none
Outlook 2010 and 2013 are unable to connect but OWA (and mail routing) works fine

    Question

  • Hi-

    Not sure why but this past Sunday (just after DST adjustment) outlook clients (using 2010 and 2013) were unable to connect to an Exchange 2013 server.  OWA and mail routing (internal and external) is working fine.  I've even tried on multiple machines and all of them experience the same issue.  On a new machine with a fresh version of outlook 2013 installed here is what happens:

    Click on Outlook 2013
    Click Next until the account setup is displayed.
    Name and email is auto-populated
    Established network connection is good
    Searching for email address settings is good (once the self-signed exchange 2013 cert is accepted)
    And then the logging onto the mail server fails.  The first pop-up is:
    The Connection to Microsoft Exchange is unavailable.  Outlook must be online or connected to complete this action.
    Clicking "OK" is followed up with a window with the Microsoft Exchange connection info.
    It lists Microsoft Exchange server which is populated with: GUID@<domain suffix>
    Mailbox which is populated with: =SMTP:<Valid Email address>

    On the Exchange Server I have noticed that the Web Management Service (WMSVC) is stopped and will not start.  Starting the service outputs:
    EventID 7024
    "The Web Management Service terminated with the following service-specific error:  Unspecified error"

    Not really helpful :)

    Since this is only happening with Outlook on multiple clients I'm expecting something with Exchange or the ability for outlook to connect to exchange.

    Thanks in advance!


    Tuesday, March 12, 2013 1:43 PM

Answers

  • I had this exact same issue, including proper behavior on OWA, ActiveSync, routing, but this RPC error when trying to use Outlook 2010 and 2013.

    I used https://www.testexchangeconnectivity.com and go pretty far in the call stack.  I hit this wall:

    Store logon returned ecRpcHttpDisallowed 1248. RPC/HTTP connections are prohibited for this mailbox.

    This says to enable Mapi for the individual mailbox, but it was already enabled.

    I then went into ECP and I changed Server -> Outlook Anywhere -> Authenication to NTLM from Negotiated and it then worked at  https://www.testexchangeconnectivity.com.

    It started to work internally at this time too, but of course I had to delete the old mail profile and create it anew (to get a new autodiscover file for Outlook).

    Monday, March 18, 2013 10:05 PM

All replies

  • Ok i'm starting to wonder if this might be a certificate issue (I have all self signed certs).  I checked some online sites and they suggested adding A host and SRV records for autodiscovery.  I have an internal domain of something.local and external of something.org.  I have created SRV and A host in both those domains on my internal DNS server (not worried about external connectivity yet).  I seem to get farther with those entries.  Here is the output:

    First:
    Security Alert - mail.something.org (cert issued by a company you have not chosen to trust)

    Second:
    Security Alert - autodiscover.something.org (cert issued by a company you have not chosen to trust)

    Third:
    Outlook error - Problem wiith proxy server's security cert - mail.something.local (error code 18)

    Fourth:
    Outlook error - The connection to Microsoft Exchange is unavailable.  Outlook must be online or connected to complete this action.

    Finally:
    Outlook profile for Microsoft Exchange window:
    Microsoft exchang eserver: GUID@something.org
    Mailbox:  =SMTP:Chris@something.org

    Looking at my internally signed cert (CN=servername.something.local) via ECP I show the following SANs:

    Servername.something.local
    AutoDiscover.something.local
    autodiscover.something.org
    servername
    something.local
    something.org
    mail.something.org

    I can see that I have a cert error trying to connect to mail.something.local which isn't listed in the SAN of the cert.  Could that be the issue?  I could generate another cert rather quickly and easily if necessary.

    Thanks!

    Chris


    Tuesday, March 12, 2013 4:37 PM
  • Bump
    Wednesday, March 13, 2013 3:56 AM
  • Hi Chris,

    It seems like the AD related issue. How about if you restart Exchange server when the issue occurs?

    Please check application event log in GC/DC to see if there is any error.

    Besides, it would be helpful if collecting a network monitoring log when teh issue occurs.


    Fiona Liao
    TechNet Community Support

    Wednesday, March 13, 2013 7:34 AM
    Moderator
  • Thanks for the reply.  I have rebooted the Exchange server multiple times (as well as the domain controllers) without any changes.  I have verified that AD DS, DNS, and replication are all functioning correctly without any errors.  I did find some stale SRV DNS records from retired domain controllers in the zone and those have been removed.  Outlook still is unable to connect.

    When trying to connect to outlook I did notice that I get a proxy server security certificate error.  Saying it's unable to connect to the proxy server mail.something.local (Error Code 8).

    In the Microsoft Exchange window that pops up, how does the client know how to determine GUID@SUFFIX goes?  Is there a way to verify that the GUID is correct?

    Thanks in advance!!
    Chris

    Wednesday, March 13, 2013 1:44 PM
  • If this helps I just ran the Test-outlookconnectivity and it kicked an RPC error (0x6ba).  Here is the output:

    [PS] C:\Windows\system32>Test-OutlookConnectivity -ProbeIdentity 'OutlookMailboxDeepTestProbe' -MailboxId chris@something
    .org -Hostname something.local
    WARNING: Failed Probe Result Details:
    Error: Error 0x6ba (The RPC server is unavailable) from ClientAsyncCallState.CheckCompletion: RpcAsyncCompleteCall
    EEInfo: ComputerName: n/a
    EEInfo: ProcessID: 5052
    EEInfo: Generation Time: 2013-03-13 15:11:25.156
    EEInfo: Generating component: 2
    EEInfo: Status: 0x000006BA
    EEInfo: Detection location: 1710
    EEInfo: Flags: 0
    EEInfo: NumberOfParameters: 1
    EEInfo: prm[0]: Long val: 0 (0x00000000)

    EEInfo: ComputerName: n/a
    EEInfo: ProcessID: 5052
    EEInfo: Generation Time: 2013-03-13 15:11:25.156
    EEInfo: Generating component: 13
    EEInfo: Status: 0x000006BA
    EEInfo: Detection location: 1352
    EEInfo: Flags: 0
    EEInfo: NumberOfParameters: 1
    EEInfo: prm[0]: Long val: -1073606646 (0xC002100A)

    EEInfo: ComputerName: n/a
    EEInfo: ProcessID: 5052
    EEInfo: Generation Time: 2013-03-13 15:11:25.156
    EEInfo: Generating component: 14
    EEInfo: Status: 0xC002100A
    EEInfo: Detection location: 1380
    EEInfo: Flags: 0
    EEInfo: NumberOfParameters: 2
    EEInfo: prm[0]: Long val: 12029 (0x00002EFD)
    EEInfo: prm[1]: Unicode string: /rpc/rpcproxy.dll?something.local:6001

    Exception: Microsoft.Exchange.Rpc.ServerUnavailableException: Error 0x6ba (The RPC server is unavailable) from
    ClientAsyncCallState.CheckCompletion: RpcAsyncCompleteCall
    EEInfo: ComputerName: n/a
    EEInfo: ProcessID: 5052
    EEInfo: Generation Time: 2013-03-13 15:11:25.156
    EEInfo: Generating component: 2
    EEInfo: Status: 0x000006BA
    EEInfo: Detection location: 1710
    EEInfo: Flags: 0
    EEInfo: NumberOfParameters: 1
    EEInfo: prm[0]: Long val: 0 (0x00000000)

    EEInfo: ComputerName: n/a
    EEInfo: ProcessID: 5052
    EEInfo: Generation Time: 2013-03-13 15:11:25.156
    EEInfo: Generating component: 13
    EEInfo: Status: 0x000006BA
    EEInfo: Detection location: 1352
    EEInfo: Flags: 0
    EEInfo: NumberOfParameters: 1
    EEInfo: prm[0]: Long val: -1073606646 (0xC002100A)

    EEInfo: ComputerName: n/a
    EEInfo: ProcessID: 5052
    EEInfo: Generation Time: 2013-03-13 15:11:25.156
    EEInfo: Generating component: 14
    EEInfo: Status: 0xC002100A
    EEInfo: Detection location: 1380
    EEInfo: Flags: 0
    EEInfo: NumberOfParameters: 2
    EEInfo: prm[0]: Long val: 12029 (0x00002EFD)
    EEInfo: prm[1]: Unicode string: /rpc/rpcproxy.dll?something.local:6001

       at Microsoft.Exchange.Rpc.ClientAsyncCallState.CheckCompletion()
       at Microsoft.Exchange.Rpc.ExchangeClient.ClientAsyncCallState_Connect.End(IntPtr& contextHandle, TimeSpan& pollsMax,
     Int32& retryCount, TimeSpan& retryDelay, String& dnPrefix, String& displayName, Int16[]& serverVersion,
    ArraySegment`1& segmentExtendedAuxOut)
       at Microsoft.Exchange.Rpc.ExchangeClient.ExchangeAsyncRpcClient.EndConnect(ICancelableAsyncResult result, IntPtr&
    contextHandle, TimeSpan& pollsMax, Int32& retryCount, TimeSpan& retryDelay, String& dnPrefix, String& displayName,
    Int16[]& serverVersion, ArraySegment`1& segmentExtendedAuxOut)
       at Microsoft.Exchange.RpcClientAccess.Monitoring.EmsmdbClient.ConnectCallContext.OnEnd(ICancelableAsyncResult
    asyncResult)
       at
    Microsoft.Exchange.RpcClientAccess.Monitoring.ClientCancelableCallContext`1.<InternalEnd>b__3(ICancelableAsyncResult
    r)
       at Microsoft.Exchange.RpcClientAccess.Monitoring.ClientCancelableCallContext`1.DeferExceptions[TArgIn](Action`1
    guardedAction, TArgIn arg)

    MonitorIdentity                          StartTime       EndTime         Result               Error                Exce
                                                                                                                       ptio
                                                                                                                       n
    ---------------                          ---------       -------         ------               -----                ----
    Outlook.Protocol\OutlookMailboxDeepTe... 3/13/2013 3:... 3/13/2013 3:... Failed               Error 0x6ba (The ... M...


    [PS] C:\Windows\system32>


    Wednesday, March 13, 2013 4:06 PM
  • could you please do one small thing i.e

    If exchange mode instead of name type exchange server IP on outlook then check.


    Don't forget to mark helpful or answer

    connect me :-

    http://in.linkedin.com/in/satya11

    http://facebook.com/satya.1000

    Wednesday, March 13, 2013 5:20 PM
  • Very good idea with the IP instead of the name.  Unfortunately, the output is almost the same.  "The name cannot be resolved.  The connection to Microsoft Exchange is unavailable.  Outlook must be online or connected to complete this action."

    Chris

    Thursday, March 14, 2013 12:06 AM
  • Bump :(
    Thursday, March 14, 2013 10:28 PM
  • I had this exact same issue, including proper behavior on OWA, ActiveSync, routing, but this RPC error when trying to use Outlook 2010 and 2013.

    I used https://www.testexchangeconnectivity.com and go pretty far in the call stack.  I hit this wall:

    Store logon returned ecRpcHttpDisallowed 1248. RPC/HTTP connections are prohibited for this mailbox.

    This says to enable Mapi for the individual mailbox, but it was already enabled.

    I then went into ECP and I changed Server -> Outlook Anywhere -> Authenication to NTLM from Negotiated and it then worked at  https://www.testexchangeconnectivity.com.

    It started to work internally at this time too, but of course I had to delete the old mail profile and create it anew (to get a new autodiscover file for Outlook).

    Monday, March 18, 2013 10:05 PM
  • Hello

    Please check if secure connection is enabled from outlook end if it is enabled from server end.


    Thanks Prem P Rana MCSA Messaging 2003 MCSE 2003 Server MCTS MCITP Exchange 2007, 2010 Gurgaon, India http://blogs.msexchange-experts.com

    Tuesday, March 19, 2013 4:37 PM
  • Hi Chris - did you end up getting this resolved? I am having the exact same problem!

