locked
Exchange 2010 Outlook anywhere setup RRS feed

  • Question

  • I have exchange 2010 installed and working fine. the organization has 1 DC(dhcp+dns) and 1 exchange server with all the roles installed.

    i want to configure outlook anywhere so as the users can use their exhange mailbox normally when not in the domain. guys please help me here. i have seen others connect their exchnage mailbox in outlook remotely as if they are connecting to local exchange server using outlook.

    regards

    yusuf kamruddin

    Friday, September 14, 2012 1:56 PM

All replies

  • 1. Make sure that the FQDN which will be used by the external clients is Published.That is you have a A record created for the same.

    If you have not configured external url property for OWA,OAB,Exchange webservices,Active sync,ECP virtual directory you need to it as follows with following commands:

     

    For ex:If you are using FQDN as "mail.contoso.com"  than the commands will be as follows:

    Set-OWAVirtualDirectory –Identity 2010CASHUB02\OWA (default web site) -ExternalURL https://mail.contoso.com/OWA

    Set-OABVirtualDirectory –Identity 2010CASHUB02\OAB (default web site) -ExternalURL https://mail.contoso.com/OAB

    Set-WebServicesVirtualDirectory –Identity 2010CASUB02\EWS (default web site) -ExternalURL https://mail.contoso.com/ews/exchange.asmx

    Set-ActiveSyncVirtualDirectory –Identity 2010CASHUB02\Microsoft-Server-ActiveSync (default web site) -ExternalURL https://mail.contoso.com/Microsoft-Server-ActiveSync

    Set-ECPVirtualDirectory –Identity 2010CASHUB02\ECP (default web site) -ExternalURL https://mail.contoso.com/ECP


    Where -identity parameter will have the name of your Exchange CAS server.

    2. Make sure you have a certificate with the correct FQDN names published so that your outllook anywhere works properly.

    3. You can enable outlook anywhere using below command

    Enable-OutlookAnywhere -Server CAS01 -ExternalHostname "mail.contoso.com" -DefaultAuthenticationMethod "Basic" -SSLOffloading:$False

    or you can enable outlook anywhere using EMC as below

    http://exchangeserverpro.com/how-to-configure-exchange-server-2010-outlook-anywhere

    • Proposed as answer by Mits_J9 Friday, September 14, 2012 3:16 PM
    Friday, September 14, 2012 2:44 PM
  • ---Hi,

    For Outlook Any Where :( Check the following requirements)

    1. Auto discover ( IIS Web Server) Should be working fine.

    --Check https://autodiscover.yourdomain.com (Without Certification issue)

    2. Need to purchase SSL Certificate for Mail Server.

    3. RPC over HTTP , you will need to add this features using Server manager

    4. Enable Outlook Any Where ( EMS--Server manager---Client Access---In Action Pane ---Enable Outlook Anywhere)


    Regards, Nayan

    Friday, September 14, 2012 2:46 PM
  • Hey Guys thank you very much for your replies.

    I was succesfull in making outlook anywhere to work but whenever outlook 2010 client  is opened there are 3 alerts come up, 2 are security alerts and 1 is asking for windows security logon credentials.

    How to solve this issue guys.

    Thank you again

    Yusuf Kamruddin

    Monday, September 17, 2012 8:54 AM
  • Sorry all, i forgot to attach the screen shots i have taken for the alerts i get.
    Monday, September 17, 2012 9:05 AM
  • Monday, September 17, 2012 9:06 AM
  • Monday, September 17, 2012 9:06 AM
  • Monday, September 17, 2012 9:41 AM
  • Thank you theExchangegeek for your reply.

    I tried that but still am getting all the 3 alerts. When i enable outlook anywhere in outlook client i get all the 3 alerts, but if i disable the outlook anywhere in the outlook client i only get the first 2 security alerts and i dont get the logon alert.

    The good thing is outlook anywhere works fine, its only the 3 alerts which is irritating alot.

    When i do Outlook Anywhere-RPC over HTTP (Use Autodiscover to detect settings)test using https://www.testexchangeconnectivity.com/ i get 'connectivity test failed', but i use Outlook Anywhere-RPC over HTTP (Manually specify server settings0) i get 'Connectivity Test Successful'. i feel maybe by autodiscovery setting have problems.

    regards

    Yusuf Kamruddin


    Monday, September 17, 2012 12:45 PM
  • Hi Yusuf

    What is the common name of the certificate you have installed?  Is this a public certificate i.e. you bought it from a CA?  Is it a UC or SAN certificate with multiple alternate names, and if so what are the other names?

    Steve

    Monday, September 17, 2012 1:53 PM
  • For the security popup, follow this KB:

    http://support.microsoft.com/kb/940726

    For the authentication pop up,follow this KB:

    http://www.microsoft.com/en-us/download/details.aspx?id=22723


    ExchangeGeek (MCITP,Enterprise Messaging Administrator) "Don't forget to mark helpful or answer"

    Monday, September 17, 2012 2:04 PM
  • Hi Steve,

    Yes i have bought the certificate from digicert.com and its for a single domain only.

    regards

    yusuf kamruddin

    Tuesday, September 18, 2012 5:36 AM
  • Hi TheExchangeGeek,

    Thank you for your reply.

    i tried the first KB for security popups but it didnt solve the problem of the 2 security alerts.

