none
Can't get Outlook 2010 to connect to Exchange 2013

    Question

  • Hi all,

    I am a complete Exchange NOOB, please excuse the basic nature of these questions.

    I recently decided to try to take my organization down the Exchange Road and found the installation of Exchange 2013 to be remarkably pleasant and straightforward.

    I got the server up and running (exchange1.org.mydomain.com), configured a Send Connector, and set up the a-records for the following:

    • org.mydomain.com points to the IP of the Exchange 2013 installation
    • exchange1.org.mydomain.com points to the IP of the Exchange 2013 installation
    • autodiscover.org.mydomain.com points to the IP of the Exchange 2013 installation

    I also set up an MX record which points to the host: org (where the current mailserver MX is just "@")

    Port forwarding is configured for:

    • 25, 110, 143, 443, 993, 995

    from the dedicated static public IP to the IP of exchange1.org.mydomain.com

    And, best of all, OWA works perfectly on send/receive for the few email addresses I have configured!

    My problem is with the clients! I simply can't get Outlook 2010 so set-up at all and I can't get any other client (Thunderbird) to send with SMTP. I did tons of reading on the subject, but the only change I made to the Exchange configuration was: Set-RpcClientAccess -Server exchange1 EncryptionRequired $false

    Anyone have an idea where I went wrong?

    Saturday, February 09, 2013 3:52 PM

Answers

  • Outlook 2010 has to connect to Exchange 2013 using Outlook Anywhere.

    For SMTP sending to work, you must connect to port 587, the client submission port.  This can be changed, but it's something you have to think about and it isn't trivial.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    • Marked as answer by unsichtbarre Sunday, February 10, 2013 2:55 PM
    Saturday, February 09, 2013 4:57 PM
  • Solved!

    I would like to thank everyone for your help. Without it, the answer would have been much longer in the coming. Your suggestions also helped me to resolve a number of smaller issues that would have plagued me for weeks, while not actually making the server offline!

    In the end, the CN on the SSL: exchange1.cloud.mydomain.com

    was the problem! When I cancelled and re-issued the SSL with the correct CN: cloud.mydomain.com, the problem was resolved! I should have recognized this myself in submitting the CSR, but on the GoDaddy dialog boxes when requesting an UCC SSL, the CN is referred to as "domain name" or "server name."

    I do wish I could post the image of the Exchange/Outlook dialog that came up immediately after:

    1. A new window: "The action cannot be completed. The connection to Microsoft Exchange is unavailable..."
    2. Click OK and a new window with only a General tab showing:

    Microsoft Exchange Server: afd0321ebca<long hexadecimal>@org.mydomain.com
    Mailbox: =SMTP:myname@org.mydomain.com

    That window is quite unlike others I have seen, and may be of use to someone in the future!

    Thanks Again!


    • Edited by unsichtbarre Sunday, February 10, 2013 2:54 PM
    • Marked as answer by unsichtbarre Sunday, February 10, 2013 2:54 PM
    Sunday, February 10, 2013 2:52 PM

All replies

  • Outlook 2010 has to connect to Exchange 2013 using Outlook Anywhere.

    For SMTP sending to work, you must connect to port 587, the client submission port.  This can be changed, but it's something you have to think about and it isn't trivial.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    • Marked as answer by unsichtbarre Sunday, February 10, 2013 2:55 PM
    Saturday, February 09, 2013 4:57 PM
  • Thanks a bunch!

    I initially configured port forwarding with a Microsoft Document entitled "Ports for Exchange Server" and, apparently, it left out some important ones!

    I went through all of my receive connectors and set up port forwarding for the ports that were defined in every one of the receive connectors. I have only default connectors at this point.

    Unfortunately, no dice! When I try to set up Outlook 2010 using the Control Panel > Mail, the following happens:

    1. Establishing new connection > green check
    2. Search for: ***@org.mydomain.com > green check
    3. A new window: "The action cannot be completed. The connection to Microsoft Exchange is unavailable..."
    4. Click OK and a new window with only a General tab showing:

    Microsoft Exchange Server: afd0321ebca<long hexadecimal>@org.mydomain.com
    Mailbox: =SMTP:myname@org.mydomain.com

    I am convinced that is an issue with my Exchange configuration, rather than with Outlook, which is why I am posting this here.

    Any Ideas? Thanks Again.

    Incidentally, I got screenshots of all of this, redacted specifics, created a post, uploaded and inserted the images and when I tried to post, the whole thing disappeared with a message that I was not able to use images until I was verified. I understand the need to verify, so please try to interpret my descriptions in place of a much more descriptive screenshot!

    Saturday, February 09, 2013 6:15 PM
  • Do you have a certificate installed on the Exchange server?

    That server name does not look right to me.  Server names don't have at symbols.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."