    Regards, Brian

    Wednesday, May 15, 2013 12:51 PM
  • Sadly no.  I reverted back to Exch 2010 and I will wait for more online technical documentation to surface.
    • Proposed as answer by FELIX JACOB Wednesday, August 14, 2013 9:11 PM
    • Unproposed as answer by FELIX JACOB Wednesday, August 14, 2013 9:11 PM
    Wednesday, May 15, 2013 1:14 PM
  • Hi Chris,

    I got ours going although it might be a slightly different problem from yours. I just added the certificate to the trusted root store on the computer with outlook installed. Note that I also created a new self-signed certificate with all the possible combinations of internal urls on exchange and copied it to both the personal and trusted root stores of the exchange computer account. This is all really messy really, no better that exchange 2010 - both should raise certificates from the domain CA and these sort of problems wouldn't occur.

    Regards, Brian

    Thursday, May 16, 2013 7:51 AM
  • We had similar problems when rebuilding a CAS server. No clients could connect to it and were getting a random Certificate Pop-up that didn't seem to associate with the symptom initially. We are configured for Kerberos delegated Auth. and when the server was rebuilt, we had to run "RollAlternateServiceAccountPassword.ps1 -ToArrayMembers -Identity "<CAS ARRAY>" -GenerateNewPasswordFor <domain>\ASA_Account

    this added the information back to the AlternateServiceAccountConfiguration setting on the server.

    Get-ClientAccessServer <servername> -IncludeAlternateServiceAccountCredentialStatus |FL name,*alt*

    
    Monday, August 05, 2013 7:52 PM
  • We have experienced the same issue in out environment today. To fix it, you will need to change the value of the below key from "0" to "1".

    HKCU\Software\Policies\Microsoft\Office\14.0\outlook\rpc\enablerpcencryption

    Basically this enables the encryption between outlook client and CAS. If you are using Outlook 2013, change the value at HKCU\Software\Policies\Microsoft\Office\15.0\outlook\rpc\enablerpcencryption

    • Proposed as answer by FELIX JACOB Wednesday, August 14, 2013 9:15 PM
    Wednesday, August 14, 2013 9:15 PM
  • i have perfected a more appropriate and refined approach to deploy exchange 2013 without any of the hicups that alot of people face (including me).

    1. Create a self-signed certificate using the exchange 2013 ECP web interface. Check that as you create the certificate, you have the following entries under domains included: 

    - ServerName

    - ServerName.domain

    - OWA external url

    - OWA internal url

    - DomainName

    - Autodiscover.domain

    2. When this Cert creation process is done, export the Cert to any folder e.g desktop. (Open run and type "mmc" and hit enter. open file and add snap-in. select certificates and click "add". select "computer account" and click finish and then finish again on the next window. click certificates in right pane. go to personal and select certificates and then select the certificate that you created in the exchange ecp and export it.)

    3. Copy the cert to the AD server.

    4 Create a group policy with any name. Edit it (Computer Config>Policies>Windows Settings>Security Settings>Public Key Policies>Trusted Root Cert Authorities). Then import the Cert you copied from the exchange server and apply the policy to the whole domain.

    5. Open CMD and run "gpupdate /force" on the AD server.

    6.Check to make sure that the AD/DNS server that is deploying the cert is is listed on the exchange servers adapter as a DNS server (either primary or secondary) and also on the DHCP settings.

    7. Go back to the Exchange server and open IIS manager. Select the Default WebSite under Sites. On the extreme right pane, select bindings. Select "https" (without 127.0.0.1) and then select the cert you created using exchange ecp and apply it and close the window and restart the "world wide web publishing" service (iisreset /noforce usually does not work as desired everytime).

    8. Restart all client machines.

    9. Open Control panel and then click on mail. create a new profile and follow the steps. Everything should be straight forward from there as it will pick the user logged in and setup their profile automatically.

    NB: step 9 is for computers that are part of the domain.
    Thursday, January 30, 2014 9:43 AM
  • Hi,

    Can check once again permission for ID's in AD.

    Friday, March 28, 2014 6:45 AM
  • i was getting this error on some PCs but after installing SP1 (CU4) on the CAS server. I struggled wit it for 2 days before i could figuring out that the pesky Kaspersky was messing the connnections. I disabled it and Voila, outlook happily connected. I renabled it again and outlook worked happily.
    15 hours 32 minutes ago