locked
Exchange Server 2007 sp1 RollUp 4 and all other up to RollUp 8 does not fix Outlook Anywhere issue on Windows 2008. RRS feed

  • Question

  • I have Installed rollup 8 and Windows 2008 sp2, but Outlook Anywhere does not work.

    C:\>netstat -ano | findstr 6004
      TCP    0.0.0.0:6004           0.0.0.0:0              LISTENING       572
      TCP    [::]:6004              [::]:0                 LISTENING       572


    C:\>nslookup srvexch2.net.local
    Name:    srvexch2.net.local
    Address:  192.168.137.16

    C:\>ping srvexch2.net.local
    Pinging srvexch2.net.local [fe80::5483:3aa8:a731:fa63%10] from fe80::5483:3aa8:a
    731:fa63%10 with 32 bytes of data:
    Reply from fe80::5483:3aa8:a731:fa63%10: time<1ms

    telnet 127.0.0.1 6004
    ncacn_http/1.0

    telnet 192.168.137.16 6004
    ncacn_http/1.0

    telnet ::1 6004
    Return blank screen, and then disconnect

    telnet srvexch2.net.local 6004
    Return blank screen, and then disconnect

    As you can see, DSAccess does not work on IPv6.

    Monday, June 8, 2009 9:25 PM

Answers

  • I was not right, "Do Not Refer HTTP to DSProxy" is working. When I have disabled IPv6 on srvexch2, Outlook 2007 initiate catalog connections to dc1.net.local or to dc2.net.local. But when IPv6 was enabled on srvexch2, Outlook can't initiate catalog connection, and asking login/password again and again.

    But with some investigation, I did make SCR working with Outlook Anywhere. I have found that to disable IPv6, we do not need to add "127.0.0.1 srvexch2" and "127.0.0.1 srvexch2.net.local".
    So I only delete one string from hosts file "::1 localhost". Then I have cleared IPv6 checkbox onm y NIC and add to registry
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters]
    "DisabledComponents"=dword: FFFFFFFF

    After that, ping srvexch2 and ping srvexch2.net.local began to resolve to IPv4. And DSProxy is working. And this not affect SCR functionality. I think that is some workaround.


    How I can report about this bug to Microsoft? Microsoft think that problem was resolved by Rollup4, may be now mad.exe is listening on IPv6, but not responding. Mad.exe accept connections on port 6004 only by IPv4 protocol.
    • Marked as answer by Mike Shen Thursday, June 25, 2009 2:04 AM
    Sunday, June 21, 2009 1:06 PM

All replies

  • Hi Sergey,

     

    As you already known, the IPv6 issue for Exchange 2007 Outlook Anywhere is already been fixed in RU4. From your netstat result, I think the RU4 has already been applied as the IPv6 Address for 6004 port is listened.

     

    I think our current is not able to connect to 6004 port through IPv6. Please attempt following method to troubleshoot the issue:

     

    1. At this time, I suggest you run tasklist |findstr 572 command on mailbox server to check whether the correct process is listening the port. You should get mad.exe.

     

    2. In addition, from another thread you submitted regarding SCR, I notice that you have two Exchange Server installed. I would like to know whether both the two servers have CAS server and Mailbox server role installed. If yes, whether both the two CAS server has Outlook Anywhere enabled. Please also let me know whether GC installed on the Exchange Mailbox Server.

     

    3. I also suggest you run RPCPing tool on the CAS server which has Outlook where enabled to test connection to the 6004 port. If any error is encountered, please post the result here.

     

    RpcPing –t ncacn_http –s ExchangeMBXServer –o RpcProxy=RpcProxyServer –P “user,domain,password” –I “user,domain,password” –H 1 –F 3 –a connect –u 10 –v 3 –e 6004

     

    For your reference:

     

    How to use the RPC Ping utility to troubleshoot connectivity issues with the Exchange over the Internet feature in Outlook 2007 and in Outlook 2003

    http://support.microsoft.com/kb/831051

     

    Mike

    Wednesday, June 10, 2009 9:00 AM
  • 1. C:\>tasklist | findstr 572
    mmc.exe                       3572 Console                    1     99 460 K
    mad.exe                        572 Services                   0     18 832 K

    2. Yes I have two Exchange Server 2007 with CAS,MailBox,HUB and UM roles intalled. They are both installed in the one site. This site also have two separate domain controllers installed on Windows 2008 sp2, both of them are GC. Outlook Anywhere Enabled on both Exchange Servers, and I have the same problem.

