Default Outlook Anywhere Connections

Similar Messages

• Troubleshooting for RPC over https (Outlook Anywhere) connection issue

  RPC over https (ROH), well known as Outlook Anywhere, is more frequently used. Even in Exchange 2013, Outlook no longer connects CAS server via MAPI.
  In this thread, we will discuss about the troubleshoot checklist about the RPC over https (Outlook Anywhere) connection issue. In order to make it more logical, I’d like to divide the whole troubleshooting to the following processes:
  1. Client side to CAS side
  2. CAS side to MBX side
  [Issues between Client side to CAS side]
  In Exchange 2013, Outlook Anywhere is enabled by default. Different from this, Outlook Anywhere in Exchange 2007 and 2010 need to be manually enabled. Thus, please firstly check if the RPC over HTTP component has been installed:
  Click Start, and then click Control Panel.
  Double-click Programs and Features.
  In the left pane of Server Manager, click Features.
  In the right pane, click Add Features.
  Check if the RPC over HTTP component has been selected.
  If the ROH connectivity issue only happens on certain users, the property MAPIBlockOutlookRpcHTTP can be checked: 
  Get-CASMailbox  name | fl MAPIBlockOutlookRpcHttp
  2. Confirm if Exchange server is blocked. Ping the Exchange server FQDN on client machine and confirm if it can return the proper IP address.
  3. Check if the RPC Proxy server is responding correctly:
   rpcping -t ncacn_http -s ExchServer -o RpcProxy=RPCProxyServer -P "user,domain,*" -I "user,domain,*" -H 2 -u 10 -a connect -F 3 -v 3 -E -R none
  If 200 code returns, the test is successful.
  4. Check if Outlook Anywhere host names are added in the certificate:
  To get host names, the following command can be used: get-outlookanywhere |fl *hostname
  5. To use the Shell to test Outlook Anywhere connectivity, use the
  Test-OutlookConnectivity cmdlet.
  [Issues between CAS side to Mailbox side][RZ1] 
  A. Check if it can connect to store’s port:
  RpcPing –t ncacn_http –s ExchangeMBXServer -o RpcProxy=RpcProxyServer -P "user,domain,password" -I "user,domain,password" -H 1 –F 3 –a connect –u 10 –v 3 –e 6001
  If it returns as following: Completed 1 calls in 60 ms  16 T/S or 60.000 ms/T, it means the RPC Ping Utility test succeeds.
  B. Check if it can Connect to DsProxy Service:
  RpcPing –t ncacn_http –s ExchangeMBXServer -o RpcProxy=RpcProxyServer -P "user,domain,password" -I "user,domain,password" -H 2 –F 2 –a connect –u 10 –v 3 –e 6004
  If it returns as following: Completed 1 calls in 60 ms  16 T/S or 60.000 ms/T, it means the RPC Ping Utility test succeeds.
  C. Check the following registries:
  [Disable the auto update]
  1).Open Regedit and navigate to:
  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeServiceHost\RpcHttpConfigurator\RpcHttpConfigurator
  2).Set the PeriodicPollingMinutes value to 0.
  [Check the RpcProxy ValidPorts]
  1).On the RPC proxy server, start Registry Editor (Regedit).
  2). In the console tree, locate the following registry key:
  HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy
  3). In the details pane, right-click the ValidPorts subkey, and then click Modify.
  4). In Edit String, in the Value data box, type the following information:
  ExchangeServer :6001-6002; ExchangeServerFQDN :6001-6002; ExchangeServer :6004; ExchangeServerFQDN :6004
  Note:
  ExchangeServer is the NetBIOS name of your Exchange server. ExchangeServerFQDN is the fully qualified domain name (FQDN) of your Exchange server. If the FQDN that is used to access the server from the Internet differs from the internal FQDN, you must use
  the internal FQDN.
  [Check the 6004 port settings in registry]
  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeSA\Parameters
  Value name: HTTP Port
  Value type: REG_DWORD
  Value data: 0x1772 (Decimal 6002)
  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeSA\Parameters
  Value name: Rpc/HTTP NSPI Port
  Value type: REG_DWORD   
  Value data: 0x1774 (Decimal 6004)
  D. Check if the RPC ports are used by other applications instead of Exchange by using : netstat –o
   Then it will return all active TCP connections and the process ID (PID) for each connection.
   After that, please check the application based on the PID on the Processes tab in Windows Task Manager and confirm if it’s Exchange server.
  Additionally, ExRCA is a perfect tool to test the whole connection between client side and Mailbox side:
  https://testconnectivity.microsoft.com/
  1. On the ExRCA website, under Microsoft Office Outlook Connectivity Tests, select Outlook connectivity, and then select Next at the bottom of the page.
  2. Enter the required information on the next screen, including email address, domain and user name, and password.
  3. Choose whether to use Autodiscover to detect server settings or to manually specify server settings.
  4. Accept the disclaimer, enter the verification code, and then select Verify.
  5. Select Perform Test.
  <Resource for reference>
  How does Outlook Anywhere work (and not work):
  http://blogs.technet.com/b/exchange/archive/2008/06/20/3405633.aspx
  How to use the RPC Ping utility to troubleshoot connectivity issues with the Exchange over the Internet feature in Outlook 2007 and in Outlook 2003:
  http://support.microsoft.com/kb/831051
  Test Outlook Anywhere Connectivity:
  http://technet.microsoft.com/en-us/library/ee633453(v=exchg.150).aspx
   [RZ1]It’s part, please re-layout
  Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

  I've just restored the M11 to Windows XP with the disks provided and Outlook Anywhere connected without issue. As strange as it sounds, this looks to be isolated to this particular model of laptop and Windows 7.
  I've used the same Enterprise copy of Windows 7 and Office on a variety of laptops and pc's and none have come across this problem. The only commonality I can see is the hardware and OS.
  Aftery trying to troubleshoot this unsuccessfully with Microsoft tech support for a few hours, they eluded to the fact that this +could+ be a hardware related problem. (driver, adapter properties, etc)

• Re: Tecra M11 - Outlook anywhere connection issue

  Hello,
  Has anyone tried to connect to an Exchange server with Outlook Anywhere on the factory installation of Windows 7 and Office 2010? The authentication window keeps popping up asking for a user name and password. (DOMAIN\Username)
  I've been trying to get this working (with Microsoft tech support also), but haven't been able to. I've installed an Enterprise copy of Win 7 with Office 2010 & 2007 and got the same result. I tried this with a Tecra M10 with both a factory restore of Win7 and an Enterprise copy of Win7 from my company and it worked flawlessly.
  This leads me to believe that this particular model of laptop could be the culprit. I have 2 M11's, and this happens on both. These are not connected to any domain. I don't believe this is an Exchange issue because Outlook Anywhere works with other models of Toshiba Tecras running Win7 and also several standalone Win7 PCs running both Office 2010 and 2007.
  Any ideas or suggestions would be greatly appreciated!
  Thanks

  I've just restored the M11 to Windows XP with the disks provided and Outlook Anywhere connected without issue. As strange as it sounds, this looks to be isolated to this particular model of laptop and Windows 7.
  I've used the same Enterprise copy of Windows 7 and Office on a variety of laptops and pc's and none have come across this problem. The only commonality I can see is the hardware and OS.
  Aftery trying to troubleshoot this unsuccessfully with Microsoft tech support for a few hours, they eluded to the fact that this +could+ be a hardware related problem. (driver, adapter properties, etc)

• Client Access Server Logs that capture Outlook Anywhere Connections

  Do Exchange 2010 Client Access Servers log Outlook Anywhere connections? Since it's RPC over HTTP, I'm thinking these would be in the IIS logs but don't see any entries in those logs that pertain to Outlook Anywhere. What logs contain Outlook Anywhere connections?
  I suspect I have a CAS server that isn't working properly pertaining to OA and need to be able to review some sort of logs to confirm.
  Thanks

  ARay,
  Do the below basic checks-
  Running the Test-OutlookConnectivity cmdlet. The cmdlet tests for Outlook Anywhere (RPC over HTTP) and TCP/IP connections. If the cmdlet
  test fails, the output notes the step that failed.
  Running the Outlook Anywhere connectivity test using the Exchange Remote Connectivity Analyzer (ExRCA). When you run this test, you get a detailed summary showing where the test failed and what steps you can take to fix issues.
  Both tests try to log on through Outlook Anywhere after obtaining server settings from the Autodiscover service. End-to-end verification includes the following:
  Testing for Autodiscover connectivity
  Validating DNS
  Validating certificates (whether the certificate name matches the Web site, whether the certificate has expired, and whether it's trusted)
  Checking that the firewall is set up correctly (ExRCA checks overall firewall setup. The cmdlet tests for Windows firewall configuration.)
  Confirming client connectivity by logging on to the user's mailbox
  Regards,
  ASP20

• Exchange 2013, Outlook 2007 clients Problems with Outlook Anywhere connection

  Hi everyone,
  I have a mail system Exchange 2013 SP1, on Windows Server 2012 R2.
  I have only one mail server with the Client Access and Mailbox roles Server. 
  I have a Wildcard certificate type *. Mydomain.com. 
  All connections to the Outlook Anywhere Outlook 2010, Outook 2013 work correctly. 
  The ActiveSync connections are working properly, too. 
  But Outlook 2007 clients connecting with Outlook Anywhere asking for credentials continuously fail continuously. 
  How can I solve this? 
  thank you very much
  Microsoft Certified IT Professional Server Administrator

  Hi,
  Based on my experience, we need to set Outlook provider with the domain name if it's wildcard certificate:
  Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:*.domain.com
  http://technet.microsoft.com/en-us/library/cc535023(EXCHG.80).aspx
  Thus, I recommend you try the above configuration and test the Outlook connection again.
  Thanks,
  Angela Shi
  TechNet Community Support

• Exchange 2013 Outlook Anywhere connection issues when using F5 VIP

  Hello, 
  We are in the process of deploying Exchange 2013 into our Exchange 2010 Org.  We are using an F5 to load balance all services. We are doing some initial testing and have not cut over autodiscover or other URLs yet to 2013.  We are using host files
  on the local testing machines to point the URLs to 2013.    OWA, Activesync, ecp work with no issue through the F5 VIP.   However, we are having issues with Outlook.  If our host file entries point to a single server, Outlook functions
  normally.  If the host file entries point to the F5 VIP, it keeps prompting for creds and will never connect.
  Just wondering if anybody has run into this or has any guidance as far as OA and F5 deployment.
  Thanks

  Hi,
  Please check your Load Balance configuration and make sure the namespace used for Load Balance has been included in the Exchange certificate. For example: mail.domain.com and autodiscover.domain.com.
  If possible, please share your load balance configuration with us for further analysis. Here are some references about the Load Balance Scenario:
  http://blogs.technet.com/b/exchange/archive/2014/03/05/load-balancing-in-exchange-2013.aspx
  Regards,
  Winnie Liang
  TechNet Community Support

• Outlook Anywhere Loosing connection : Outlook Event id 26 and Exchange IIS HTTPERR Log : Connection_Dropped_List_Full at the same time

  Hi,
  I have a Windows 2008R2 Updated / Exchange 2010 SP3 Rollup 7 (Role CAS,HUB,MBX) with only external users connection : ActiveSync, EWS, OWA, Outlook Anywhere.
  4 processors and 24Go of memory are allocated to the Exchange server VM (VMWare).
  Netscaller is used as reverse proxy in DMZ.
  There is around 500 users connecting with Outlook Anywhere to Exchange. Users are using Outlook 2010 or 2013 with last updates and cache mode enabled (owner mailbox and delegations). Users are location all around the world (around 50 sites). So no users
  is domain integrated.
  Users are complaining about disconnection, and Outlook freeze (Outlook is not responding). This happened at any point of time during the day, and for different kind of actions (Outlook is just open, Try to press Send button, try to press Transfer button).
  The freeze happened randomly for users. I have seen the problem, and Outlook sometimes freeze during few seconds, sometimes during 5 minutes without any reason. (no file copy, no action asked...)
  I noticed that freeze are matching with the Outlook event id 26  on the workstation (Connection to the Microsoft Exchange Server has been lost. Outlook will restore the connection when possible). Also, at the same time, I can see around 200 lines in
  the IIS HTTPERR Log (Exchange Server : C:\Windows\System32\LogFiles\HTTPERR) the following lines:
  2014-11-20 10:39:43 NETSCALLERIP PORT EXCHANGEIP 443 HTTP/1.1 RPC_OUT_DATA /rpc/rpcproxy.dll?EXCHANGEFQDN:6004 - 1 Connection_Dropped_List_Full MSExchangeOutlookAnyWhere
  2014-11-20 10:39:43 NETSCALLERIP PORT EXCHANGEIP 443 HTTP/1.1 RPC_OUT_DATA /rpc/rpcproxy.dll?EXCHANGEFQDN:6001 - 1 Connection_Dropped_List_Full MSExchangeOutlookAnyWhere
  What has been already checked :
  Check IOPS: seems to be normal
  Check Processor consumption: seems to be normal
  Netscaller TimeOut = 8h
  Bandwidth where the server is hosted : more than enough
  Bandwidth of client internet connection : Traffic do not increase when the problem happen
  Firewall TimeOut : seems to be ok
  Firewall Protocol Filter : seem to be ok
  Workstation MTU : Ok : ping -l -f 1472 = Ok, so best MTU = 1500 (1472+28)
  Outlook Profile : Clean Up OST, sync of all folders, download address book.
  wireshark on workstation : nothing seems to be wrong but difficult to analyse, so I maybe missed something.
  Configuration change on Exchange :
  HKLM\Software\Policies\Microsoft\Windows NT\RPC\MinimumConnectionTimeout = 120
  Disable throttling Policy
  Adsiedit, change Max Memory alloc for ESE : msExchESEParamCacheSizeMax = 327680 (around 10GB) msExchESEParamCacheSizeMin = 131072 (around 4GB
  Adsiedit, change Min Memory alloc for ESE : msExchESEParamCacheSizeMin = 131072 (around 4GB)
  Host file : add hostname and FQDN of Exchange Server
  Disable IPV6 : HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\DisabledComponents = HEX 0xffffffff
  IIS : system.applicationHost : webLimits : minBytesPerSecond = 0
  Create dedicated IIS AppPool MSExchangeOutlookAnyWhere for /RPC and /RPCWithCert
  AppPool MSExchangeOutlookAnyWhere : Regular Time Interval (minutes) : 0
  AppPool MSExchangeOutlookAnyWhere : Queue Length : 20000 (Should be the solution but not working)
  netsh int tcp set global chimney=disabled
  netsh int tcp set global rss=disabled
  HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\MaxUserPort = 65534
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\KeepAliveTime : 300000
  HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\MaxConcurrentAPI = 150
  IIS machine.config : <system.web> : requestQueueLimit="65535"
  Microsoft.Exchange.RpcClientAccess.Service.exe.config <add key=”LoggingTag” value=”ConnectDisconnect, Logon, Failures, ApplicationData, Warnings, Throttling”/>
  Uninstall All agents (except Backup Agent)
  Uninstall Antivirus
  Will be done tonight :
  Exchange and DCs : HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\MaxConcurrentAPI = 100
  Exchange IIS : Increase AppPool MSExchangeOutlookAnyWhere Queue Length to 40000
  Exchange : decrease HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\KeepAliveTime to 60000
  You're welcome if you have any idea.
  Thanks.
  Jo.

  Hi,
  Thanks for your answer. Here are my comments :
  1. Disable IPv6 then restart your Exchange server
  Already done since the install of Exchange.
  2. Confirm if there is any NLB device in your environment, please remove NLB firm client server
  There is only one Exchange server in the Org. So no NLB installed on the server (NLB is used on the Netscaller used as a reverse proxy). In Addition, the article apply for Windows 2008, or the server is installed with Windows 2008 R2.
  3. If there is a proxy server configured in IE, please uncheck it
  I guess you are talking on the client side. There is no proxy on the client side, Outlook Anywhere connect directly to the internet.
  4. Collect more error logs in Event Viewer in Exchange and collect the IIS logs in
  folder “c:\inetpub\logs\logfiles\W3SVC1”
  the error I reported in the description is from IIS, and always appear when end users report a problem. In W3SVC1 file, there is also errors, but those one appear even if Outlook clients are working fine. So I cannot isolate any specific
  error. The most common from W3SVC1 log are :
  2014-11-25 08:02:17 EXCHANGEIP POST /autodiscover/autodiscover.xml - 443 - NETSCALLERIP Microsoft+Office/15.0+(Windows+NT+6.1;+Microsoft+Outlook+15.0.4667;+Pro)
  401 1 2148074254 0
  2014-11-25 08:02:17 EXCHANGEIP POST /EWS/Exchange.asmx - 443 - NETSCALLERIP Mac_OS_X/10.9.5+(13F34)+CalendarAgent/176.2
  401 1 2148074254 0
  2014-11-25 08:02:18 EXCHANGEIP POST /EWS/Exchange.asmx - 443 - NETSCALLERIP Microsoft+Office/14.0+(Windows+NT+6.1;+Microsoft+Outlook+14.0.7128;+Pro)
  401 1 2148074254 0
  Regards,
  Jo.

• Outlook 2013 connectivity issue

  Hello!
  My Outlook 2013 stopped connecting to my Exchange 2013.  After googling for a while I found this article:
  http://infused.co.nz/2013/05/13/exchange-2013-outlook-anywhere-rpc-settings/
  and checked get-outlookprovider status -  it was exactly as in this post:
  Name Server CertPrincipalName TTL
  EXCH 1
  EXPR 1
  WEB I don't know whether this is the cause of my issue or not but I'd like to know: if Exchange Server has all required certificates installed why CertPrincipalName is empty in the output above?
  Thank you in advance,
  Michael

  Hi Mavis,
  Thank you for the reply!
  "How about connect to Exchange server via OWA?" - OWA is working.
  "About this confusion, the CertPrincipalName parameter specifies the Secure Sockets Layer (SSL) certificate principal name required for connecting to Exchange from an external location.This parameter is only used for Outlook Anywhere clients." -
  as far as I know the only difference between external and internal Outlook connections is that external are SSL-enabled
  by default and internal are http-based. All Outlook 2013 connections are Outlook Anywhere connections:
  http://technet.microsoft.com/en-us/library/bb123741%28v=exchg.150%29.aspx#outlookanywhere
  Outlook Anywhere and Exchange 2013
  The Windows RPC over HTTP Proxy component, which Outlook Anywhere clients use to connect, wraps remote procedure calls (RPCs) with an HTTP layer. This allows traffic to traverse network firewalls without requiring RPC ports to be opened. In Exchange 2013,
  this feature is enabled by default, because all Outlook connectivity takes place over Outlook Anywhere.
  And I can require SSL even for internal Outlook connections any time...may be it is this requirement that makes this parameter (CertPrincipalName) show up...
  One more thing that I can't understand: when Outlook starts it tries to connect by using HTTP (and when it succeeds I can confirm this by examining its Connection Status:
  When Outlook can't connect the following event is registered:
  If Outlook is connecting via HTTP what does this error mean?
  Regards,
  Michael

• Outlook anywhere in 2007/2013 coexistence

  Hi!
  I have a multitenant exchange 2007 at a single server setup and I’m trying to do migration to exchange 2013. I’m testing this in my lab environment before I go the production. I’m quite far and for example the owa redirection to exchange
  2007 works. Also I can connect with outlook anywhere the exchange 2013 server when the mailbox is transferred.
  Problem is that the exchange 2013 proxy redirection to 2007 server isn’t working. My Outlook 2010 just keeps asking username and password. Outlooks are configured to connect with basic authentication.
  I have done a lot of googling about the issue and there is a lot of discussion about it. I have tried a lot of things and I’m quite lost now.
  I have tried to configure the externalclientauthenticationmethod, internalauthenticationmethod and IISauthenticationmethods with different kind of setups but can’t get it to work. Also tried to change the internal and external hostnames.
  My outlook anywhere setup at 2007 server is:
  RunspaceId                        
  : 714f0d1a-c0f0-4694-aefe-8cf6218521ea
  ServerName                        
  : EXCHANGE07
  SSLOffloading                     
  : False
  ExternalHostname                  
  : exchange07.xxx.fi
  InternalHostname                  
  : legacy.xxx.fi
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods          
  : {Basic, Ntlm}
  XropUrl                           
  ExternalClientsRequireSsl      
     : True
  InternalClientsRequireSsl         
  : True
  MetabasePath                      
  : IIS://wcn-exchange07.welcomnet.fi/W3SVC/1/ROOT/Rpc
  Path                              
  : C:\WINDOWS\System32\RpcProxy
  ExtendedProtectionTokenChecking   
  : None
  ExtendedProtectionFlags           
  ExtendedProtectionSPNList         
  AdminDisplayVersion               
  : Version 8.3 (Build 83.6)
  Server                            
  : WCN-EXCHANGE07
  AdminDisplayName                  
  ExchangeVersion                 
    : 0.1 (8.0.535.0)
  Name                              
  : Rpc (Default Web Site)
  ObjectClass                       
  : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
  WhenChanged                       
  : 14.5.2014 20:56:18
  WhenCreated          
               : 14.10.2008 12:33:07
  WhenChangedUTC                    
  : 14.5.2014 17:56:18
  WhenCreatedUTC                    
  : 14.10.2008 9:33:07
  Exchange 2013 outook anywhere setup:
  RunspaceId                        
  : 714f0d1a-c0f0-4694-aefe-8cf6218521ea
  ServerName                        
  : EXCHANGE13
  SSLOffloading                     
  : False
  ExternalHostname                  
  : exchange07.xxx.fi
  InternalHostname                  
  : exchange07.xxx.fi
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods          
  : {Basic, Ntlm}
  XropUrl                           
  ExternalClientsRequireSsl         
  : True
  InternalClientsRequireSsl         
  : True
  MetabasePath                      
  : IIS://exchange13.xxx.fi/W3SVC/1/ROOT/Rpc
  Path 
                               : C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\rpc
  ExtendedProtectionTokenChecking   
  : None
  ExtendedProtectionFlags           
  ExtendedProtectionSPNList         
  AdminDisplayVersion             
    : Version 15.0 (Build 847.32)
  Server                            
  : WCN-EXCHANGE13
  AdminDisplayName                  
  ExchangeVersion                   
  : 0.20 (15.0.0.0)
  Name                       
         : Rpc (Default Web Site)
  ObjectClass         
                : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
  WhenChanged                       
  : 14.5.2014 20:55:56
  WhenCreated                       
  : 2.4.2014 0:57:19
  WhenChangedUTC                    
  : 14.5.2014 17:55:56
  WhenCreatedUTC                    
  : 1.4.2014 21:57:19
  Any help would be appreciated.

  Hi,
  Firstly, I'd like to explain, only in Exchange 2013, internal and external Outlook clients use Outlook Anywhere. Thus,in Exchange 2007, Outlook Anywhere settings can only include the external host name.
  And based on my experience, the credential issue is related to connectivity issue, authentication issue or public folder access.
  So I'd like to confirm the following information to understand more about the issue:
  1.  Does the issue happens on all users? users on Exhcange 2007 or 2013? internal users or external users?
  As far as I know, redirection and proxy don't happen on Outlook clients:
  http://technet.microsoft.com/en-us/library/bb310763(v=exchg.141).aspx
  2. Which IP address do your host name points to? legacy.xxx.fi, exchange07.xxx.fi?
  3. Check the Outlook Anywhere connectivity of the problematic users by ExRCA:
  https://testconnectivity.microsoft.com/
  If you have any question, please feel free to let me know.
  Thanks,
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Angela Shi
  TechNet Community Support

• Outlook Anywhere Trouble for new users

  Hello,
  My client had Exchange 2010 SP3, lastest rollup. He has Outlook Anywhere enabled and all of his users, except a new one he created a few days ago, have no problem accessing their mailboxes.
  This new user experiences a problem, once she goes home and tries to open her Outlook 2010, a User\Password prompt appears which does not go away even when you get it right. Eventually after 3 attempts usually, it goes away but outlook opens up disconnected.
  There is this Error event - MSExchangeAL id 8364, on the exchange server, and it does correspond to our problem. although, no valid solution is given for it, wherever i've searched.
  We've tried Changing authentication methods from Basic to NTLM to Negotiate and to Basic back again, tried disabling the "Encrypt data between Outlook and Exchange", We've tries online mode, it does not even open outlook. it gives us an error regarding
  a bad ost file. If outlook does allow the user in, it's only in cached mode and it immeditaly changes status from "Trying to connect..." to "Disconnected". We've checked the checkbox of "On slow connections use....". OWA Works.
  Any insight would be greatly appreciated. Thank you.

  Hi,
  According to your description, only one your user cannot use Outlook Anywhere to connect to the server. If I misunderstand your meaning, please feel free to let me know.
  If yes, I recommend you firstly troubleshoot if the issue is related to the certain Outlook client:
  Recreate a new profile for the problematic users or change another computer to reconfigure the account.
  Additionally, you can also use ExRCA to check the Outlook Anywhere connectivity:
  https://testconnectivity.microsoft.com/
  If you have any question, please feel free to let me know.
  Thanks,
  Angela Shi
  TechNet Community Support

• Outlook is not connecting through Workgroup Machine over internet using Outlook Anywhere

  users can connect successfully using outlook anywhere over internet if machine are on domain, well problem with workgroup machine that are not connecting over the internet as outlook keep prompting password well i have configured outlook Anywhere with
  default negotiate authentication as well as ssl offloading is checked and using same name for internal and external urls. also have valid 3rd party certificate configured on server.
  Talha Faraz Malik

  Hi,
  Step 1 :In addition to that , please use remote connectivity analyzer to check outlook anywhere in internet .
  From that we came to know the exact error .
  Step 2: Most of the organisations are having an ISA or TMG firewall to create web published rules for exchange services .In case if you have you need to check the rule created for outlook anywhere is properly configured or not.
  If you have such kind of firewall's ,You can test the OA rule by using the option test rule in ISA or TMG firewall .
  Most probably you can able to find out the exact cause with the help of EXRCA.
  Please reply me if you have any queries.
  Regards
  S.Nithyanandham

• Exchange 2010 - Outlook Anywhere trying to connect to internal server name first before connecting to proxy server

  Hello,
  I have an Exchange 2010 question which I will post in the Exchange 2013 section since the Ask a question button in the legacy Exchange Servers section of technet takes me back to the part of Technet where I can only ask questions regarding Exchange 2013.
  If someone can point me to a part where I can place a question in an Exchange 2010 forum please let me know.
  We have Exchange 2010 setup with a CAS array listening to outlook.internaldomain.com
  We have TMG 2010 setup with a rule for Outlook Anywhere, the rule listens to mail.externaldomain.com and traffic that meets this rule is let through to outlook.internaldomain.com.
  When I fire up my laptop, which is connected to the internet, and start Outlook and let it configure my profile through autodiscover it sets it up correct and fills the Outlook profile with a servername stating outlook.internaldomain.com and a proxyserver
  to be used stating mail.externaldomain.com. After initial setup when my Outlook starts it almost immediatly prompts me for a username and a password so this is working fine.
  At the office we have an internal network segment where DHCP is servicing the connecting clients and giving them our internal DNS servers because they need connection to some other network segments which are not available to the internet. This network segment
  does not have access to our internal Exchange environment but has full access to the internet. Clients in this network segment do want to use Outlook so using Outlook Anywhere for them is the logical way to go. When I connect my laptop to this network segment
  I get handed an IP address and our internal DNS servers, when I start Outlook it takes about two minutes before a the credential prompt pops up and another 2 to 6 minutes after entering credentials before it says all folders are in sync. This is quite long
  and our clients find this unacceptable.
  I started testing what might be going on here and I have found that when I manually enter external DNS servers the Outlook password prompt will popup in seconds and all is working as expected so it seems Outlook is trying to connect to the internal servername
  when using our internal DNS servers (which can resolve outlook.internalnetwork.com) instead of directly going to the proxy server which is to be used for Outlook Anywhere.
  When I start a network monitor trace my thoughts are confirmed because when I am connected to the internal network segment OUTLOOK.EXE first tries to connect to outlook.internaldomain.com, it almost immediately gets a response stating that this route is
  inaccessible but OUTLOOK.EXE keeps on trying to connect untill some sort of time out is reached (somewhere around two minutes) after which it connects to mail.externaldomain.com and Outlook shows the credential prompt.
  So to round it up, when connected to DNS servers that can resolve the internal servername Outlook tries to connect to the internal servername in stead of the external name, Outlook does not reckognize the answer from the network that the internal route is
  not acessible (or it does but does nothing with this information).
  Has anybody experienced this behaviour in Outlook?
  Does anyone have a solution in where I can force Outlook to connect to it's proxyserver and disregard the internal servername?

  Thank you for your reply.
  The client computers that are experiencing the issues are not domain joined, the only reason I can think of why this is occurring is because the DNS servers are able to resolve the internal hostname of the server, but I would expect Outlook to always use
  the proxy server that has been set in the configuration of the Outlook profile. Or at least acknowledging the answer that the initially tried route is inaccessible and immediately continue to the proxy server.
  For setting the same hostname for internal and external use, we use different namespaces internally and externally, do you mean setting the external hostname on the CAS array for internal use ? Wouldn't that push all internal communication to the internet
  and to the outside interface of the TMG where the server is published with that hostname ?

• Outlook Anywhere can't Connect to Exchange

  Background: We are use Windows Server 2003R2, Exchange 07 and Outlook 10/13, We have setup ABC.com for the AD domain and setup email. It works and functional in both OWA & Outlook Anywhere in branch office. Later setup another domain XYZ.com in
  same exchange server. Both email domain are workable in using OWA & Outlook Anywhere in branch office. (Can't use VPN)
  Because of company issue, the ABC.com has change the Name Server and will point to other IP address. The pervious setting in branch office for Outlook as below:
  Server: exchange.abc.com
  Exchange Proxy: htps://mail.abc.com
  Exchange Server Public IP: 202.xxx.23.2
  For all using outlook email @XYZ.com that can't connect to server, but OWA is workable. They can type
  https://mail.xyz.com/owa or
  https://202.xxx.23.2/owa to login to exchange server for send & receive email. And Ive use a stupid method to temporary fix this issue for using Outlook, we have add "mail.abc.com  202.xxx.23.2" & "exchange.abc.com 192.168.1.200"
  to local PC host file. Then it can connect to exchange by Outlook.
  But this not the best way, because it can't work on iPhone, iPad & Android mobile device.
  Please suggest the best way to fixed this issue for long-term running. Thousand Thanks.
  Chris
  Chris Pang [email protected]

  Hi Chris,
  It seems an issue on your Autodiscover configuration.
  Please explor the autodiscover url on IE to check whether it retuns 600 code.
  Also provide an FAQ on Autodiscover for your reference:
  http://social.technet.microsoft.com/Forums/office/en-US/54bc6b17-9b60-46a4-9dad-584836d15a02/troubleshooting-and-introduction-for-exchange-20072010-autodiscover-details-about-test-email?forum=exchangesvrgeneral
  Thanks

• Exchange msstd: setting in outlook connection for Outlook Anywhere

  I currently have the Exchange Provider for EXPR set to $null, however I still seem to get msstd:mail.mydomain.com set in my Outlook connection string setting on all machines. Where is this setting coming from? We do push the Outlook Anywhere settings
  via GPO and have the ProxyServer string defined set to mail.mydomain.com. The flags are set to ensure SSL is defined on the connection.
  We are in the process of moving from Exchange 2007 to Echange 2013. Will it be a problem moving from a UCC cert with a friendly name of mail.mydomain.com to a wild card SSL cert on the 2013 servers with *.mydomain.com set, if the
  "connect to proxy servers that have this principal name in their certificate is selected? I'm concerned that msstd:mail.mydomain.com  does not match msstd:*.mydomain.com?
  Thanks in advance

  Hi,
  We can run the following command to set with Ed’s suggestion:
  Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:*.mydomain.com
  Regards,
  Winnie Liang
  TechNet Community Support

• Outlook anywhere Clients not connecting

  Hi All,
  I have recently set up Outlook anywhere on an Windows 2008 SP 2 box with Exchange 2010 and installed a 3rd SSL certificate bought explicitly for this purpose.
  I'm having real issues trying to connect any outlook clients from the outside world. OWA works fine and doesn't ask for a certificate so I know that has installed successfully.
  I have tried all combinations both basic and NTLM authentication I can think of to no avail.
  The remote connectivity analyser tool (https://testconnectivity.microsoft.com/) passed everything bar and only shows a couple of warnings which I believe I can safely ignore:
  1 - Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled
  2 - The first refferal (without encryption) fails, but the subsequent one is successfull (require encryption is set up on my client)
  All I'm getting on my client is a username and password box, once entering the authenticaition details it keeps on asking for authentication, then when cancelled throws an error that the server is not contactable and the name could not be resolved.
  I can telnet to my fqdn (webmail.mycompany.com) on ports 80 and 443 with no issues.
  Does anybody have any idea what I can do to troubleshoot this? It's been driving me insane for weeks!
  Many thanks in advance

  Hi Darren,
  Yes outlook anywhere is enabled and the settings match, I have tried with the 'Only connect to proxy servers that have this principal name in their certificate' ticked and also without.
  I'm convinced all of the normal config is correct, I've set up RPC over HTTP connections on a ton of other servers in the past and have never ran into this issue.
  The remote connectivity analyser passes with flying colours, does anybody know of any other debugging tools or logs I can take a look at?
  I'm close to un-installing the rpc over http feature from IIS and setting it all up from scratch but don't really want to do this as the server is in production and is the only exchange server in the organisation.