Exchange 2007 Outlook Anywhere - Cannot resolve name (Full Version)

All Forums >> [Microsoft Exchange 2007] >> Outlook Web Access



Message


mvalpreda -> Exchange 2007 Outlook Anywhere - Cannot resolve name (1.Aug.2009 12:19:29 AM)

We have an internal server running Windows 2008 x64 + Exchange 2007. CAS server running Windows 2003 x64 + Exchange 2007. Self-signed certificate on the CAS server. OWA works fine. Trying to set up Outlook Anywhere and having issues.

Installed RPC over HTTP on the CAS server and checked ValidPorts under HKLM\Software\Microsoft\RPC\RpcProxy

NETBIOSINTERNALSERVER:6001-6002;NETBIOSINTERNALSERVER:6004;FQDNINTERNALSERVER:6001-6002;FQDNINTERNALSERVER:6004

Exchange management console:
Server Configuration, Client Access, CAS server, Outlook Anywhere
External host name: FQDNCASSERVER
Basic authentication

2007 autodiscovery is not working (don't have a CNAME for autodiscovery.email-domain.com just yet) and manual set up is not working either.
Outlook profile is configured like this:
Exchange server: FQDNCASSERVER
User name: the user name ;)
Exchange proxy settings:
Use this URL: FQDNCASSERVER
Only connect to proxy servers: msstd:FQDNCASSERVER
Fast networks unchecked
Slow networks checked
Basic Authentication

I tried logging in with domain\user, FQDN of the CAS server\user, NETBIOS name of the CAS server\user with no luck on any.

This is what is in the IIS logs on the CAS
2009-08-01 04:01:44 W3SVC1 EXTERNAL_IP RPC_IN_DATA /rpc/rpcproxy.dll FQDNCASSERVER:6004 443 domain\user MY_IP MSRPC 200 0 0
2009-08-01 04:01:44 W3SVC1 EXTERNAL_IP RPC_OUT_DATA /rpc/rpcproxy.dll FQDNCASSERVER:6004 443 domain\user MY_IP MSRPC 200 0 0
2009-08-01 04:02:25 W3SVC1 EXTERNAL_IP RPC_IN_DATA /rpc/rpcproxy.dll FQDNCASSERVER:6004 443 FQDNCASSERVER\user MY_IP MSRPC 401 1 1326
2009-08-01 04:02:25 W3SVC1 EXTERNAL_IP RPC_OUT_DATA /rpc/rpcproxy.dll FQDNCASSERVER:6004 443 FQDNCASSERVER\user MY_IP MSRPC 401 1 1326
2009-08-01 04:02:31 W3SVC1 EXTERNAL_IP RPC_OUT_DATA /rpc/rpcproxy.dll FQDNCASSERVER:6004 443 domain\user MY_IP MSRPC 200 0 0
2009-08-01 04:02:31 W3SVC1 EXTERNAL_IP RPC_IN_DATA /rpc/rpcproxy.dll FQDNCASSERVER:6004 443 domain\user MY_IP MSRPC 200 0 0
2009-08-01 04:03:06 W3SVC1 EXTERNAL_IP RPC_IN_DATA /rpc/rpcproxy.dll FQDNCASSERVER:6004 443 NETBIOSNAMECAS\user MY_IP MSRPC 401 1 1326
2009-08-01 04:03:06 W3SVC1 EXTERNAL_IP RPC_OUT_DATA /rpc/rpcproxy.dll FQDNCASSERVER:6004 443 NETBIOSNAMECAS\user MY_IP MSRPC 401 1 1326

I'm sure it's something simple. I included everything I did so if I a missing anything.....let me know. Any help is appreciated!




jveldh -> RE: Exchange 2007 Outlook Anywhere - Cannot resolve name (2.Aug.2009 5:43:46 AM)

Hi,

Please run the following commands and post the output here:

get-exchangecertificate | fl *
Get-OutlookAnywhere -Server servername | fl *
Test-OutlookWebServices user@yourdomain.com | fl

Also check if you can access the autodiscovery from external:
https://autodiscover.domain.com/autodiscover/autodiscover.xml or
https://domain.com/autodiscover/autodiscover.xml

Also run the ExBpa tool to search for issues in your environment and sent the xml to me via a private message so I can help you further solving this issue.




mvalpreda -> RE: Exchange 2007 Outlook Anywhere - Cannot resolve name (2.Aug.2009 7:25:49 PM)

Currently autodiscover is not set up external. I don't have a CNAME set up (just yet) for that. That should be done on Monday.