    3. In my local network mail.esn.net.ru = srvexch2
    From SRVEXCH2:
    rpcping -t ncacn_http -s srvexch2.net.local -o RpcProxy=mail.esn.net.ru -P "erin,net,*" -I "erin,net,*" -H 2 -u 10 -a connect -F 3 -v 3 -E -R none
    RPCPing v2.12. Copyright (C) Microsoft Corporation, 2002
    OS Version is: 6.0, Service Pack 2

    RPCPinging proxy server mail.esn.net.ru with Echo Request Packet
    Sending ping to server
    Response from server received: 401
    Client is not authorized to ping RPC proxy
    Ping failed.

    From remote WindowsXP thru Interet:
    rpcping -t ncacn_http -s srvexch2.net.local -o RpcProxy=mail.esn.net.ru -P "erin,net,*" -I "erin,net,*" -H 2 -u 10 -a connect -F 3 -v 3 -E -R none
    RPCPing v2.12. Copyright (C) Microsoft Corporation, 2002
    OS Version is: 5.1, Service Pack 3

    RPCPinging proxy server mail.esn.net.ru with Echo Request Packet
    Sending ping to server
    Response from server received: 200
    Pinging successfully completed in 468 ms

    From all locations:
    rpcping -t ncacn_http -o RpcProxy=mail.esn.net.ru -P "erin,net,*" -H 1 -F 3 -a connect -u 9 -v 3 -s srvexch2.net.local -I "erin,net,*" -e 6004
    Exception 5 (0x00000005)

    Wednesday, June 10, 2009 10:04 PM
  • Hi Sergey,

     

    Thanks for your response.

     

    I am currently investigating on the issue and will update to you if any further information is found.

     

    At this time, please ensure the following services have been started on the Exchange Server:

     

    -IKE and AUTHIP

    -ipsec policy agent

    -Base filtering Engine

    -Windows firewall

     

    Regarding the error 0x00000005 when attempting to ping 6004 port, please let me know whether the NTLM authentication or Basic Authentication is enabled for Outlook Anywhere. If NTLM authentication is enabled, please run following command to test the result:

     

    RpcPing –t ncacn_http –s srvexch2.net.local –o RpcProxy=mail.esn.net.ru –P “user,domain,password” –I “user,domain,password” –H 2 –F 3 –a connect –u 10 –v 3 –e 6004

     

    Mike

    Thursday, June 11, 2009 10:43 AM
  • 1) Yes, all services are started on both of my Exchange Servers 2007.
    2) Otlook Anywhere enabled on all servers to use NTLM authentication.
    Get-OutlookAnywhere | fl

    ServerName                 : SRVEXCH
    SSLOffloading              : False
    ExternalHostname           : mail.esn.net.ru
    ClientAuthenticationMethod : Ntlm
    IISAuthenticationMethods   : {Ntlm}
    MetabasePath               : IIS://srvexch.net.local/W3SVC/1/ROOT/Rpc
    Path                       : C:\Windows\System32\RpcProxy
    Server                     : SRVEXCH
    AdminDisplayName           :
    ExchangeVersion            : 0.1 (8.0.535.0)
    Name                       : srvexch
    DistinguishedName          : CN=srvexch,CN=HTTP,CN=Protocols,CN=SRVEXCH,CN=Servers,CN=Exchange Administrative Group (FY
                                 DIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Ser
                                 vices,CN=Configuration,DC=net,DC=local
    Identity                   : SRVEXCH\srvexch
    Guid                       : cdaff79d-3c66-498c-a257-ef4a21af7282
    ObjectCategory             : net.local/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
    ObjectClass                : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
    WhenChanged                : 12.02.2009 22:54:08
    WhenCreated                : 04.02.2009 0:23:13
    OriginatingServer          : dc1.net.local
    IsValid                    : True

    3. For the experiment, I have disabled IPv6 on SRVEXCH and enable it on SRVEXCH2.

    When I publish srvexch (with ipv6 disabled), and run RPCPING from remote PC, I get

