locked
Exchange outlook anywhere RRS feed

  • Question

  • Hi all,

    Im having current situation one Exchange server 2010 in front is TMG 2010 doing only routing clients, in front of TMG there is firewall that has public IP-s, configuration inherited from former system admins.

    On TMG there are 3 rules, Active sync rule (basica authentication) outlook anywhere rule (basic authentication) and OWA rule(basica authentication), one SSL listener (configured with HTML authentication).

    The company did not have outlook Anywhere enabled (i dont know why), so what i wanted is to enable outlook aynwhere, i have setup  RPC and RPCWITHCERT virtual directories, enabled outllok anywher on server (basic authentication).

    (important: before 2 weeks we had issue regarding IIS, while trying to integrate skype for bussines in could with exchange company that is doing that tried recreating ews, and it worked but we had issues regarding OOF and Free/busy time, after that they recreated whole IIS default web site, also did not worked until i enabled Kerberos authentication)

    Now issue that i have is that outlook anywhere is not working, on connectivity test i get:

    Attempting to ping RPC proxy mail.dungs.com.
      RPC Proxy can't be pinged.
     
     Additional Details
      An unexpected network-level exception was encountered. Exception details:
    Message: Der Remoteserver hat einen Fehler zurückgegeben: (405) Unzulässige Methode.
    Type: Microsoft.Exchange.Tools.ExRca.Extensions.MapiTransportException
    Stack trace:
     bei Microsoft.Exchange.Tools.ExRca.Extensions.MapiRpcTestClient.PingProtocolProxy(String endpointIdentifier)
     bei Microsoft.Exchange.Tools.ExRca.Tests.MapiPingProxyTest.PerformTestReally()
    Exception details:
    Message: Der Remoteserver hat einen Fehler zurückgegeben: (405) Unzulässige Methode.
    Type: System.Net.WebException
    Stack trace:
     bei System.Net.HttpWebRequest.GetResponse()
     bei RpcPingLib.RpcPing.PingProxy(String internalServerFqdn, String endpoint)
     bei Microsoft.Exchange.Tools.ExRca.Extensions.MapiRpcTestClient.PingProtocolProxy(String endpointIdentifier)

    SSL listenere is now currently configured with html form authentication, i have tried with basica authentication too and its same error.

    TMG rule test gives all green.

    Did anyone had this issue? Appreciated any help.

    Friday, March 17, 2017 7:24 AM

All replies

  • To set up OA on TMG, you need a separate listener from the one used by OWA and ActiveSync (which also means you need an additional IP address to listen on, of course).  In your configuration, it's also simplest to have separate external DNS names for OA and OWA.  This also means that your external firewall needs to send traffic bound for the OWA name to one IP address and the OA to the other one.  So if mail.company.com goes to OWA, outlook.company.com would go to OA.

    And now for the possible bad news - I have run into (many) firewalls that can't segment traffic in the manner I just noted - they can't differentiate one connection on port 443 from another.  If this is the case in your environment, you are going to have a hard time getting traffic split between two TMG listeners.


    Will Martin ...
    -join ('77696c6c406d617274696e2d66616d696c6965732e6f7267' -split '(?<=\G.{2})' | ? { $_ } | % { [char][int]"0x$_" })

    Friday, March 17, 2017 1:02 PM