none
Exchange Proxy Setting in Outlook - SSL option

    Question

  • I am having an issue with my Outlook clients using Outlook Anywhere from outside the office. I had to renew my SSL cert and change to FQDN on my serves. All internal Outlook clients, Outlook Web App, Autodiscovery, and Active-sync devices are fine with the new name changes but now I notice that 'Connect using SSL only' is not checked anymore in Outlook's Exchange Proxy Setting. I can turn it on and than Outlook will work until I shut it down and than I have to add it back again so I know the servers and removing it.

    I am not sure off hand how to add it back in. Since I don't allow HTTP to the Exchange server from outside world. Any help would be great.

    Wednesday, September 30, 2015 10:30 PM

All replies

  • I am having an issue with my Outlook clients using Outlook Anywhere from outside the office. I had to renew my SSL cert and change to FQDN on my serves. All internal Outlook clients, Outlook Web App, Autodiscovery, and Active-sync devices are fine with the new name changes but now I notice that 'Connect using SSL only' is not checked anymore in Outlook's Exchange Proxy Setting. I can turn it on and than Outlook will work until I shut it down and than I have to add it back again so I know the servers and removing it.

    I am not sure off hand how to add it back in. Since I don't allow HTTP to the Exchange server from outside world. Any help would be great.

    What is set for get-outlookanywhere |FL *SSL* on the Servers external users connect to? Are you requiring it with ExternalClientsRequireSsl ?


    Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    Wednesday, September 30, 2015 11:09 PM
  • ExternalClientsRequireSSL:True
    Thursday, October 1, 2015 12:37 AM
  • ExternalClientsRequireSSL:True

    How about for InternalCLientsRequireSSL and is the external and internal hostnames for Outlook Anywhere the same?

    Also, with Outlook open hold down the control key and right click the Outlook icon in the far right tray and test Email Configuration. Copy and paste the xml results to a text editor and see if you haven entries like:

    <Type>EXHTTP</Type>
            <Server>yourserver.contoso.com</Server>
            <SSL>On</SSL> 


    Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    Thursday, October 1, 2015 1:12 AM
  • InternalClientsRequireSSL:Flase . The Internal and External host names are the same.

    I see 2 entries under Protocols. I have it both ways with <SSL>On</SSL>  and <SSL>Off</SSL>

    Thursday, October 1, 2015 3:17 AM
  • Hi,

    Please confirm whether the issue happens to all users or specific users to narrow the issue to client side or server side. 

    You can run the following command to check your OA settings on Exchange server:

    Get-OutlookAnywhere | fl Identity,*host*,*auth*

    Regards,

    David

    Thursday, October 1, 2015 3:18 AM
    Moderator
  • Everything runs fine when you are internal. It only has issues when you are external. It does it to everyone. I can get Outlook to work externally by putting the check mark to use SSL in Outlook Proxy settings but it goes away after you close Outlook.

    Running the command the settings are the same..Same FQDN for Internal and External and same Auth for both NTLM

    Thursday, October 1, 2015 3:24 AM
  • Everything runs fine when you are internal. It only has issues when you are external. It does it to everyone. I can get Outlook to work externally by putting the check mark to use SSL in Outlook Proxy settings but it goes away after you close Outlook.

    Running the command the settings are the same..Same FQDN for Internal and External and same Auth for both NTLM

    Set internal to requireSSL. When you use the same hostname for both internal and external Outlook Anywhere, the external Outlook clients are actually using the internalhostname for auth.


    Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    Thursday, October 1, 2015 11:52 AM
  • So when I change Internal and External to both use SSL is that when the Outlook Proxy Settings will change in Outlook client? I just to make sure I don't break all the Internal people also if Outlook won't change the Proxy Setting how do I go about doing that?
    Thursday, October 1, 2015 1:16 PM
  • So when I change Internal and External to both use SSL is that when the Outlook Proxy Settings will change in Outlook client? I just to make sure I don't break all the Internal people also if Outlook won't change the Proxy Setting how do I go about doing that?

    It shoudnt, but wait for after business hours to set and test. Once changed, give it some time for autodiscover to pick it up. Re-opening Outlook can kick that in.

    You have NTLM for both internal and external auth? That should be fine. I assume for IISAuth settings, you have

    Basic, NTLM, Negotiate.

    I assume that Outlook users have no SSL set either right now yes?

    The proxy settings will be set by autodiscover once you set on Outlook Anywhere.


    Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    Thursday, October 1, 2015 1:23 PM
  • NTLM is setup for both internal and external. I have never changed any of IISAuth settings. Just looking in the IIS manager under Default Web Site for Autodiscover I see Basic and Windows Auth(NTLM).

    Correct SSL is not set for the Internal Outlook users. Checking the Proxy settings SSL is not on.

    Thursday, October 1, 2015 4:58 PM
  • NTLM is setup for both internal and external. I have never changed any of IISAuth settings. Just looking in the IIS manager under Default Web Site for Autodiscover I see Basic and Windows Auth(NTLM).

    Correct SSL is not set for the Internal Outlook users. Checking the Proxy settings SSL is not on.

    Ok, get-outlookanywhere |FL will show all the settings including the IIS Auth.

    So once you set that RequireSSL to $true for internal, then it should start showing that box checked in Outlook for the proxy settings. Like I said, wait till off-hours or the weekend, set it and then test.


    Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    Thursday, October 1, 2015 5:06 PM
  • IIS Auth is just NTLM..
    Thursday, October 1, 2015 6:14 PM
  • IIS Auth is just NTLM..

    Ok, thats fine. You are using NTLM. If you decide to use basic or kerberos, you will need to change that, but for now its ok.


    Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.


    Thursday, October 1, 2015 6:28 PM
  • I am assuming I have to use the shell commands to add back in the SSL option?
    Thursday, October 1, 2015 7:01 PM
  • I am assuming I have to use the shell commands to add back in the SSL option?

    yes.

    set-outlookanywhere etc...


    Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    Thursday, October 1, 2015 7:27 PM
  • thank you for your help. I just made the changes and I see the proper settings now for SSL in Outlook. I will try a laptop out of the office and see if I am all ok now..
    Thursday, October 1, 2015 11:13 PM