With the BPA....which tests should I run?

As for the rest of the information:
get-exchangecertificate | fl *

AccessRules          : {System.Security.AccessControl.CryptoKeyAccessRule, Syst
                      em.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains   : {FQDN-OUTSIDECASE}
CertificateRequest   :
IisServices          : {IIS://INSIDENETBIOSNAME/W3SVC/1}
IsSelfSigned         : False
KeyIdentifier        : B4B100B05CF641ED5E048C54D77E4D802C57AEA8
RootCAType           : Registry
Services             : IMAP, POP, IIS
Status               : Valid
PrivateKeyExportable : True
Archived             : False
Extensions           : {System.Security.Cryptography.Oid, System.Security.Crypt
                      ography.Oid, System.Security.Cryptography.Oid, System.Se
                      curity.Cryptography.Oid, System.Security.Cryptography.Oi
                      d, System.Security.Cryptography.Oid, System.Security.Cry
                      ptography.Oid, System.Security.Cryptography.Oid}
FriendlyName         : FQDN-OUTSIDECAS
IssuerName           : System.Security.Cryptography.X509Certificates.X500Distin
                      guishedName
NotAfter             : 6/15/2011 3:58:54 PM
NotBefore            : 6/15/2009 3:58:54 PM
HasPrivateKey        : True
PrivateKey           : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey            : System.Security.Cryptography.X509Certificates.PublicKey
RawData              : {48, 130, 5, 248, 48, 130, 4, 224, 160, 3, 2, 1, 2, 2, 1
                      0, 97...}
SerialNumber         : 61780AC6000000000002
SubjectName          : System.Security.Cryptography.X509Certificates.X500Distin
                      guishedName
SignatureAlgorithm   : System.Security.Cryptography.Oid
Thumbprint           : ADFBF2974D7052B2AB1FD8C4D22189E8946CB6D3
Version              : 3
Handle               : 469803472
Issuer               : CN=FQDN-OUTSIDECAS, DC=XXX, DC=XXXXXXXX, DC=com
Subject              : CN=FQDN-OUTSIDECAS, OU=IT, O=XXXXXX, L=XXXXXXXXX
                      , S=XX, C=US

AccessRules          : {System.Security.AccessControl.CryptoKeyAccessRule, Syst
                      em.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains   : {FQDN-OUTSIDECAS}
CertificateRequest   :
IisServices          : {}
IsSelfSigned         : True
KeyIdentifier        : 97C16EB67853C849BBF580B2E9639E3C2A612027
RootCAType           : Registry
Services             : IMAP, POP
Status               : Valid
PrivateKeyExportable : True
Archived             : False
Extensions           : {System.Security.Cryptography.Oid, System.Security.Crypt
                      ography.Oid, System.Security.Cryptography.Oid, System.Se
                      curity.Cryptography.Oid, System.Security.Cryptography.Oi
                      d, System.Security.Cryptography.Oid}
FriendlyName         :
IssuerName           : System.Security.Cryptography.X509Certificates.X500Distin
                      guishedName
NotAfter             : 6/15/2019 4:04:24 PM
NotBefore            : 6/15/2009 3:55:18 PM
HasPrivateKey        : True
PrivateKey           : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey            : System.Security.Cryptography.X509Certificates.PublicKey
RawData              : {48, 130, 4, 218, 48, 130, 3, 194, 160, 3, 2, 1, 2, 2, 1
                      6, 33...}
SerialNumber         : 21E98F470F9778B24B6D2B30914E32CA
SubjectName          : System.Security.Cryptography.X509Certificates.X500Distin
                      guishedName
SignatureAlgorithm   : System.Security.Cryptography.Oid
Thumbprint           : 7F61E7F20D5049E43108F6742CF3632530B5ADD5
Version              : 3
Handle               : 469804896
Issuer               : CN=FQDN-OUTSIDECAS, DC=XXX, DC=XXXXXXXX, DC=com
Subject              : CN=FQDN-OUTSIDECAS, DC=XXX, DC=XXXXXXXX, DC=com