    RpcPing -t ncacn_http -s srvexch.net.local -o RpcProxy=mail.esn.net.ru -P "erin,net,*"  -I "erin,net,*" -H 2 -F 3 -a connect -u 10 -v 3 -e 6004
    RPCPing v2.12. Copyright (C) Microsoft Corporation, 2002
    OS Version is: 5.1, Service Pack 3
    Completed 1 calls in 1041 ms
    0 T/S or 1041.000 ms/T

    RpcPing -t ncacn_http -s srvexch2.net.local -o RpcProxy=mail.esn.net.ru -P "erin,net,*"  -I "erin,net,*" -H 2 -F 3 -a connect -u 10 -v 3 -e 6004
    RPCPing v2.12. Copyright (C) Microsoft Corporation, 2002
    OS Version is: 5.1, Service Pack 3
    Completed 1 calls in 2023 ms
    0 T/S or 2023.000 ms/T


    When I publish srvexch2 (with ipv6 enabled), and run RPCPING from remote PC, I get:

    RpcPing -t ncacn_http -s srvexch.net.local -o RpcProxy=mail.esn.net.ru -P "erin,net,*"  -I "erin,net,*" -H 2 -F 3 -a connect -u 10 -v 3 -e 6004
    RPCPing v2.12. Copyright (C) Microsoft Corporation, 2002
    OS Version is: 5.1, Service Pack 3
    Completed 1 calls in 1252 ms
    0 T/S or 1252.000 ms/T

    RpcPing -t ncacn_http -s srvexch2.net.local -o RpcProxy=mail.esn.net.ru -P "erin,net,*"  -I "erin,net,*" -H 2 -F 3 -a connect -u 10 -v 3 -e 6004
    RPCPing v2.12. Copyright (C) Microsoft Corporation, 2002
    OS Version is: 5.1, Service Pack 3

    Exception 1722 (0x000006BA)

    On srvexch2:
    netstat -ano | findstr 6004
      TCP    0.0.0.0:6004           0.0.0.0:0              LISTENING       572
      TCP    192.168.137.16:13351   192.168.137.11:6004    ESTABLISHED     5124
      TCP    192.168.137.16:13352   192.168.137.11:6004    ESTABLISHED     5124
      TCP    [::]:6004              [::]:0                 LISTENING       572

    As I have wrote before, on SRVEXCH2:
    telnet 127.0.0.1 6004
    telnet 192.168.137.16 6004
    I get: ncacn_http/1.0

    telnet ::1 6004
    telnet [fe80::5483:3aa8:a731:fa63%10] 6004
    I get blank screen, and disconnect.

    When I get Access Denied, may be it was error with certificate.

    Sunday, June 14, 2009 10:26 PM
  • Hi Sergey,

     

    Firstly, I am sorry for delay in response.

     

    After some further research regarding the issue, I suggest you can use following workaround to solve the issue without adding hosts file which affect SCR function:

     

    1.On the Mailbox servers: a DWORD entry needs to be created on each Mailbox server named "Do Not Refer HTTP to DSProxy" at HKLM\System\CCS\Services\MSExchangeSA\Parameters\ and the value set to 1

    2. On CAS server, set following registry keys:

     

    a. The ValidPorts setting at HKLM\Software\Microsoft\RPC\RPCProxy needs setting so that the entries referring to 6004 point to DC servers in addition to the mailbox server.

    b. The PeriodicPollingMinutes key at HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeServiceHost\RpcHttpConfigurator\ needs setting to zero to prevent RpcHttpConfigurator from updating the Valid Ports key automatically.

     

    3.On the Global Catalog servers: a REG_MULTI_SZ  entry needs to be created on each GC named NSPI interface protocol sequences at HKLM\System\CCS\Services\NTDS\Parameters\ and the value set to ncacn_http:6004. After that, please restart the GC.

