• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

So close.....I think

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2003] >> Installation >> So close.....I think Page: [1]
Login
Message << Older Topic   Newer Topic >>
So close.....I think - 24.Sep.2008 5:44:52 PM   
PToone

 

Posts: 9
Joined: 24.Sep.2008
Status: offline
I searched the forums and did not find this exact problem anywhere else, so I hope I am not duplicating the issue.

I have installed MSEXCHANGE 03 on our server and everything at the office seems to run fine. My computers at the office can access the server and send/receive mail fine. The Microsoft Exchange Server is set to server.flexsim.local

Now, when I am off-site and try to set my Microsoft Exchange Server to mail.flexsimutah.com it won't connect to the server and gives the following message:
"The action cannot be completed. The connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete this action."
(This is when adding a new profile and choosing and exchange account.)

I can telnet to mail.flexsimutah.com and login and send mail just fine, but I cannot get exchange profile to attach to the server.

I am VERY new at this and was chosen to set this up because I was the most versed with exchange and server operations.

If you have any insight for me as to what to troubleshoot/check, I would be greatly appreciative. I have done much searching trying to fix this issue myself with no avail, so you guys are my last option. Thanks!


Also,

I have not setup any SSL stuff. Don't even know where to start with that. Any references you can point me to?

< Message edited by PToone -- 24.Sep.2008 7:54:13 PM >


_____________________________

Paul Toone
Post #: 1
RE: So close.....I think - 24.Sep.2008 5:51:43 PM   
PToone

 

Posts: 9
Joined: 24.Sep.2008
Status: offline
Also, don't know if this helps or not. I am able to get email working if I use IMAP. Plus, I can access OWA.

As stated, very new at this and don't know if this information is helpful or not.

Thanks again.

(in reply to PToone)
Post #: 2
RE: So close.....I think - 25.Sep.2008 2:02:41 AM   
uemurad

 

Posts: 8232
Joined: 7.Jan.2004
From: California, USA
Status: offline
If you are not connected to your AD domain while offsite, then you are talking about RPC over HTTP(s).  Simon Butler wrote up some nice instructions here:
http://www.amset.info/exchange/rpc-http-server.asp


_____________________________

Regards,

Dean T. Uemura
Microsoft MVP - Exchange (2007-2011)
exchangeguy.blogspot.com
uemurad@yahoo.com

(in reply to PToone)
Post #: 3
RE: So close.....I think - 28.Sep.2008 7:02:19 AM   
ravisha_22

 

Posts: 445
Joined: 16.Sep.2008
Status: offline
Okay, while using RPCoverHTTP for mail access from internet, DO NOT expect the outlook to resolve your user name and exchange server, becuase it needs a AD server to do it, instead in the mailbox name feild mention the display name of you mailbox (like say Doe, John) and then mention the FQDN of the server in the server feild (or the mail.server...) and then go to more settings and set the connection options and finish the setting, you should be able to connect.

IMPORTANT: Test the configuration so that your server does not allow anonymous access to the Exhcange mailbox for sending mail or receiving mails.

_____________________________

Ravishankar

(in reply to PToone)
Post #: 4
RE: So close.....I think - 1.Oct.2008 9:49:05 AM   
PToone

 

Posts: 9
Joined: 24.Sep.2008
Status: offline
Thanks for your article. Sorry it took me so long to get back...I've been very ill.

I think my main problem is that I do not have an SSL certificate. Well, I do have one just sitting there at godaddy.com, but they ask me to register it to a domain. Do I register the SSL for my domain or do I register it for mail.domain.com?

I think this is the last step in the problems I am having.

Thanks for your help!

Paul

(in reply to uemurad)
Post #: 5
RE: So close.....I think - 1.Oct.2008 9:56:23 AM   
PToone

 

Posts: 9
Joined: 24.Sep.2008
Status: offline
Thanks for your reply. I did not have any luck, doing what you suggested.

I, like I listed in my reply just above this one, am going to get an SSL certificate once I find out if I need to do it for domain.com or mail.domain.com.

But, I think I may have an issue with my FQDN. Per Microsofts suggestinos, I named my ad 'company.local' and so my server's name inside the network is server.local. I'm not sure if that will cause a problem outside the network or not, when I'm trying to use my external FQDN. (I don't even know what my external FQDN is)

I know I am very limited on my knowledge on this, and it would be best to hire an IT guy, but we are a small company and trying to save some coin. Any help would be appreciated.