AccessRules          : {System.Security.AccessControl.CryptoKeyAccessRule, Syst
                      em.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains   : {INSIDENETBIOSNAME, FQDN-INSIDE}
CertificateRequest   :
IisServices          : {}
IsSelfSigned         : True
KeyIdentifier        : 305B58362DB2EEADC78CD7367358B4283E38CBD3
RootCAType           : Unknown
Services             : None
Status               : Valid
PrivateKeyExportable : False
Archived             : False
Extensions           : {System.Security.Cryptography.Oid, System.Security.Crypt
                      ography.Oid, System.Security.Cryptography.Oid, System.Se
                      curity.Cryptography.Oid}
FriendlyName         : Microsoft Exchange
IssuerName           : System.Security.Cryptography.X509Certificates.X500Distin
                      guishedName
NotAfter             : 6/15/2010 2:12:59 PM
NotBefore            : 6/15/2009 2:12:59 PM
HasPrivateKey        : True
PrivateKey           : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey            : System.Security.Cryptography.X509Certificates.PublicKey
RawData              : {48, 130, 3, 1, 48, 130, 1, 233, 160, 3, 2, 1, 2, 2, 16,
                       43...}
SerialNumber         : 2B899262875E06944F0E7A2ABDD39CCC
SubjectName          : System.Security.Cryptography.X509Certificates.X500Distin
                      guishedName
SignatureAlgorithm   : System.Security.Cryptography.Oid
Thumbprint           : 590674811BEF7CE51DA0945DC8989463B5887DDA
Version              : 3
Handle               : 469803616
Issuer               : CN=INSSIDENETBIOSNAME
Subject              : CN=INSSIDENETBIOSNAME



Get-OutlookAnywhere -Server INSIDENETBIOSNAME | fl *

ServerName                 : INSIDENETBIOSNAME
SSLOffloading              : False
ExternalHostname           : FQDN-OUSIDE
ClientAuthenticationMethod : Basic
IISAuthenticationMethods   : {Basic}
MetabasePath               : IIS://FQDN-OUSIDE/W3SVC/1/ROOT/Rpc
Path                       : C:\WINDOWS\System32\RpcProxy
Server                     : INSIDENETBIOSNAME
AdminDisplayName           :
ExchangeVersion            : 0.1 (8.0.535.0)
Name                       : Rpc (Default Web Site)
DistinguishedName          : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols,CN=
                            INSIDENETBIOSNAME,CN=Servers,CN=Exchange Administrative Group (F
                            YDIBOHF23SPDLT),CN=Administrative Groups,CN=XXXXXXXX
                            X,CN=Microsoft Exchange,CN=Services,CN=Configurati
                            on,DC=XXX,DC=XXXXXXX,DC=com
Identity                   : INSIDENETBIOSNAME\Rpc (Default Web Site)
Guid                       : 5ba0ea74-f909-4197-9f11-3b1a47fe4930
ObjectCategory             : INSIDEDOMAINNAME/Configuration/Schema/ms-Exch-Rpc-
                            Http-Virtual-Directory
ObjectClass                : {top, msExchVirtualDirectory, msExchRpcHttpVirtual
                            Directory}
WhenChanged                : 7/31/2009 9:23:24 PM
WhenCreated                : 7/31/2009 8:38:30 PM
OriginatingServer          : FQDN-INSIDE-GC
IsValid                    : True



Test-OutlookWebServices user@emaildomain.com | fl

Id      : 1003
Type    : Information
Message : About to test AutoDiscover with the e-mail address Test@EMAILDOMAIN.com.

Id      : 1006
Type    : Information
Message : The Autodiscover service was contacted at https://FQDN-INSIDE-MAILBOXSERVER/autodiscover/autodiscover.xml.

Id      : 1016
Type    : Success
Message : [EXCH]-Successfully contacted the AS service at https://FQDN-INSIDE-MAILBOXSERVER/EWS/Exchange.asmx. The elapsed time was 312 milliseconds.

Id      : 1015
Type    : Success
Message : [EXCH]-Successfully contacted the OAB service at https://FQDN-INSIDE-MAILBOXSERVER/EWS/Exchange.asmx. The elapsed time was 0 milliseconds.

Id      : 1014
Type    : Success
Message : [EXCH]-Successfully contacted the UM service at https://FQDN-INSIDE-MAILBOXSERVER/UnifiedMessaging/Service.asmx. The elapsed time was 937 milliseconds.

Id      : 1016
Type    : Information
Message : [EXPR]-The AS is not configured for this user.

Id      : 1015
Type    : Information
Message : [EXPR]-The OAB is not configured for this user.

Id      : 1014
Type    : Information
Message : [EXPR]-The UM is not configured for this user.

Id      : 1017
Type    : Success
Message : [EXPR]-Successfully contacted the RPC/HTTP service at https://FQDN-OUSIDE-CASSERVER/Rpc. The elapsed time was 187 milliseconds.

Id      : 1006
Type    : Success
Message : The Autodiscover service was tested successfully.




mvalpreda -> RE: Exchange 2007 Outlook Anywhere - Cannot resolve name (2.Aug.2009 7:38:57 PM)

The only (significant) error I had in BPA was "Write DACL inherit (group)" and I did the Remove-ADPermission command, ran BPA again and the error was not there on the second run. The other errors were about self-signed certificates (I'm aware!), drivers and other stuff that I am pretty sure is safe to ignore.

Connectivity test came up clean.




jveldh -> RE: Exchange 2007 Outlook Anywhere - Cannot resolve name (3.Aug.2009 2:27:48 PM)

Hi,

It all looks ok on the first sight please try to use www.testexchangeconnectivity.com and test the Autodiscovery option.




mvalpreda -> RE: Exchange 2007 Outlook Anywhere - Cannot resolve name (3.Aug.2009 2:30:05 PM)

I don't have my CNAME populated for autodiscover.domain.com in there yet. When I configure it manually, I get the endless password prompt.




jveldh -> RE: Exchange 2007 Outlook Anywhere - Cannot resolve name (3.Aug.2009 3:29:50 PM)

Hi,

In that case please check all virtual directories and check if they use the same authentication method. There are some issues when using NTLM in most cases changing the authentication mode to basic solved the issue.




mvalpreda -> RE: Exchange 2007 Outlook Anywhere - Cannot resolve name (3.Aug.2009 3:31:31 PM)

Did the Outlook Anywhere Autodiscover Test

Attempting to Resolve the host name autodiscover.emaildomain.com in DNS.
Host successfully Resolved
Additional Details
IP(s) returned: <correct IP for my external CAS>
Testing TCP Port 443 on host autodiscover.emaildomain.com to ensure it is listening/open.
The port was opened successfully.
Testing SSL Certificate for validity.
The SSL Certificate failed one or more certificate validation checks.
Test Steps
   
Validating certificate name
Certificate name validation failed
   
Tell me more about this issue and how to resolve it
Additional Details
Host name autodiscover.emaildomain.com does not match any name found on the server certificate CN=FQDN-CAS-SERVER, OU=XX, O=XX, L=XX, S=XX, C=US
Attempting to contact the AutoDiscover service using the HTTP redirect method.
Failed to contact AutoDiscover using the HTTP Redirect method
Test Steps
   
Attempting to Resolve the host name autodiscover.emaildomain.com in DNS.
Host successfully Resolved
Additional Details
IP(s) returned: <correct IP for my external CAS>
Testing TCP Port 80 on host autodiscover.emaildomain.com to ensure it is listening/open.
The port was opened successfully.
Checking Host autodiscover.emaildomain.com for an HTTP redirect to AutoDiscover
Failed to get an HTTP redirect response for AutoDiscover
Additional Details
An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body is: <html><head><title>Error</title></head><body><head><title>Secure Channel Required</title></head> <body><h1>Secure Channel Required</h1>This Virtual Directory requires a browser that supports the configured encryption options.</body></body></html>




mvalpreda -> RE: Exchange 2007 Outlook Anywhere - Cannot resolve name (3.Aug.2009 3:36:27 PM)

I am using Basic on everything as far as I know. CAS is configured for basic authentication in the Exchange Management Console under Server Configuration, Client Access, properties of the outside CAS, Outlook Anywhere, Basic Authentication.

Is there some other place I should check it? Make sure that "Basic Authentication" is on every virtual directory in IIS in my default site? I checked and OAB, RpcWthCert, UnifiedMessaging and the Default Web Site did not have Basic Authentication checked.




jveldh -> RE: Exchange 2007 Outlook Anywhere - Cannot resolve name (3.Aug.2009 4:27:33 PM)

Hi,

Please try to change the one from OAB to basic.




mvalpreda -> RE: Exchange 2007 Outlook Anywhere - Cannot resolve name (3.Aug.2009 4:40:13 PM)

No dice. I get a password prompt and says "The connection to Microsoft Exchange is unavailable."

If I go past without clicking on "Check name" and then start Outlook, I get the same error after typing in my username/password.




mvalpreda -> RE: Exchange 2007 Outlook Anywhere - Cannot resolve name (3.Aug.2009 4:47:21 PM)

I have been doing the manual config with Outlook Anywhere until now. Just for kicks I tried doing an autodiscovery since I have the CNAME set up now.

When I type in my name and password, I get the same message about Exchange not being available. What is interesting is that when it comes up with the server name/mailbox window, it has the INTERNAL mailbox server listed and =SMTP:user@emaildomain.com listed. That mailbox server is 100% behind the firewall.

autodiscover.emaildomain.com points to the CAS on the outside.




mvalpreda -> RE: Exchange 2007 Outlook Anywhere - Cannot resolve name (3.Aug.2009 6:30:21 PM)

I added a CNAME for autodiscover.emaildomain.com to point to my external CAS and I also got a legit cert from GoDaddy today and it seems to be working better. I was able to get a non-domain machine outside of the network to autoconfigure.

Now my freaking iPhone won't connect! I deleted the account, restarted the phone and created a new Exchange account. It does the autodiscover (I guess) and comes back with the INTERNAL server name. There's no way to get to that internal mailbox from the outside. I put in the external server name and the account verification fails.

One step forward, one step back.




jveldh -> RE: Exchange 2007 Outlook Anywhere - Cannot resolve name (4.Aug.2009 2:06:22 PM)

Hi,

Please check if the external url for Activsync is configured correctly.




shukoormon -> RE: Exchange 2007 Outlook Anywhere - Cannot resolve name (14.Apr.2015 6:06:53 AM)

I have setup Exchange 2010 server – all working fine inside the organisation.

I am trying to configure outlook 2010 to use the imap/outlook anyware accounts on exchange 2010, but can’t access these remotely (outside the office network).

I know I could use OWA, or exchange with RPC, or even a VPN – but I would like to use IMAP as I have around 10 email accounts, some on different domains, that I need to check regularly / at the same time.

I have the correct ports open on your firewall to allow IMAP traffic to pass through to our exchange server .
while I telnet with public ip address the port 143, 993, 110 its connected and ready.

Can anyone advise on how to setup exchange 2010 / outlook 2010 that I can access the imap account remotely using outlook 2010.
Thanks




Page: [1]