    Saturday, February 09, 2013 6:57 PM
  • Yes. I installed a GoDaddy Standard Multiple Domain (UCC) SSL for 5 domains which includes:

    Common name is: exchange1.org.mydomain.com

    Subject Alternatives Names are:

    • org.mydomain.com
    • exchange1
    • AutoDiscover.org.mydomain.com
    • mail.org.mydomain.com

    Is it possible that the Common Name should be: org.mydomain.com and the alternatives:

    • exchange1
    • Autodiscover

    Godaddy determined the common name from the CSR generated by Exchange 2013

    Saturday, February 09, 2013 8:23 PM
  • OK, progress.

    I set my email as me@exchange1.org.mydomain.com (instead of me@org.mydomain.com) and got Outlook able to receive mail. Unfortunately, Exchange did not accept the account "me@exchange1.org.mydomain.com" and I had to reenter my user account as: domain\me

    This is not the configuration I am going for, ultimately I don't want users knowing or having to know what specific server they are using (e.g. exchange1) in the domain org.mydomain.com; but at least it sheds light on if this is a DNS or SSL issue.

    Although I am able to now receive email, I still can't send, getting the message:

    Send test e-mail message:   The server responded: 550 5.7.1 Client does not

    THX again!

    Saturday, February 09, 2013 8:40 PM
  • Are your e-mail addresses of the form @org.mydomain.com?  If not, then your autodiscover SAN and maybe DNS record are wrong.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Saturday, February 09, 2013 8:55 PM
  • Your account is the user principal name (UPN) in Active Directory, which is not necessarily the e-mail address.  I recommend that you make these the same to reduce user erorr.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Saturday, February 09, 2013 8:57 PM
  • On Sat, 9 Feb 2013 20:40:38 +0000, unsichtbarre wrote:
     
    >I set my email as me@exchange1.org.mydomain.com (instead of me@org.mydomain.com) and got Outlook able to receive mail. Unfortunately, Exchange did not accept the account "me@exchange1.org.mydomain.com" and I had to reenter my user account as: domain\me
     
    Looks like your e-mail address policy is set up to create SMTP
    addresses in the exchange1.org.mydomain.com domain instead of
    mydomain.com. You should be able to change that and apply the policy.
    that should create new primary SMTP proxy addresses in the right
    address space.
     
    Ed's already pointed out that the UPN isn't always the same as your
    SMTP address.
     
    >This is not the configuration I am going for, ultimately I don't want users knowing or having to know what specific server they are using (e.g. exchange1) in the domain org.mydomain.com; but at least it sheds light on if this is a DNS or SSL issue.
     
    You probably don't even want them to have "org" in their SMTP
    addresses unless you have some need for a sub-domain.
     
    >Although I am able to now receive email, I still can't send, getting the message:
    >
    >Send test e-mail message: The server responded: 550 5.7.1 Client does not
     
    Does not what? How are you sending that e-mail, using SMTP or RPC?
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Saturday, February 09, 2013 9:59 PM
  • Accounts (the only one) are: user@cloud.mydomain.com, which is also the email address. I prefer using UPN in all cases possible.

    I build (dcpromo'ed) two DC's fresh for this trial, so there should be no conflicting accounts or group policies.

    The only server on the domain (cloud.mydomain.com) is exchange1.

    I like the idea that somehow I screwed up DNS. That's a simple fix! I have the following zone file:

    ; A Records
    @			3600	IN	A	5.6.7.8
    pbx2			3600	IN	A	9.0.1.2
    web1			3600	IN	A	1.2.3.5
    mail			3600	IN	A	1.2.3.5
    cloud			3600	IN	A	1.2.3.6
    exchange1.cloud		3600	IN	A	1.2.3.6
    autodiscover.cloud	3600	IN	A	1.2.3.6
    
    ; CNAME Records
    www	3600	IN	CNAME	@
    ftp	3600	IN	CNAME	@
    
    ; MX Records
    @			3600	IN	MX	10	mail.mydomain.com
    @			3600	IN	MX	10	cloud.mydomain.com
    
    ; NS Records
    @			3600	IN	NS	nsXX.domaincontrol.com
    @			3600	IN	NS	nsXY.domaincontrol.com

    Where anything with an IP 1.2.3.* is inside my firewall. Everything else is externally hosted.

    I have changed "org" (as in org.mydomain.com) from previous examples to "cloud" as .org is an actual TLD and makes a bad example.




    • Edited by unsichtbarre Saturday, February 09, 2013 10:24 PM
    Saturday, February 09, 2013 10:20 PM
  • >Send test e-mail message: The server responded: 550 5.7.1 Client does not

    That's the whole message. I would post a screenshot, but I still can't get images to work.

    Thanks for the suggestions.

    Sunday, February 10, 2013 12:39 AM
  • On further inspection, all of my Receive Connectors show:

    FQDN:
    Specify the FQDN this connector will provide in response to HELO or EHLO.
    exchange1.cloud.mydomain.com

    When I try to change it to the external FQDN (cloud.mydomain.com), I get:

    error
    If the AuthMechanism attribute on a Receive connector contains the value ExchangeServer, you must set the FQDN parameter on the Receive connector to one of the following values: the FQDN of the transport server 
    "EXCHANGE1.cloud.mydomain.com", the NetBIOS name of the transport server "EXCHANGE1", or $null.