(in reply to ravisha_22)
Post #: 6
RE: So close.....I think - 1.Oct.2008 10:54:19 AM   
Sembee

 

Posts: 4093
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
Getting a certificate for anything .local is a waste of time.
DO you already have an external host name for the server? If you are receiving email via SMTP then you probably do - mail.example.net or something like that.
That is what you get an SSL certificate issued to. Then you configure a split DNS system so that mail.example.net (or whatever your external host name is) is able to resolve internally to the internal IP address of the server.
htttp://www.amset.info/netadmin/split-dns.asp

Simon.

_____________________________

Simon Butler,
Exchange MVP
Blog: http://blog.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.sembee.co.uk/
Exchange Resources: http://exbpa.com/

(in reply to PToone)
Post #: 7
RE: So close.....I think - 1.Oct.2008 11:06:29 AM   
PToone

 

Posts: 9
Joined: 24.Sep.2008
Status: offline
I have a host name, and I can receive mail over SMTP. I have a split dns setup now. When I have my DNS servers pointed to my local DNS server, I have a domain.com forwarder that forwards to the server.domain.local and it works fine. But when I change my DNS addresses (on my laptop) to use an external DNS server (ISP) then it won't resolve.

So, if I hear you correctly, since I can send/receive mail internally (by having the exchange server set to 'server.domain.local' or 'mail.domain.com', my only hold up is getting the SSL certificate for mail.domain.com. Once I do that, I should be able to use mail.domain.com from outside the LAN?

If so, I'll redeem the SSL certificate I have at GODADDY and get one for mail.domain.com, and give that a try.

Thanks for your help.

(in reply to Sembee)
Post #: 8
RE: So close.....I think - 10.Oct.2008 8:02:40 PM   
PToone

 

Posts: 9
Joined: 24.Sep.2008
Status: offline
Hello again, my friends.

Sadly, it is still not working. I figured I'd do a quick rundown of what has happened and my hardware/software setup.

This might get long...but everyone is always asking for more details,so hopefully I can provide quite a few for them.

First off, we have a NETGEAR ProSafe VPN Firewall FVS336G
I have SMTP, POP, and IMAP protocols forwarded on to 10.0.0.2 (Server NIC)

Now, I have one LAN port on the router going to Port 1 of a 48 port Dell Gigabit 2748 Switch. I have port 2 from the Dell 2748 going to port 1 of a Netgear 48 24 port switch (NETSWITCH_A). I have port 3 from the Dell 2748 going to port 1 of a differnt Netgear 48 24 port switch (NETSWITCH_B). (We have two Netgear 24 port switches and one Dell 48 port gigaswitch).

*Netgear switches are dumb, the Dell has the option to be managed with VLANS and such; but the Dell switch is currently in UnManaged Mode. (Dumb)

Now, we have 20+ computers, printers, and other devices hooked to all three different switches. Keep in mind that the internal network is functioning fine routing between the three switches.

SERVER:
PowerEdge DELL server. Runs 64bit SERVER2003 OS. The server is the AD (domain.local), the DHCP server for the network, and the DNS server for the network. All devices seem to use the server2003 DNS server without problems. The server also runs Exchange 2007.

The server has 4 gigabit network cards. They are named Internet (10.0.0.2), VPN(10.0.0.9), and TEAM 1(10.0.0.3) *Team 1 is a teamed network connection that teamed two other gigabit network connections....for a total of 4 server NICS.

The Internet NIC is hooked to port 4 of the Dell Switch
The LAN1 NIC is hooked to port 5 of the Dell Switch
The LAN2 NIC is hooked to port 6 of the Dell Switch (Remember LAN1 and LAN2 are teamed as TEAM1)
and VPN NIC is hooked to port 7 of the Dell Swich

My exchange server works beautifully while using POP or IMAP from within the LAN or outside the LAN.

While setting up exchange (instead of IMAP) I get an error saying that the exchange server is not running or is not accessible.