    But the 2nd one is helpful to me because i dont use Forefront TMG or Forefront UAG.

    i am attaching test connection results i did on my outlook.

    regards

    yusuf kamruddin

    Tuesday, September 18, 2012 7:05 AM
  • If you want this to work externally you will need to have autodiscover.yourdomain.com included in the certificate, clients on the Internet will attempt to use DNS to resolve this name so it needs to be in your public DNS too.

    Steve

    Tuesday, September 18, 2012 7:54 AM
  • Hi Steve,

    Thank you for your reply.

    i have SSL certificate from digicert.com. how do i include the autodiscover.yourdomain.com in the certificate and how do i add in the public DNS?

    i am new to exchange 2010 thats why i am asking alot of questions.

    regards

    yusuf

    Tuesday, September 18, 2012 8:17 AM
  • I afraid ,you need to purchase a new SAN certificate for this.

    Follow this article to generate a new cert request.

    https://www.digicert.com/easy-csr/exchange2010.htm

    http://exchangeserverpro.com/how-to-issue-a-san-certificate-to-exchange-server-2010-from-a-private-certificate-authority

    As a alternative name, please include these:

    1.OWA URL

    2.autodiscover .smtp domain

    3.CAS array and CAS servers' name

    4.All the accepted domains


    ExchangeGeek (MCITP,Enterprise Messaging Administrator)

    ***Don't forget to mark helpful or answer***

    Tuesday, September 18, 2012 9:21 AM
  • Give digicert a call or email, their customer service is really good in my experience.  Ask them to revoke your single name SSL and replace it with a UC certificate: http://www.digicert.com/unified-communications-ssl-tls.htm

    Steve


    Tuesday, September 18, 2012 11:24 AM
  • thank you very much TheExchangeGeek and steve for your support. i will talk to my client who i have configured exchange 2010 for, for getting a new UC certificate. After i install the new UC certificate will let you know guys.

    regards

    yusuf

    Tuesday, September 18, 2012 12:29 PM
  • Hi All,

    I have installed the new UC certificate with mail and autodiscover entrys, but still i get the prompt and the alert. if i do the outlook anywhere and outlook autodiscover test through www.testexchangeconnectivity.com i get test not succesfull.

    regards

    yusuf kamruddin

    Thursday, September 27, 2012 7:07 AM
  • Can you post the result of the test? Have you installed the cert on the TMG as well?


    ExchangeGeek (MCITP,Enterprise Messaging Administrator)

    ***Don't forget to mark helpful or answer***

    Thursday, September 27, 2012 12:45 PM
  • Hi TheExchangeGeek,

    here is the results for the test.

    Testing RPC/HTTP connectivity.

    The RPC/HTTP test failed.

    Test Steps

    ExRCA is attempting to test Autodiscover for abc@contosa.com.

    Testing Autodiscover failed.

    Test Steps

    Attempting each method of contacting the Autodiscover service.

    The Autodiscover service couldn't be contacted successfully by any method.

    Test Steps

    Attempting to test potential Autodiscover URL https://contosa.com/AutoDiscover/AutoDiscover.xml

    Testing of this potential Autodiscover URL failed.

    Test Steps

    Attempting to resolve the host name contosa.com in DNS.

    The host name resolved successfully.

    Additional Details

    IP addresses returned: xxx.xxx.xxx.xxx

    Testing TCP port 443 on host skylinktanzania.com to ensure it's listening and open.

    The port was opened successfully.

    Testing the SSL certificate to make sure it's valid.

    The SSL certificate failed one or more certificate validation checks.

    Test Steps

    ExRCA is attempting to obtain the SSL certificate from remote server contosa.com on port 443.

    ExRCA wasn't able to obtain the remote SSL certificate.

    Additional Details

    The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.

    Attempting to test potential Autodiscover URL https://autodiscover.contosa.com/AutoDiscover/AutoDiscover.xml

    Testing of this potential Autodiscover URL failed.

    Test Steps

    Attempting to resolve the host name autodiscover.skylinktanzania.com in DNS.

    The host name couldn't be resolved.

    Tell me more about this issue and how to resolve it

    Additional Details

    Host autodiscover.contosa.com couldn't be resolved in DNS InfoDomainNonexistent.

    Attempting to contact the Autodiscover service using the HTTP redirect method.

    The attempt to contact Autodiscover using the HTTP Redirect method failed.

    Test Steps

    Attempting to resolve the host name autodiscover.skylinktanzania.com in DNS.

    The host name couldn't be resolved.

    Tell me more about this issue and how to resolve it

    Additional Details

    Host autodiscover.contosa.com couldn't be resolved in DNS InfoDomainNonexistent.

    Attempting to contact the Autodiscover service using the DNS SRV redirect method.

    ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.

    Test Steps

    Attempting to locate SRV record _autodiscover._tcp.contosa.com in DNS.

    The Autodiscover SRV record wasn't found in DNS.

    Tell me more about this issue and how to resolve it

    The above is the results of the test.

    once i configure outlook anywhere in clients they start prompting password whenever outlook is opened.

    regards

    Yusuf Kamruddin

    Wednesday, October 3, 2012 7:43 AM
  • I see some issues on auto discover & certificate.

    Make sure you have created an A Record for autodoscover.domain.com in public DNS and in ping-able.

    Check your certificates and if have properly imported them on you CAS servers and enabled the corresponding service.


    ExchangeGeek (MCITP,Enterprise Messaging Administrator)

    ***Don't forget to mark helpful or answer***

    **Note:(My posts are provided “AS IS” without warranty of any kind)


    Wednesday, October 3, 2012 8:34 AM