    Could that be why Outlook is having trouble resolving exchange?



    Sunday, February 10, 2013 4:36 AM
  • Hi

    Two things, if you email address domain isn't the same as the AD/UPN domain then you will have to provide those credentials when Autodiscover is connecting.

    Secondly, the SMTP configuration does not affect client connections in any way so look at these separately.

    Cheers, Steve


    Sunday, February 10, 2013 8:40 AM
  • Solved!

    I would like to thank everyone for your help. Without it, the answer would have been much longer in the coming. Your suggestions also helped me to resolve a number of smaller issues that would have plagued me for weeks, while not actually making the server offline!

    In the end, the CN on the SSL: exchange1.cloud.mydomain.com

    was the problem! When I cancelled and re-issued the SSL with the correct CN: cloud.mydomain.com, the problem was resolved! I should have recognized this myself in submitting the CSR, but on the GoDaddy dialog boxes when requesting an UCC SSL, the CN is referred to as "domain name" or "server name."

    I do wish I could post the image of the Exchange/Outlook dialog that came up immediately after:

    1. A new window: "The action cannot be completed. The connection to Microsoft Exchange is unavailable..."
    2. Click OK and a new window with only a General tab showing:

    Microsoft Exchange Server: afd0321ebca<long hexadecimal>@org.mydomain.com
    Mailbox: =SMTP:myname@org.mydomain.com

    That window is quite unlike others I have seen, and may be of use to someone in the future!

    Thanks Again!


    • Edited by unsichtbarre Sunday, February 10, 2013 2:54 PM
    • Marked as answer by unsichtbarre Sunday, February 10, 2013 2:54 PM
    Sunday, February 10, 2013 2:52 PM
  • On Sun, 10 Feb 2013 00:39:26 +0000, unsichtbarre wrote:
     
    >>Send test e-mail message: The server responded: 550 5.7.1 Client does not
    >
    >That's the whole message. I would post a screenshot, but I still can't get images to work.
     
    Are you sure it isn't "550 5.7.1 Client does not have permissions to
    send as this sender"?
     
    Are you encountering this error when you're using an IMAP/POP client
    and sending the message using SMTP?
     
    If that's the case then the "From:" address doesn't belong to the
    account that was used in the AUTH command.
     
    If you want to allow this for an individual you can add the "Send As"
    permission to the other mailbox
    (http://technet.microsoft.com/en-us/library/aa998291(EXCHG.80).aspx).
     
    If you want to allow this for all e-mail sent by that account (e.g.
    you have a SMTP relay that uses AUTH) you can add the
    "ms-Exch-SMTP-Accept-Authoritative-Domain-Sender" permission for that
    account to the receive connector (you have to stop and restart the
    transport service afterwards). You can do that like this (all on one
    line):
     
    get-receiveconnector <ConnectorName> | add-adpermission -User
    "domain\user or group" -ExtendedRights
    ms-Exch-SMTP-Accept-Authoritative-Domain-Sender
     
    If the account used in the AUTH is a member of a privileged group then
    you have a whole other set of problems. See
    http://technet.microsoft.com/en-us/magazine/2009.09.sdadminholder.aspx.
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Sunday, February 10, 2013 5:42 PM
  • On Sun, 10 Feb 2013 04:36:33 +0000, unsichtbarre wrote:
     
    >
    >
    >On further inspection, all of my Receive Connectors show:
    >
    >FQDN: Specify the FQDN this connector will provide in response to HELO or EHLO. exchange1.cloud.mydomain.com
    >
    >When I try to change it to the external FQDN (cloud.mydomain.com), I get: error
    >If the AuthMechanism attribute on a Receive connector contains the value ExchangeServer, you must set the FQDN parameter on the Receive connector to one of the following values: the FQDN of the transport server
    >"EXCHANGE1.cloud.mydomain.com", the NetBIOS name of the transport server "EXCHANGE1", or $null.Could that be why Outlook is having trouble resolving exchange?
     
    No. Outlook should be using AutoDiscover. The FQDN of a connector
    isn't going to have any effect on that.
     
    If you want to use a Receive Connector that's exposed to the Internet
    you can restrict the IP range on the Default connector and then create
    a 3rd connector.
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Sunday, February 10, 2013 5:46 PM
  • I am almost sure it is:

    >Are you sure it isn't "550 5.7.1 Client does not have permissions to
    >send as this sender"?

    However, the dialog in which this message appears only displays up to "client does not" with no way to expand the window or select the text.

    I find sometimes that the way, or particular window, that a message is displayed in to be as telling as the message itself!

    Thanks!

    Monday, February 11, 2013 12:17 PM