I am setting up outlook exchange account on the client by going to Start| Control Panel | Mail and then I click on Email Accounts and add a new email account. For the server I type in mail.domain.com and for the user name I put the name of the mailbox. I then go into more settings and under the Connection tab I click Connect to Microsoft Exchange using HTTP and inside the Exchange Proxy settings, I have the following:
Https://mail.domain.com
checked Connect using SSL only and checked Only connect to proxy servers that have this principal name in the certificate. Then I have mttd:mail.domain.com

I have On Slow Networks checked and have selected NTLM Authentication. (I have also tried Basic)

When I go to connect I usually get an authenication box asking for username and password. I enter all the data right Username: DOMAIN\Pault and my password. Once I click OK on the authentication box, it pops right back up...over and over and over.

On the server under the exchange management console, I have enabled Outlook anywhere for address mail.domain.com and have tried both NTLM and Basic authentication.

Also, I enabled RPC over HTTP on the server and the services SEEM to be running. I also setup split DNS, which also seems to be working fine.

*Another tidbit is that my server's name is server.domain.local, I don't know if that causes a problem with it not being .com?!?

I have installed a ssl certificate from GoDaddy onto the default web site in the IIS 7 server. The certificate is for mail.domain.com

If I goto a web browser and type in https://mail.domain.com I go to a site that says the certificate was verified and the basic IIS screen saying that the page is Under Construction. (I don't get a certificate error anymore...I'm guessing that means I installed it right)

Also, I am able to telnet to mail.domain.com on port 25 and 143.

I neglected to mention this earlier, but my client machine is using Outlook 2007 with all the latest updates. And my Exchange server is also fully updated.

Well, the only other thing I can think to tell you is my setup for out web address.

a record for @, Mail, and webmail that points to out external IP address

cname record for www that points to @

MX record that points to @ for the host and goes to mail.domain.com (priority 0)

And, in case I didn't cover it earlier, the port mappings on the router are:
http to 10.0.0.2 (internet NIC on server)
https to 10.0.0.2 (internet NIC on server)
SMTP to 10.0.0.2 (internet NIC on server)
IMAP to 10.0.0.2 (internet NIC on server)
POP to 10.0.0.2 (internet NIC on server)


Now, I think that is all the information I can think of to give. I am getting a lot of pressure form my bosses to get this done, (Not really negative pressure, because they know I'm not a trained tech or network admin) but I am completely stuck and have no idea what to do next.

I might be at the point where I need to hire someone to come in and sort through these last few problems...but they are really expensive. So any last thoughts or ideas from you guys would be much appreciated. Thanks for your help so far.

Paul

(sorry it is so long, hopefully I've given you guys enough information that you can help me hunt this down)

(in reply to PToone)
Post #: 9
RE: So close.....I think - 23.Oct.2008 4:33:40 PM   
Nazim

 

Posts: 170
Joined: 23.Oct.2008
Status: offline
Go to the web browser and type in https://mail.domain.com/exchange  (your domain.) and let me know the result. The problem here points to some DNS configuration issue.

< Message edited by Nazi -- 23.Oct.2008 4:37:51 PM >

(in reply to PToone)
Post #: 10
RE: So close.....I think - 23.Oct.2008 4:36:50 PM   
Exchange_Geek

 

Posts: 1287
Joined: 31.Dec.2006
Status: offline
Jeeeeez i remember this thread - it started way way long back, looking at the origin of this thread was almost 24th Sep - today it celebrates one month. 

(in reply to Nazim)
Post #: 11
RE: So close.....I think - 24.Oct.2008 12:44:04 PM   
PToone

 

Posts: 9
Joined: 24.Sep.2008
Status: offline
From outside the network I went to https://mail.domain.com/exchange

It asked me to provide a username and password, which I entered and it seemed to accept it. Then it routed to an 'Internet Explorer cannot display the webpage' (Address is still https://mail.domain.com/exchange)

Same thing happened when I tried to access it from outside the network.

As a side note, when I go to https://mail.domain.com/owa I get an error '440 Login Timeout' printed on the page. (error isn't a pop-up error box, its whats on the webpage)

Thanks again for helping!

