WORK WITH NON PRE INSTALLED SELF SIGNED CERTS
2) EVERY TIME YOU OPEN OUTLOOK WILL PROMPT FOR PASSWORD AND ACCEPTING THE CERT

So, I had to install the cert manually in the laptops (by putting them in the root cert authority......WIN Vista with Outlook 2007 and WIN 7 with Outlook 2010).
WARNING: when you run all systems in one machine then names will play tricks.
Example if the machine is DC plus Exchange then the machine name as a host is appended to the domain so you will end up like:

XXX.DOMAIN.COM but your domain in public DNS is MAIL.DOMAIN.COM so the XXX is internal, yes, oui?
Then the Cert is issued by XXX.DOMAIN.COM or more complex since it may append the exchange name to but is issued for MAIL.DOMAIN.COM
So if someone knows a better way......

As soon as I manually first placed the certs and then run outlook to connect then things worked.
Also the name of the server as you launch Outlook is the XXX.DOMAIN.COM but in the proxy connections is the PUBLIC KNOWN domain..........MAIL.DOMAIN.COM

C'est complique..........C'est la m........................My Italian blood had to say that.

(in reply to de.blackman)
Post #: 10
RE: OUTLOOK ANYWHERE IN PLAIN ENGLISH THAT REALLY WORKS - 18.Nov.2010 1:39:48 PM   
de.blackman

 

Posts: 3542
Joined: 4.Apr.2005
From: Toronto, Canada
Status: offline
Umm sorry to bust your bubble but DUH ! Microsoft Exchange requires a certificate installed on Exchange for Outlook AnyWhere to work!! You can NOT use the self-signed certificate for this purpose (except the way you did it!). Obviously you need to complete your deployment first!

Here is your proof:

quote:

"Although the default, self-signed certificate is supported for Exchange ActiveSync and Outlook Web App, it isn't the most secure method of authentication. Also, it isn't supported for Outlook Anywhere. For additional security, consider configuring your Exchange 2010 Client Access server to use a trusted certificate from a third-party commercial certification authority (CA) or a trusted Windows public key infrastructure (PKI) CA. You can configure authentication separately for Exchange ActiveSync, Outlook Web App, Outlook Anywhere, POP3, and IMAP4."


Taken from Securing Client Access Servers
http://technet.microsoft.com/en-us/library/bb400932.aspx

_____________________________

Ibrahim Benna - Microsoft Exchange MVP
Forum Moderator
Navantis
@IbrahimBenna

(in reply to MailMan114)
Post #: 11
RE: OUTLOOK ANYWHERE IN PLAIN ENGLISH THAT REALLY WORKS - 18.Nov.2010 4:03:28 PM   
MailMan114

 

Posts: 9
Joined: 15.Nov.2010
Status: offline
Hey Mr de Blackman, thanks ! No problems, this happens because I do not want to spend any money...........................
It makes sense. Do not worry, you can say anything you want. I like to learn and open minded.........just do not mention that I am a College teacher doing Ironport Mails security and PKI infraestructure or I will not get much students coming back to me !
We all have glitches from time to time.....................................

C'est la vie,
Ricardo

(in reply to de.blackman)
Post #: 12
RE: OUTLOOK ANYWHERE IN PLAIN ENGLISH THAT REALLY WORKS - 19.Nov.2010 8:53:42 AM   
de.blackman

 

Posts: 3542
Joined: 4.Apr.2005
From: Toronto, Canada
Status: offline
Another one bites the dust!

_____________________________

Ibrahim Benna - Microsoft Exchange MVP
Forum Moderator
Navantis
@IbrahimBenna

(in reply to MailMan114)
Post #: 13
RE: OUTLOOK ANYWHERE IN PLAIN ENGLISH THAT REALLY WORKS - 19.Nov.2010 7:45:15 PM   
MailMan114

 

Posts: 9
Joined: 15.Nov.2010
Status: offline
Well, this Exchange 2010 is ULTRA BRILLIANT. Its interface (web) and the degree of functionality.
It is a bit like WIN 2003 and 2008 Server...............................another products that are great.
I run WIN 2003 Enterprise in my house 24/7 for 4 years and never let me down. Automatic updates, re boot on its own, Never failed ! Period. Been upgraded to WIN 2008 at the moment and after this will have a new machine running WIN 2008R2 with Exchange. Waiting for hardware. Right now running on VMWare with WIN 7 Ultimate and the virtual environment WIN 2008 R2 with Exchange and Forefront.
I should put SP1, perhaps?

Cheers

(in reply to de.blackman)
Post #: 14

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2010] >> Outlook Web Access >> OUTLOOK ANYWHERE IN PLAIN ENGLISH THAT REALLY WORKS Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter