On of our clients can not connect to Exchange 2010 over VPN
- Client: Outlook 2010 / Server Exchange 2010 all roles installed on 1 server.
- Other Clients does not have this problem
Tests already performed:
- ping ip / dns name / fqdn exchange server works
- telnet 25 ip / dns name / fqdn exchange server works
- new profile added, name can not be resolved.
Any other ideas how to solve this?
How you configured the outlook profile? is that outlook profile configured using Auto Discover and now its throwing error?
or w hile configure the outlook profile manually, you are getting this error?
If you get this error while configuring the outlook profile manually. on the server page, enter the fully qualified domain name "exchange2010.domainname.com" as he server name and try to configure the profile.
Also try to check by entering the user account which got configured on other machine. if it is configuring properly then there is some problem in this account. for the which is not configuring, check whether the account is set to hide from address list in exchange server
Inform if any issue
Configuring a new profile with FQDN doesn't help client keeps complaining about the name cannot be resolved, while the client connected over vpn can ping the name and FQDN of the server.
Configuring the mailbox on another device works smoothly, so problem in client install related.
I think I will reinstall outlook my last resort
No DNS issues, no hidden accounts, profile recreated ...
Here is my understanding of your issue: users connect to Exchange 2010 without any issues within company network. When a user tries through VPN outside the company, the client cannot connect.
Can you tell what VPN the client is using? PPTP? SSL-VPN? or something else... Is the DHCP IP you get when connect through VPN in the same subnet as your Exchange server? If not, it is very likely a firewall issue.
You mentioned you have tested port 25 with Telnet. Have you tried other ports with Telnet? The ports you need to have open are listed in this document. http://technet.microsoft.com/en-us/library/bb331973.aspx The one Outlook uses is RPC (TCP 135)
You can quickly test the port by a command like below:
telnet contoso-cas01 135
If you get a black screen with a cursor, this means the port is open. If the command returns "Could not connect to hsot on port 135" then you got a firewall between your Exchange server and client. You need to check the firewall and open the ports.
If outlook anywhere is enabled on your exchange server, please configure the outlook to connect the exchange server by using RPC over HTTP. Please ensure that the 443 or 80 port are be opened for the VPN clients.
By default, outlook use RPC MAPI protocol to connect to exchange server. It required the 135 port and many random port ( (6005-59530) ) to be opened. More information:
Maybe my explanation was not totally correct.
Every user can connect to Exchange over a PPTP VPN, except one user. It's definitely a client problem. I am looking now for a tool to reset the total TCP/IP stack of this client. It seems the client is not able to register his dns name into dns even when I try to force with ipconfig /registerdns.
I now have the same problem for my own on a fresh install of Outlook 2010.
Trying to setup my client over VPN to Exchange 2010
Message The action cannot be completed. The connection to MS Exchange is unavailable. Outlook must be online or connected to complete this action.
I even set the encryption on the Exchange Server to false .... Set-RpcClientAccess –Server myexchangeserver –EncryptionRequired $False
but this doesn't help
Any other ideas ?
In some scenarios this could be a NAT problem. Have seen this issue several times when users from an office location tries to connect to Exchange with VPN. It could help to configure the firewall rules so that the client keeps the original ip-adress and not given an new alternate adress on the firewall backbone interface.
Geir Atle Paulsen
Lead Architect - Infrastructure