none
action cannot be completed.The connection to Microsoft Exchange is unavailable

    Question

  • I have the warning below

    "action cannot be completed.The connection to Microsoft Exchange is unavailable..."

    my setup:

    I configure the Outlook anywhere in my exchange 2007 SP1 already. Outlook anywhere works fine internally

    I configure correctly on my owa certificate and no security warning issue.

    I open port from 6001-6004 in router broadband and  I telnet the port and it respons.

     

    As I configure outlook client using ADSL broadband, the credential is asked and the warning above is appeared.

    I made a trial & error. I configured the profile for outlook inside the network so that it resolved. and It resolved successfully in Internal network.

    Then, I tried ADSL broadband outside my internal network, and open my outlook 2007 client and the funny things the connection is established after asking the credential.

    How that happened? the weird thing is that the server name and name of user can't be resolved when create the new profile outside the network. I have to do resolved name and servername and configure outlook anywhere inside the network first. then, after that, the outlook work fine if we use the outlook at home.

    I couldn't find the answer...help me please where i do wrong.

     


    Aliyani Sabrey
    Thursday, November 11, 2010 1:04 PM

Answers

  • Your configuration is flawed.

    You do not have to open any other port other than port 443 for Outlook Anywhere support. Close the additional ports.
    Any reason why you haven't updated to at least Exchange 2007 SP2, preferably SP3?

    Is your SSL certificate a commercial one or the self signed one created during setup? If the latter, then that isn't supported.
    If the former, is it a unified communications certificate or a standard single name certificate?

    How do you know that Outlook Anywhere works internally? Most people presume that it does, but in actual fact it does not, because Outlook will attempt to use TCP/IP first.
    Hold down CTRL while right clicking on the Outlook icon in the system tray and choose Connection Status. That will show you how Outlook is connecting. If it is says TCP/IP then it is not using Outlook Anywhere.

    Run a test account through the Microsoft test site at http://exrca.com/ . See what that comes back with.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources
    Thursday, November 11, 2010 3:26 PM
  • Thank for once again.. I already figure out. I think I have to change the Autodiscover which I follow the URL below:

    http://support.microsoft.com/?kbid=940726

     

    The outlook anywhere works now with "https" connectivity. I already closed the port I open which is 6001-6004 where I followed the configuration of exchange 2003 previously that I assumed the same with both 2003 and 2007.

    however, once the outlook to copy the mailbox to local mailbox, there is security warning on certificate of autodiscover certificate does not match with principal name of certificates. I didn't know what else I missed.

     


    Aliyani Sabrey
    Friday, November 12, 2010 1:15 AM

All replies

  • Your configuration is flawed.

    You do not have to open any other port other than port 443 for Outlook Anywhere support. Close the additional ports.
    Any reason why you haven't updated to at least Exchange 2007 SP2, preferably SP3?

    Is your SSL certificate a commercial one or the self signed one created during setup? If the latter, then that isn't supported.
    If the former, is it a unified communications certificate or a standard single name certificate?

    How do you know that Outlook Anywhere works internally? Most people presume that it does, but in actual fact it does not, because Outlook will attempt to use TCP/IP first.
    Hold down CTRL while right clicking on the Outlook icon in the system tray and choose Connection Status. That will show you how Outlook is connecting. If it is says TCP/IP then it is not using Outlook Anywhere.

    Run a test account through the Microsoft test site at http://exrca.com/ . See what that comes back with.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources
    Thursday, November 11, 2010 3:26 PM
  • On Thu, 11 Nov 2010 13:04:34 +0000, Aliyani Sabrey wrote:
     
    [ snip ]
     
    >I open port from 6001-6004 in router broadband and I telnet the port and it respons.
     
    Don't do that. The RPC is encapsulated in HTTPS. The router should
    only see port 443 traffic.
     
    >As I configure outlook client using ADSL broadband, the credential is asked and the warning above is appeared.
    >
    >I made a trial & error. I configured the profile for outlook inside the network so that it resolved. and It resolved successfully in Internal network.
    >
    >Then, I tried ADSL broadband outside my internal network, and open my outlook 2007 client and the funny things the connection is established after asking the credential.
    >
    >How that happened? the weird thing is that the server name and name of user can't be resolved when create the new profile outside the network. I have to do resolved name and servername and configure outlook anywhere inside the network first. then, after that, the outlook work fine if we use the outlook at home.
     