(in reply to Nazim)
Post #: 12
RE: So close.....I think - 24.Oct.2008 7:19:22 PM   
Nazim

 

Posts: 170
Joined: 23.Oct.2008
Status: offline
So from all the data available here i assume that internally (LAN) exchange is working fine without any issues.
But when acesses exchange from outside(internet) ony POP is working. Also mail can be sent through telnet on port 25 right?.
So issue is acessing mail throught RPC over HTTP from external (internet)
we must troubleshoot rpcoverhttp here....

i assume this things have been verified.

Verified That RPC over HTTP Support Is Installed
Verified That World Wide Web Publishing Service Is Running
Verified That SSL Certificate Is Installed on RPC Proxy Server
Verified RPC Virtual Directory Configuration
Verified That RPC Proxy Server Has Basic Authentication Configured

lets now check RPC Proxy Server Extension is loading correctly, follow the steps below.

Procedure
To verify that the RPC Proxy Server Extension is Loading Properly
1.On the Exchange Server, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager on your RPC proxy server.
Under the icon for your RPC proxy server, click Web Service Extensions.
3.In the right pane, click RPC Proxy Server Extension, and then click Properties.
4.Confirm that the path of the Rpcproxy.dll file is correct. The correct location is the following:
%systemroot%\system32\rpcproxy\rpcproxy.dll
For example, the correct location could be the following:
c:\windows\system32\rpcproxy\rpcproxy.dll
Examine the path entry carefully because it could be incorrectly set to the following:
%systemroot%\system32\rpcproxy.dll
For example, the current location could be set to the following:
c:\windows\system32\rpcproxy.dll
This incorrect path can appear to be correct at a quick glance.
Note: 
The Rpcproxy.dll file could be present in both locations; you do not have to delete or modify that file in either of those locations. If you find that this path entry is correctly set, then the Rpcproxy.dll file may be missing or corrupted. If this is the case, the Rpcproxy.dll file may have to be replaced or re-registered. 
Additionally, if you experience this issue, the following 404 error is logged in the IIS log on your RPC proxy server:
2004-01-01 13:13:31 192.100.100.1 RPC_IN_DATA /rpc/rpcproxy.dll FQDN.company.com:6002 443 domain\username 192.100.100.2 MSRPC 404 2 1260
This 404 error may be caused by a disabled or non-functioning Web service extension. For more information, see the following article in the Microsoft Knowledge Base, 248033: Common reasons IIS Server returns "HTTP 404 - File not found" error.

(in reply to PToone)
Post #: 13
RE: So close.....I think - 30.Oct.2008 6:33:07 PM   
PToone

 

Posts: 9
Joined: 24.Sep.2008
Status: offline
World Wide Web Publishing service is installed and running.

RPC Proxy Server Extension is loaded properly and is using the proper dll (C:\WINDOWS\system32\rpcproxy\rpcproxy.dll)

Checked in Add Remove Windows components in Networking Services and RPC over HTTP Proxy is installed.

When I go to https://mail.domain.com/ it gives me the "Page Under construction" web page. When I go to https://mail.domain.com/exchange it gives me the timeout message with a certificate error.

I have checked the RPC and RPC with Cert under IIS and they both have basic authentication checked.

Thanks for your help, Nazi.

Paul

(in reply to Nazim)
Post #: 14
RE: So close.....I think - 30.Oct.2008 7:30:33 PM   
PToone

 

Posts: 9
Joined: 24.Sep.2008
Status: offline
OK, I reset IIS and IUSR_SERVER's password (per a recommendation from petri.co.uk) and now externally I can access https://mail.domain.com/owa and everything is fine.

When I try to access https://mail.domain.com/exchange externally, I get page cannot be displayed error.

When I access https://mail.domain.com/owa internally, it works fine.

When I access https://mail.domain.com/exchange internally, it works, but gives me a certificate error and it changes the address to https://server.domain.local/owa

I think we may have gained some ground. I think we're getting closer now!

Do I need to forward any special ports to my server? I only have 25, 110, and 443 forwarded to my server.

(in reply to Nazim)
Post #: 15
RE: So close.....I think - 30.Oct.2008 8:04:31 PM   
Nazim

 

Posts: 170
Joined: 23.Oct.2008
Status: offline
The Exchange on port 443 and 25 are ok (443 is https 25 is SMTP).  
I feel the issue is with the  SSL certificate....i dont see there any issue with ports

(in reply to PToone)
Post #: 16

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2003] >> Installation >> So close.....I think Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter