locked
Outlook issues on DirectAccess clients RRS feed

  • Question

  • We have issues with Outlook client (2010) on DirectAccess clients connecting to the Exchange server (exchange 2003 on windows 2003). It used to work till we had issues with IPv6 driver on the Exchange box and we uninstalled IPv6. Now, from the client I can ping the Exchange server (resolves to IPv6 from the UAG server - there is no AAAA record in internal DNS servers for the Exchange server). Also, Outlook can find the mailbox on the Exchange server, is trying to load the profile, but then is troing the error that cannot connect to the Exchange server. I believe this is due to no isatap on the Exchange server because we had to uninstall (not just disable) the IPv6 on that box.

    Everything else is working fine on the DirectAccess clients.

    Any ideas for a work around this issue?

    Friday, October 7, 2011 2:40 PM

Answers

  • I found the problem. Just in case someone else has this issue, here is what was messing up in my case.

    A GPO, under Computer Configuration/Policies/Administrative Templates/System/Remote Procedure Call

    "RPC Endpoint Mapper Client Authentication" was set to Enabled. After changing this setting to Not configured, Outlook started to work without any issues. To make sure that was true, I re-enabled the setting, which broke Outlook again on our DA clients. Changing it back to Not configured enabled again Outlook to connect to Exchange server.

    I'm still a little confused about why that setting was messing up, but at least Outlook is working and our DA clients are happy.


    aburica
    • Marked as answer by aburica Thursday, November 10, 2011 9:05 PM
    Thursday, November 10, 2011 9:05 PM

All replies

  • Hi,

     

    Are you sure you removed legacy DNS records of your Exchange 2003 servers in your DNS zone. If not, your client still try to use it. Whankind of answer do you have from Internet (ISATAP or NAT64)?

     

    Have a nice day.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx
    Friday, October 7, 2011 3:43 PM
  • Yes, I'm positive that all the IPv6 entries for the Exchange server is not in DNS or cached. If I understand corectlly your question, internet clients are using ISATAP.

    Thank you


    aburica
    Friday, October 7, 2011 3:55 PM
  • ISATAP will be used if a AAAA record is found is the DNS zone. Otherwise this will be an NAT64 address.
    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx
    Friday, October 7, 2011 4:00 PM
  • From the internet client, if I ping a device inside the network that has an AAAA record in DNS, it resolves to a combination of IPv6 and IPv4 (2002:xxx:xxxx:xx:xxxx:xxxx:10.81.xx.xx). If the device doesn't have an AAAA record, it resolve to an IPv6 address. Does that means that is using ISATAP for the ones with AAAA record s and NAT64 for the ones without? Might not be relevant, but we're using Teredo tunneling.

    Thank you,

     


    aburica
    • Edited by aburica Friday, October 7, 2011 4:17 PM
    Friday, October 7, 2011 4:14 PM
  • This is an ISATAP address. Are you sure that this address is not present in your DNS zones. If NAT64 respond to your DA clients with an ISATAP, there is no need to generate a NAT64 address.
    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx
    Friday, October 7, 2011 4:17 PM
  • The only DNS record for the Exchange box is an A record. There is nowhere a IPv6 entry for it. I checked and double-checked the zones on all DNS server...flushed dns...

    As I mentioned earlier, everything workd fine couple weeks ago. Then we had to uninstall IPv6 on the Exchange box due to many BSODs. After uninstalling IPv6, the internet clients were not able to use Outlook client to connect to the Exchange server anymore.


    aburica
    Friday, October 7, 2011 4:58 PM
  • I found the problem. Just in case someone else has this issue, here is what was messing up in my case.

    A GPO, under Computer Configuration/Policies/Administrative Templates/System/Remote Procedure Call

    "RPC Endpoint Mapper Client Authentication" was set to Enabled. After changing this setting to Not configured, Outlook started to work without any issues. To make sure that was true, I re-enabled the setting, which broke Outlook again on our DA clients. Changing it back to Not configured enabled again Outlook to connect to Exchange server.

    I'm still a little confused about why that setting was messing up, but at least Outlook is working and our DA clients are happy.


    aburica
    • Marked as answer by aburica Thursday, November 10, 2011 9:05 PM
    Thursday, November 10, 2011 9:05 PM