Discussion:
Exchange 2007 Outlook anywhere not work with SSL cert.
(too old to reply)
waynekkw2
2008-01-10 08:10:03 UTC
Permalink
Dear Microsoft Support,
We currently install new Single exchnage server 2007, and import SSL cert.
for IIS.
We found Outlook anywhere not working, but rpcping test is successfully.

Is that problem related to type of SSL cert.?
I have send mail to Comodo, they reply that Exchange 2007 need "Unified
Communications Certificates" and prices is bouble of SSL web server.

But we now only using SSL cert for IIS server, and that cert is OK for RPC
proxy exchange 2003.

Is there any configuration problem? or wrong type of SSL cert.?
v***@prcvap.microsoft.com
2008-01-10 08:37:01 UTC
Permalink
waynekkw2
2008-01-10 09:24:01 UTC
Permalink
Hi rocwan,
I am using SSL cert signed by Comodo for 90 days testing, I have tested that
type of certifies working fine at Exchange 2003 RPC proxy.

Here is me OWA link
https://mail.superiorfastening.com/owa

When I configure outlook 2003 or 2007 client to server outside the
firewall, its always timeout.

I run resoure Kit RPCPing utility to test outside from firewall, it was
successfully.
here is result:
C:\Program Files\Windows Resource Kits\Tools>rpcping -t ncacn_http -s
mail.super
iorfastening.com -o rpcproxy=mail.superiorfastening.com -P "XXXX,XXXX,XXXXX"
-H 1 -F 3 -a connect -u 10 -v 3 -e 6001
RPCPing v2.12. Copyright (C) Microsoft Corporation, 2002
OS Version is: 5.1, Service Pack 2
Completed 1 calls in 578 ms
1 T/S or 578.000 ms/T

Sorry, I don't how to post screen shot, how to do it?

best regards..
1.Is the certificate for IIS a third party certificate or the default self-signed certificate that is available in Exchange 2007 Setup?
2.Please send the screenshot of the error to the newsgroup for further research.
Unlike Microsoft Office Outlook Web Access and Exchange ActiveSync, the default self-signed certificate that is available in Exchange 2007 Setup will not work with Outlook 2007 and Outlook 2003 clients that are using Outlook Anywhere. Instead, you must use a valid SSL certificate that is created by a certification authority (CA) that is trusted by the client computer's operating system.
How to Obtain a Server Certificate from a Certification Authority
http://technet.microsoft.com/en-us/library/bb125165.aspx
Hope this helps. If you have any question, please feel free to let me know.
Best Regards,
Rock Wang
Microsoft Online Support
Microsoft Global Technical Support Center
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please “Reply to Group” via your newsreader so that others may learn and benefit from your issue.
=====================================================
This posting is provided “AS IS” with no warranties, and confers no rights
v***@prcvap.microsoft.com
2008-01-11 08:59:52 UTC
Permalink
v***@prcvap.microsoft.com
2008-01-14 10:20:44 UTC
Permalink
v***@prcvap.microsoft.com
2008-01-15 09:39:46 UTC
Permalink
v***@prcvap.microsoft.com
2008-01-17 06:02:11 UTC
Permalink
waynekkw2
2008-01-18 06:40:35 UTC
Permalink
Dears,

Here rpcping results:
-------------------------------------------------
RPCPing v2.12. Copyright (C) Microsoft Corporation, 2002
OS Version is: 5.1, Service Pack 2

RPCPinging proxy server mail.superiorfastening.com with Echo Request Packet
Sending ping to server
Response from server received: 401
Client is not authorized to ping RPC proxy
Ping failed.
------------------------------------------------------

When I access https://localhost/RPC or https://localhost/rpc/rpcproxy.dll
, after 3 time login, the result is
----------------
Access is denied
----------------

best regard,
From your outlook anywhere log file, the settings seem to be right.
I noticed you mentioned, ¡°When I configure outlook 2003 or 2007 client to
server outside the firewall, it¡¯s always timeout¡±, please double check
the settings of the firewall is correct, I would like you to do the
1.Disable the firewall,
2.Check the effect.
3.run the following command, and send screenshot of the result to the
newsgroup,
rpcping -t ncacn_http -s ExchServer -o RpcProxy=RPCProxyServer -P
"user,domain,*" -I "user,domain,*"-H 2 -u 10 -a connect -F 3 -v 3 -E -R
none
For more information about how to use RPC Ping utility, please refer to
How to use the RPC Ping utility to troubleshoot connectivity issues with
the Exchange over the Internet feature in Outlook 2007 and in Outlook 2003
http://support.microsoft.com/kb/831051/en-us
1.Open Outlook 2003, click tools, select e-mail accounts, select view or
change existing e-mail accounts, click next,
2.Select the problematic account with Exchange type, click change, and
then click more settings, click connections, send the screenshot of it to
the newsgroup,
3.Then click Exchange proxy settings, send the screenshot of it to the
newsgroup,
4.Browse https://localhost/RPC in IE, and send the screenshot of the
result to the newsgroup,
5.Browse https://localhost/rpc/rpcproxy.dll. and send the screenshot of
the result to the newsgroup,
Thanks for cooperation.
Best Regards,
Rock Wang
Microsoft Online Support
Microsoft Global Technical Support Center
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please ¡°Reply to Group¡± via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided ¡°AS IS¡± with no warranties, and confers no
rights.
v***@prcvap.microsoft.com
2008-01-18 08:15:32 UTC
Permalink
waynekkw2
2008-01-18 10:03:32 UTC
Permalink
Dears,

My user name is password is OK, I can login both owa or MAPI.
My complete RPCpring command as following:
----------------------------------------------------------------------------------------------------------
rpcping -t ncacn_http -s mail.superiorfastening.com -o
RpcProxy=mail.superiorfastening.com -P "wayne,superiorfastening.com,*" -I
"wayne,superiorfastening.com,*" -H 2 -u 10 -a connect -F 3 -v 3 -E -R none
RPCPing v2.12. Copyright (C) Microsoft Corporation, 2002
OS Version is: 5.1, Service Pack 2

RPCPinging proxy server mail.superiorfastening.com with Echo Request Packet
Sending ping to server
Response from server received: 401
Client is not authorized to ping RPC proxy
Ping failed.
-----------------------------------------------------------------------------------

I also success rpcping with "-H 1 -F 3 -a connect -u 10 -v 3 -e 6001"
The compelete test rpcping as following:
----------------------------------------------------------------------------------------------------------
rpcping -t ncacn_http -s mail.superiorfastening.com -o
RpcProxy=mail.superiorfastening.com -P "wayne,superiorfastening.com,*" -I
"wayne,superiorfastening.com,*" -H 1 -F 3 -a connect -u 10 -v 3 -e 6001

RPCPing v2.12. Copyright (C) Microsoft Corporation, 2002
OS Version is: 5.1, Service Pack 2
Completed 1 calls in 594 ms
1 T/S or 594.000 ms/T
----------------------------------------------------------------------------------------------------------

What is the problem?
¡°Response from server received: 401
Client is not authorized to ping RPC proxy
Ping failed¡±
You receive this response if the RPC Ping Utility test failed. The PRC
Ping Utility test may have failed if HTTP access is denied, if there are
incorrect credentials on the šCP switch, or if the user exits.
In order to better troubleshoot the issue, I want to confirm the following
1.Check the user name and password are correct,
2.Check the the rpc virutal directory authentication, make sure basic
authentication is enabled only,
3.Use the same account log onto Outlook via MAPI in internal network,
check the effect.
4.Please send the screenshot of the complete rpcping command to the
newsgroup for further research,
Thanks for cooperation.
Thanks.
Best Regards,
Rock Wang
Microsoft Online Support
Microsoft Global Technical Support Center
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please ¡°Reply to Group¡± via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided ¡°AS IS¡± with no warranties, and confers no
rights.
v***@prcvap.microsoft.com
2008-01-20 09:20:18 UTC
Permalink
waynekkw2
2008-01-21 02:34:13 UTC
Permalink
Dears,
Of course I run RPC ping utility outside the firewall, I use zyxel firewall
and use port forward only.

I also check rpc authenication, IIS setting is OK.

best regards,

wayne
In order to better troubleshoot the issue, please provide me with the
1.Is there any firewall between your Outlook client and Exchange 2007
server when you run RPC Ping utility?
Also, please make sure that the authentication method for the RPC virtual
directory only basic authentication; you can follow the steps below to
1.Click Start, point to All Programs, point to Administrative Tools, and
then click Internet Information Services (IIS) Manager.
2.In Internet Information Services (IIS) Manager, in the console tree,
expand the server you want, and then expand Web Sites.
3.Expand Default Web Site, right-click the RPC virtual directory, and then
click Properties.
4.In the RPC Virtual Directory Properties page, on the Directory Security
tab, in the Authentication and access control pane, click Edit.
5.In the Authentication Methods window, verify that the check box next to
Enable anonymous access is cleared.
6.In the Authentication Methods window, under Authenticated access, select
the check box next to Basic authentication (password is sent in clear
text) and click OK. And only allow basic access there.
7.Restart IIS by run the following command, and check the effect.
iisreset /noforce
Hope this helps.
Best Regards,
Rock Wang
Microsoft Online Support
Microsoft Global Technical Support Center
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please ¡°Reply to Group¡± via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided ¡°AS IS¡± with no warranties, and confers no
rights.
waynekkw2
2008-01-21 03:32:27 UTC
Permalink
Dears,
I read details of RPC ping utility, there was something with authenicated
options:
My RPC setting is Basic, but test option is -H -2 ( NTLM), after I change
the option. the RPC ping test is OK, but I still cannot connect
outlookanywhere.

Here is cmd line:
---------------------------------------------------------------------------------------------------------------------------------
rpcping -t ncacn_http -s mail.superiorfastening.com -o
RpcProxy=mail.superiorfastening.com -P "administrator,superi
orfastening.com,*" -I "administrator,superiorfastening.com,*" -H 1 -F 3 -u
10 -a connect -F 3 -v 3 -E -R none
RPCPing v2.12. Copyright (C) Microsoft Corporation, 2002
OS Version is: 5.1, Service Pack 2

RPCPinging proxy server mail.superiorfastening.com with Echo Request Packet
Sending ping to server
Response from server received: 200
Pinging successfully completed in 359 ms

rpcping -t ncacn_http -s mail.superiorfastening.com -o
RpcProxy=mail.superiorfastening.com -P "administrator,superi
orfastening.com,*" -I "administrator,superiorfastening.com,*" -H 1 -F 2 -u
10 -a connect -F 3 -v 3 -E -R none
RPCPing v2.12. Copyright (C) Microsoft Corporation, 2002
OS Version is: 5.1, Service Pack 2

RPCPinging proxy server mail.superiorfastening.com with Echo Request Packet
Sending ping to server
Response from server received: 200
Pinging successfully completed in 2625 ms
----------------------------------------------------------------------------------------------------------------------------
As show above, both basic authenication with SSL or basic authenication
without SSL is OK
Post by waynekkw2
Dears,
Of course I run RPC ping utility outside the firewall, I use zyxel
firewall and use port forward only.
I also check rpc authenication, IIS setting is OK.
best regards,
wayne
In order to better troubleshoot the issue, please provide me with the
1.Is there any firewall between your Outlook client and Exchange 2007
server when you run RPC Ping utility?
Also, please make sure that the authentication method for the RPC virtual
directory only basic authentication; you can follow the steps below to
1.Click Start, point to All Programs, point to Administrative Tools, and
then click Internet Information Services (IIS) Manager.
2.In Internet Information Services (IIS) Manager, in the console tree,
expand the server you want, and then expand Web Sites.
3.Expand Default Web Site, right-click the RPC virtual directory, and
then click Properties.
4.In the RPC Virtual Directory Properties page, on the Directory Security
tab, in the Authentication and access control pane, click Edit.
5.In the Authentication Methods window, verify that the check box next to
Enable anonymous access is cleared.
6.In the Authentication Methods window, under Authenticated access,
select the check box next to Basic authentication (password is sent in
clear text) and click OK. And only allow basic access there.
7.Restart IIS by run the following command, and check the effect.
iisreset /noforce
Hope this helps.
Best Regards,
Rock Wang
Microsoft Online Support
Microsoft Global Technical Support Center
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please ¡°Reply to Group¡± via your newsreader
so that others may learn and benefit from your issue.
=====================================================
This posting is provided ¡°AS IS¡± with no warranties, and confers no
rights.
v***@prcvap.microsoft.com
2008-01-22 06:57:48 UTC
Permalink
v***@prcvap.microsoft.com
2008-01-24 04:45:41 UTC
Permalink
v***@prcvap.microsoft.com
2008-01-25 12:55:28 UTC
Permalink
Loading...