     

    For more information, you can refer to following article:

     

    How does Outlook Anywhere work (and not work)?

    http://msexchangeteam.com/archive/2008/06/20/449053.aspx

     

    Mike

    Thursday, June 18, 2009 2:18 AM
  • Hi Mike.
    I try to make all steps that you write, but it does not help for me.
    I have added:
    On srvexch and srvexch2:

    HKEY_LOCAL_MACHINE\System\CCS\Services\MSExchangeSA\Parameters\
    "Do Not Refer HTTP to DSProxy"=dword:00000001

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy]
    "ValidPorts"="SRVEXCH:6001-6002;srvexch.net.local:6001-6002;SRVEXCH2:6001-6002;srvexch2.net.local:6001-6002;SRVEXCH:6004;srvexch.net.local:6004;SRVEXCH2:6004;srvexch2.net.local:6004;DC1:6004;dc1.net.local:6004;DC2:6004;dc2.net.local:6004"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeServiceHost\RpcHttpConfigurator]
    "PeriodicPollingMinutes"=dword:00000000

    On DC1 and DC2:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters]
    "NSPI interface protocol sequences"=hex(7):6e,00,63,00,61,00,63,00,6e,00,5f,00,\
      68,00,74,00,74,00,70,00,3a,00,36,00,30,00,30,00,34,00,00,00,00,00
    (ncacn_http:6004)

    Also on srvexch and srvexch2 I have tryed this option:
    "NSPI Target Server"=hex(7):64,00,63,00,31,00,2e,00,6e,00,65,00,74,00,2e,00,6c,\
      00,6f,00,63,00,61,00,6c,00,00,00,00,00
    (dc1.net.local)

    All servers was rebooted.

    telnet dc1 6004 return:
    ncacn_http/1.0

    I have published srvexch2 (443 port directly):

    From remote machine Windows XP sp3:

    RpcPing -t ncacn_http -s srvexch2.net.local -o RpcProxy=mail.esn.net.ru -P "erin,net,*"  -I "erin,net,*" -H 2 -F 3 -a connect -u 10 -v 3 -e 6004
    RPCPing v2.12. Copyright (C) Microsoft Corporation, 2002
    OS Version is: 5.1, Service Pack 3

    Exception 1722 (0x000006BA)


    RpcPing -t ncacn_http -s srvexch.net.local -o RpcProxy=mail.esn.net.ru -P "erin,net,*"  -I "erin,net,*" -H 2 -F 3 -a connect -u 10 -v 3 -e 6004
    RPCPing v2.12. Copyright (C) Microsoft Corporation, 2002
    OS Version is: 5.1, Service Pack 3
    Completed 1 calls in 1672 ms
    0 T/S or 1672.000 ms/T

    Outlook 2007 for users on srvexch working properly. But not for users on srvexch2.

    I think, by some reasons Exchange ignoring Do Not Refer HTTP to DSProxy = 1, and does not proxing queryes to DC1 or DC2.

    Sunday, June 21, 2009 12:55 AM
  • I was not right, "Do Not Refer HTTP to DSProxy" is working. When I have disabled IPv6 on srvexch2, Outlook 2007 initiate catalog connections to dc1.net.local or to dc2.net.local. But when IPv6 was enabled on srvexch2, Outlook can't initiate catalog connection, and asking login/password again and again.

    But with some investigation, I did make SCR working with Outlook Anywhere. I have found that to disable IPv6, we do not need to add "127.0.0.1 srvexch2" and "127.0.0.1 srvexch2.net.local".
    So I only delete one string from hosts file "::1 localhost". Then I have cleared IPv6 checkbox onm y NIC and add to registry
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters]
    "DisabledComponents"=dword: FFFFFFFF

    After that, ping srvexch2 and ping srvexch2.net.local began to resolve to IPv4. And DSProxy is working. And this not affect SCR functionality. I think that is some workaround.


    How I can report about this bug to Microsoft? Microsoft think that problem was resolved by Rollup4, may be now mad.exe is listening on IPv6, but not responding. Mad.exe accept connections on port 6004 only by IPv4 protocol.
    • Marked as answer by Mike Shen Thursday, June 25, 2009 2:04 AM
    Sunday, June 21, 2009 1:06 PM
  • Hi Sergey,

     

    Thanks for your response.

     

    I am glad to know that you are able to find a workaround regarding the issue to have Outlook Anywhere works without affecting the SCR function.

     

    Regarding submit a bug, I recommend that you submit a case to Microsoft CSS for assistance. They will help identify whether it is a bug (as I cannot find similar bug in our internal database).

     

    To obtain the phone numbers for specific technology request please take a look at the web site listed below:

    http://support.microsoft.com/default.aspx?scid=fh;EN-US;PHONENUMBERS

     

    If you are outside the US please see http://support.microsoft.com for regional support phone numbers.

     

    Mike

    Monday, June 22, 2009 3:17 AM