Outlook 2007, Exchange 2010, Forefront 2010: When using Outlook over http, it loses its connection t

  • Thread starter Serge De Troyer
  • Start date Views 1,751
Status
Not open for further replies.
S

Serge De Troyer

Hello,

I am installing a new Exchange server 2010 with Forefront 2010. Lots of things are working, but I cannot have Outlook 2007 connecting correctly with RPC (or Outlook Anywhere) through Internet (outside of the company). It starts ans stops the connection wuth the server continuously (every seconds)

Configuration is the following:

1) Domain Controller (2008 R2), Exchange server 2010, IIS (new certificate requested and installed)

2) Second server (2008 R2) with Forefront 2010, 2 network interfacces (one internal, one for external connections)

What starts to run: Outlook on internal network, Mobile access (iPhone), Web Access, POP3

The problems are:

a) Outlook via http: In the setup, it has found the mailbox (user accepted), but I can't access the mailbox itself, and it loses continuously the connection with the Exchange server

I made so many tests in Forefront, IIS that I cannot tell what I did, but I don't find the solution.

b) Outlook via Imap: is it normal that I don't see the " sent" folders) and that I had to create a folder " out" . I also don't see all the " global address book" . Is this also normal?

If someone has a good idea for me, already thank you

Serge
Serge
 
G

Gulab Mallah

Hello,

I am installing a new Exchange server 2010 with Forefront 2010. Lots of things are working, but I cannot have Outlook 2007 connecting correctly with RPC (or Outlook Anywhere) through Internet (outside of the company). It starts ans stops the connection wuth the server continuously (every seconds)

Configuration is the following:

1) Domain Controller (2008 R2), Exchange server 2010, IIS (new certificate requested and installed)

2) Second server (2008 R2) with Forefront 2010, 2 network interfacces (one internal, one for external connections)

What starts to run: Outlook on internal network, Mobile access (iPhone), Web Access, POP3

The problems are:

a) Outlook via http: In the setup, it has found the mailbox (user accepted), but I can't access the mailbox itself, and it loses continuously the connection with the Exchange server

I made so many tests in Forefront, IIS that I cannot tell what I did, but I don't find the solution.

b) Outlook via Imap: is it normal that I don't see the " sent" folders) and that I had to create a folder " out" . I also don't see all the " global address book" . Is this also normal?

If someone has a good idea for me, already thank you

Serge
Serge
1.What do you mean by Outlook via HTTP? Do you mean to say Outlook Anywhere?
2. Is it happening with all the users?

Did you checked the status of CAS server? Run the command Get-RPCClientAccess
http://technet.microsoft.com/en-us/library/dd335190.aspx

How many CAS server do you have?

Gulab | Skype: gulab.mallah
 
S

Serge De Troyer

Hello,

Question 1: When you configure Outlook to connect from Outside via Internet, on the " account settings" , Connection tab, you have to setup the option " Connect to Microsoft Exchange via HTTP" . It runs perfectly on other systems I installed with Small Business Server. The user connects from home on the server with Outlook. Yes, the problem is with all users.

Question 2: The Get-RpcClientAccess is new for me. I had to find the right way. Here are the result (command made on the server with Exchange):

Server: Server's name

Responsability: Mailboxes, PublicFolders

MaximumConnections: 65536

EncryptionRequired: False

BlockedClientVersions: (empty)

I have one server with AD, no other CAS server, and it is the server whith Exchange

I hope this can help you

Serge

Serge
 
G

Gavin-Zhang

Hi Serge,
Per your description, you want to use outlookanywhere for the external users, right?
Some information for you:
1. What you referred, it means the RPC over HTTP, not outlook over http. And outlook anywhere feature on exchange 2010 support the same function for the external users
2. You should firstly enable the outlookanywhere on the exchange server, you could refer to below:
http://technet.microsoft.com/en-us/library/bb123741.aspx
http://technet.microsoft.com/en-us/library/cc179036.aspx
3. If you deploy forefront as the proxy, you could publish the CAS service through it, such as external URL, autodiscoverURL, you could refer to below:
http://technet.microsoft.com/en-us/library/aa998036.aspx
http://technet.microsoft.com/en-us/library/bb331965.aspx
4. You need proper CERT issued by the third party CA
5. Then you could use https://testexchangeconnectivity.com/ to test the service for external.
Regards!
Gavin
 
S

Serge De Troyer

Hello Gavin,

Thank you for your answer. I made different things following your suggestions.

The result, to explain shortly is this now:

If the mails are directed immediately to Exchange (NOT through the Forefront, but to the DC and Exchange server immediately), Outlook 2007 connects whithout any problem (via Outlook Anywhere) from outside, and via Internet.

If the mails are directed through the second server with Forefront, I have the problem described before: The user's mailbox is recognized (during the Outlook setup), but I can't access the mailbox when Outlook connects.

My actual conclusions (maybe I'm wrong):

- Exchange is well configured (Outlook Anywhere, RPC)

- It seems to be a flow problem between ForeFront, IIS, and Exchange ( a rule whithin ForeFront, a parameter within IIS, a parameter whithin Exchange, or ...??)

Best regards

Serge

Serge
 
S

Serge De Troyer

Hi Gavin

Thank you fir the URL you sent.

I checked lot of things, but I still certainly miss one.

Actual situation is still the same: Outlook Anywhere runs when I dont't pass through the Forefront server, and not when I go through ForeFront.

I finally found a message in ForeFront:

Description: Forefront TMG could not establish an SSL connection with the published server zeus on port 443 because it does not trust the issuer of the SSL server certificate used by the published server. Verify that the root certificate for the certification authority (CA) that issued the server certificate is installed on the Forefront TMG computer. If the problem persists contact the Web server administrator.

It's clear it's a problem between these two servers (Web Access, POP3, mobile are OK through Forefront).

I added in the Web access rule (Forefront) the two RPC directories (path /rpc/* and /RpcWithCertif/*)

Certificate situation:

On the DC server (with Exchange and IIS), in IIS, Localhost connection, server certificate:

Installed there: the certificate generated automatically by Exchange, with the DC name (Zeus) and

one " trial certificate" from an external company with the FQDN address (courrier.ngroup.be)

The " trial certificate" with the FQDN name is also installed in the " Trusted Root Certificate Authority"

The " automatic Exchange generated certificate" is not exportable.

On the Forefront server, the " trial certificate" with the FQDN is also installed in the " Trusted root Certificate" , not the Exchange certificate, as it isn't exportable

Within Forefront, the listener is linked with that " trial certificate" too.

The error must be somewhere with certificates, trust, etc...

Any idea?

Thanks already

Serge

Serge
 
G

Gavin-Zhang

Hi Serge,
Per your above information, it is related with the certificate issue.
Some suggestion for you:
1. I would not use the selfissued CERT for the exchange CAS server, and use the CERT which was issued by third party or your internal CA.
2. Per the information, I could not confirm what the CERT is used by your CAS server, you could use get-exchangecertificate to cnfirm it
3. You must use a exportable CERT for CAS server, because the CAS certificate must reside on the ForeFront UAG server,
4. Per your scenario, If you want to use the same CERT for the internal and external, you must pay more attention on the CERT, it must be a SAN CERT which should contained multiple names which need for internal and external.
So the issue, in my opinion, Although you install the CERT which is issued by the third party on the TMG server, but you have not confirm the CERT is exactly used by CAS server, about how to enable one CERT you could refer to the doc on the technet.
NOTE, configure proper CERT for internal and external, there are also some information on the technet.
Regards!
Gavin


 
S

Serge De Troyer

Hi Gavin,

I am reinstalling the two machines to restart from a clean setup (after so many tries).

I am leaving for 10 days (holidays, yes!), and will continue after me return.

Best regards

Serge

Serge
 
Status
Not open for further replies.
Top