    It sounds like AutoDiscover isn't working over your external
    connection. It might be a DNS problem.
     
    >I couldn't find the answer...help me please where i do wrong.
     
    Start here:
     
    http://testoutlookconnectivity.com
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Thursday, November 11, 2010 4:06 PM
  • Thank you for kind reply.

     

    Rich Matheisen, how do we know the autodiscover isn't working over external? can you guide me how to change..

    I check that the AutodiscoverServiceInternalUri point to -? https://mycomp.domain.local/autodiscover/autodiscover.xml

    I check at http://www.testexchangeconnectivity.com, my autodiscover failed.

     
      The SSL certificate failed one or more certificate validation checks.
     
    Test Steps
     
    Validating the certificate name.
      Certificate name validation failed.


    Aliyani Sabrey
    Thursday, November 11, 2010 11:07 PM
  • On Thu, 11 Nov 2010 23:07:02 +0000, Aliyani Sabrey wrote:
     
    >Rich Matheisen, how do we know the autodiscover isn't working over external?
     
    I don't know that, but it's what I suspect.
     
    >can you guide me how to change..
     
    Without knowing what's not right it's hard to tell you what to
    correct. Start with these links:
     
    http://technet.microsoft.com/en-us/library/bb332063(EXCHG.80).aspx
    http://www.exchange-genie.com/2007/07/exchange-2007-autodiscover-service-part-1/
    http://technet.microsoft.com/en-us/library/bb232838(EXCHG.80).aspx
    http://msexchangeteam.com/archive/2007/04/30/438249.aspx
     
     
    >I check that the AutodiscoverServiceInternalUri point to -? https://mycomp.domain.local/autodiscover/autodiscover.xml
    >
    >I check at http://www.testexchangeconnectivity.com, my autodiscover failed.
    >
    >
    > The SSL certificate failed one or more certificate validation checks.
    > Test Steps
    > Validating the certificate name.
    > Certificate name validation failed.
     
    So you're using a certificate generated by one of your own Certificate
    Authorities, or a certificate that's self-signed by the Exchange
    server? If that's so, get a certificate from a public CA.
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Friday, November 12, 2010 12:43 AM
  • Thank for once again.. I already figure out. I think I have to change the Autodiscover which I follow the URL below:

    http://support.microsoft.com/?kbid=940726

     

    The outlook anywhere works now with "https" connectivity. I already closed the port I open which is 6001-6004 where I followed the configuration of exchange 2003 previously that I assumed the same with both 2003 and 2007.

    however, once the outlook to copy the mailbox to local mailbox, there is security warning on certificate of autodiscover certificate does not match with principal name of certificates. I didn't know what else I missed.

     


    Aliyani Sabrey
    Friday, November 12, 2010 1:15 AM
  • On Fri, 12 Nov 2010 01:15:32 +0000, Aliyani Sabrey wrote:
     
    >
    >
    >Thank for once again.. I already figure out. I think I have to change the Autodiscover which I follow the URL below:
    >
    >http://support.microsoft.com/?kbid=940726
    >
    >
    >
    >The outlook anywhere works now with "https" connectivity. I already closed the port I open which is 6001-6004 where I followed the configuration of exchange 2003 previously that I assumed the same with both 2003 and 2007.
    >
    >however, once the outlook to copy the mailbox to local mailbox, there is security warning on certificate of autodiscover certificate does not match with principal name of certificates. I didn't know what else I missed.
     
    If you're only using one certificate you can try the SRV record in DNS
    approach. The information is in the autodiscover whitepaper.
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Friday, November 12, 2010 3:40 AM
  • If you're only using one certificate you can try the SRV record in DNS
    approach. The information is in the autodiscover whitepaper
    can you tell me how? and what's the link (URL)?

    Aliyani Sabrey
    Friday, November 12, 2010 6:01 AM
  • On Fri, 12 Nov 2010 06:01:07 +0000, Aliyani Sabrey wrote:
     
    >>If you're only using one certificate you can try the SRV record in DNS approach. The information is in the autodiscover whitepaper
     
    >can you tell me how? and what's the link (URL)?
     
    The references were in my previous reply to you.
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Saturday, November 13, 2010 3:40 AM