Outlook Anywhere not working for Exchange Server 2007

Status
Not open for further replies.
M

mykech

Hi All,

I have problem with my Outlook Anywhere for External Client. After keying in the domain\user and password it will says connection to Exchange Server in unavailable. My brief settings

Internal: domain.local

External: domain.com

I have created these 2 zones in my internal DNS and have added A Host record to these 2 zones which point to the internal IP of my CAS server which is also my Exchange Server 2007. Also in my external DNS, I have added A Host as well. And I am using the internal windows CA. I ran a test in the testexchangeconnectivity website can get the below error for my autodiscover process
Attempting to test potential Autodiscover URL https://autodiscover.domain.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name autodiscover.domain.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: xxx.xxx.xxx.xxx
Testing TCP port 443 on host autodiscover.domain.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name autodiscover.domain.com was found in the Certificate Subject Alternative Name entry.
Certificate trust is being validated.
Certificate trust validation failed.
Additional Details
The certificate chain couldn't be built. You may be missing required intermediate certificates.
My cert have this below SAN and in my client's pc I installed the RootCA in the Trusted Root CA and Intermmediate CA

mail.domain.com

mail.domain.local

exch

exch.domain.local

exch.domain.com

autodiscover.domain.local

autodiscover.domain.com

Went thru the IIS log and found as below

RPC_IN_DATA /rpc/rpcproxy.dll exch.domain.com:6004 443 exch.domain.com\user MSRPC 401 1 1326 296

RPC_OUT_DATA /rpc/rpcproxy.dll exch.domain.com:6004 443 exch.domain.com\user MSRPC 401 1 64 390

Is there anything wrong with my Outlook Anywhere for external client? Please help as I have this problem since last week.

Thanks everyone.
 
T

TWHarrington

Certificate trust is being validated.
Certificate trust validation failed.
Additional Details
The certificate chain couldn't be built. You may be missing required intermediate certificates.

This says it all. You have a certificate chain issue. Most CA vendors have specific instructions on how in implement the Root and Intermediate certs on the Exchange server. You can all go here to test out the certificate chain:

http://www.digicert.com/help/

Type in the fqdn and it will test the cert chain and tell you what is failing.

 
M

mykech

I put in my server name exch.domain.com and got all ticked for below and everything seems fine

DNS resolves 'exch.domain.com' to xxx.xxx.xxx.xxx

SSL certificate

This certificate does not use a vulnerable Debian key

SSL certificate expiration

Certificate Name matches exch.domain.com

What else could be wrong?Really lost right now...
 
T

TWHarrington

mine is a internal windows CA and not 3rd party.
That is your issue. The Remote Connectivity Analyzer does not work well with internal certs. My suggestion, save yourself a lot of headache and buy a 3rd party cert. You can get SAN/UC certs for less that $100 these days.
 
M

mykech

who which means tht the result given might not be correct? cana anyone help to see if there is anything wrong with my IIS log?
 
C

Chris Morgan -

Nothing wrong with your IIS log. You either need to install a 3rd party CA cert or fix your existing chain. The certs have to be installed (root, intermediate) both on the client and the Exchange server. Not just the client.Chris Morgan
 
M

mykech

Hi,

I wanted to update that my problem is fixed after i input my internal mail server FQDN for in the outlook for external client. This might be the problem since I am having split dns in my environment. Hope this can help others who is having same problem as me.

Thanks Tim and Chris for the input.

Merry Christmas!
 
Status
Not open for further replies.
Top