none
Problems when Publishing Outlook Anywhere with TMG 2010

    Dotaz

  • Hi,

    I have logged this in the Exchange forums as well and have been asked to log it here.

    I have 2 Exchange 2010 CAS servers in Windows NLB array.  I have published OWA and Activesync via TMG server using a connector with FBA.  I am however having endless trouble getting Outlook Anywhere to work on the same listener.

    Whenever I do a test on testexchangeconnectivity.com i get the following:

    RPC Proxy can't be pinged.
     
    Additional Details
     

    An HTTP 401 Unauthorized response was received from the remote Unknown server. This is usually the result of an incorrect username or password. If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN).

    Below is a screenshot:

    Test Exchange ErrorI have run further tests such as us RPC Ping tests from client machines and servers on the network and the results are follows:

    rpcping -t ncacn_http -s webmail.domain.gov.za -o RpcProxy=webmail.domain.gov.za -P "user,domain,pass" -I "user,domain,pass" -H 2 -u 10 -a connect -F 3 -v 3 -E -R none
    RPCPing v2.12. Copyright (C) Microsoft Corporation, 2002
    OS Version is: 6.1, Service Pack 1

    RPCPinging proxy server webmail.domain.gov.za with Echo Request Packet
    Sending ping to server
    Response from server received: 200
    Pinging successfully completed in 219 ms

    When the above test is run from a machine on the internet the result is as follows:

    Sending ping to server
    Response from server received: 401
    Client is not authorized to ping RPC proxy
    Ping failed.

    Further PowerShell tests were run on both the CAS servers and results are below:

    Test-OutlookConnectivity -identity username@domain.gov.za -RpcProxyTestType:External -RpcTestType Server -MailboxCredential (Get-Credential domain\username)

    ClientAccessServer   ServiceEndpoint                               Scenario                            Result  Latency
                                                                                                                      (MS)
    ------------------   ---------------                               --------                            ------  -------
    servername.domain... servername.domain.gov.za                      RpcProxy::VerifyRpcProxy.           Success ...3.95
    servername.domain... servername.domain.gov.za                      RFRI::GetReferral.                  Success 2449.26
    servername.domain... servername.domain.gov.za                      NSPI::GetProfileDetails.            Success 2433.66
    servername.domain... servername.domain.gov.za                      Mailbox::Connect.                   Success 2386.86
    servername.domain... servername.domain.gov.za                      Mailbox::Logon.                     Success   93.60

    Test-OutlookConnectivity -identity username@domain.gov.za -RpcProxyTestType:Internal -RpcTestType Server -MailboxCredential (Get-Credential domain\username)

    ClientAccessServer   ServiceEndpoint                               Scenario                            Result  Latency
                                                                                                                      (MS)
    ------------------   ---------------                               --------                            ------  -------
    servername.domain... servername.domain.gov.za                      RpcProxy::VerifyRpcProxy.           Success   15.60
    servername.domain... servername.domain.gov.za                      RFRI::GetReferral.                  Failure   -1.00
    servername.domain... servername.domain.gov.za                      NSPI::GetProfileDetails.            Failure   -1.00
    servername.domain... servername.domain.gov.za                      Mailbox::Connect.                   Failure   -1.00
    servername.domain... servername.domain.gov.za                      Mailbox::Logon.                     Skipped   -1.00

    Test-OutlookConnectivity -Protocol HTTP -Identity username@domain.gov.za -MailboxCredential (Get-Credential domain\username)

    ClientAccessServer   ServiceEndpoint                               Scenario                            Result  Latency
                                                                                                                      (MS)
    ------------------   ---------------                               --------                            ------  -------
    servername.domain... webmail.domain.gov.za                         Autodiscover: Web service request.  Success 1591.24
    servername.domain... exccas01.domain.gov.za                        RpcProxy::VerifyRpcProxy.           Success   15.60
    servername.domain... exccas01.domain.gov.za                        RFRI::GetReferral.                  Success ...5.95
    servername.domain... exccas01.domain.gov.za                        NSPI::GetProfileDetails.            Success 2371.26
    servername.domain... exccas01.domain.gov.za                        Mailbox::Connect.                   Success 2340.06
    servername.domain... exccas01.domain.gov.za                        Mailbox::Logon.                     Success   31.20

    Test-OutlookConnectivity -identity username@domain.gov.za -RpcProxyTestType:External -RpcTestType Server -MailboxCredential (Get-Credential domain\username)

    ClientAccessServer   ServiceEndpoint                               Scenario                            Result  Latency
                                                                                                                      (MS)
    ------------------   ---------------                               --------                            ------  -------
    servername.domain... servername.domain.gov.za                      RpcProxy::VerifyRpcProxy.           Success   15.60
    servername.domain... servername.domain.gov.za                      RFRI::GetReferral.                  Success 2386.80
    servername.domain... servername.domain.gov.za                      NSPI::GetProfileDetails.            Success 2355.60
    servername.domain... servername.domain.gov.za                      Mailbox::Connect.                   Success 2340.00
    servername.domain... servername.domain.gov.za                      Mailbox::Logon.                     Success    0.00


    Test-OutlookConnectivity -identity username@domain.gov.za -RpcProxyTestType:Internal -RpcTestType Server -MailboxCredential (Get-Credential domain\username)

    ClientAccessServer   ServiceEndpoint                               Scenario                            Result  Latency
                                                                                                                      (MS)
    ------------------   ---------------                               --------                            ------  -------
    servername.domain... servername.domain.gov.za                      RpcProxy::VerifyRpcProxy.           Success   15.60
    servername.domain... servername.domain.gov.za                      RFRI::GetReferral.                  Failure   -1.00
    servername.domain... servername.domain.gov.za                      NSPI::GetProfileDetails.            Failure   -1.00
    servername.domain... servername.domain.gov.za                      Mailbox::Connect.                   Failure   -1.00
    servername.domain... servername.domain.gov.za                      Mailbox::Logon.                     Skipped   -1.00


    Test-OutlookConnectivity -Protocol HTTP -Identity username@domain.gov.za -MailboxCredential (Get-Credential domain\username)

    ClientAccessServer   ServiceEndpoint                               Scenario                            Result  Latency
                                                                                                                      (MS)
    ------------------   ---------------                               --------                            ------  -------
    servername.domain... webmail.domain.gov.za                         Autodiscover: Web service request.  Success  140.40
    servername.domain... exccas01.domain.gov.za                        RpcProxy::VerifyRpcProxy.           Success    0.00
    servername.domain... exccas01.domain.gov.za                        RFRI::GetReferral.                  Success 2340.00
    servername.domain... exccas01.domain.gov.za                        NSPI::GetProfileDetails.            Success 2371.20
    servername.domain... exccas01.domain.gov.za                        Mailbox::Connect.                   Success 2324.40
    servername.domain... exccas01.domain.gov.za                        Mailbox::Logon.                     Success   15.60

    While investigating the IIS logs I can across the following:

    RPC_IN_DATA /rpc/rpcproxy.dll exccas01.domain.gov.za:6002 443 - 10.36.98.235 MSRPC 401 2 64 15
    RPC_OUT_DATA /rpc/rpcproxy.dll exccas01.domain.gov.za:6002 443 - 10.36.98.235 MSRPC 401 2 64 0

    I have now spent more than 3 days trying to figure this out and I coming to my wits ends in trying to find a resolution.  I would appreciate any assistance that will result in a resolution to my current dilema! 

    Please help!!


    When I create a server farm in TMG and test the rule i get the following:

    RPC Proxy can't be pinged.
     
    Additional Details
      An HTTP 500 response was returned from ISA.

    • Upravený Guji 16. července 2012 12:15
    16. července 2012 12:10

Odpovědi

  • Hi,

    Thank  you for the post.

    First, please checked the Authentication method as per the below article. And what is TMG logging when external user access outlook anywhere?

    http://blogs.technet.com/b/exchange/archive/2010/09/23/3411146.aspx

    Regards,


    Nick Gu - MSFT

    18. července 2012 6:17
    Moderátor
  • Hello,

    As I see you have a problem with the authentication.

    Please follow this video to publish Outlook Anywhere. Be careful with the authentication part: http://www.msexchange.org/articles_tutorials/videos/exchange-server-2010/security-message-hygiene/video-publishing-outlook-anywhere-using-tmg-2010.html


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    22. července 2012 17:11
  • Thanks guys for all the assistance .... I had to change my authentication delegation and all is working 100% now!
    • Označen jako odpověď Guji 26. července 2012 5:57
    26. července 2012 5:57

Všechny reakce

  • Hi,

    Thank  you for the post.

    First, please checked the Authentication method as per the below article. And what is TMG logging when external user access outlook anywhere?

    http://blogs.technet.com/b/exchange/archive/2010/09/23/3411146.aspx

    Regards,


    Nick Gu - MSFT

    18. července 2012 6:17
    Moderátor
  • Hello,

    As I see you have a problem with the authentication.

    Please follow this video to publish Outlook Anywhere. Be careful with the authentication part: http://www.msexchange.org/articles_tutorials/videos/exchange-server-2010/security-message-hygiene/video-publishing-outlook-anywhere-using-tmg-2010.html


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    22. července 2012 17:11
  • Thanks guys for all the assistance .... I had to change my authentication delegation and all is working 100% now!
    • Označen jako odpověď Guji 26. července 2012 5:57
    26. července 2012 5:57