Exchange 2013 how to disable outlook anywhere

Hi Team,
I have migrated some mailboxes from Exchange 2010 to 2013. But i want to restrict some users to use outlook anywhere.
How can i do this?
Also, Some outlook 2010 clients are not able to open outlook after migrating to Exchange 2013. Please help.
Thanks.
Regards, Sunny Kewalramani.

Hi,
Firstly, I'm afraid that we cannot disable Outlook Anywhere for certain users only when they use OA externally. And if the property MAPIBLOCKOutlookRpcHttp of a user is set to true, the user cannot access Exchange server both internally and externally.
Thanks,
Angela Shi
TechNet Community Support

Similar Messages

Exchange 2013 - How to configure Outlook Anywhere with certificate based authentication?

Hello,
is it possible to secure Outlook Anywhere in Exchange 2013 with certficate based authentication?
I found documentation to configure CBA for OWA and ActiveSync, but not for Outlook Anywhere.
We would like to secure external access to the mailboxes via Outlook by using CBA.
Thanks a lot in advance!
Regards,
André

Hi,
Let’s begin with the answer in the following thread:
http://social.technet.microsoft.com/Forums/en-US/e4b44ff0-4416-44e6-aa78-be4c1c03f433/twofactor-authentication-outlook-anywhere-2010?forum=exchange2010
Based on my experience, Outlook client only has the following three authentication methods:Basic, NTML, Negotiate. And for more information about Security for Outlook Anywhere, you can refer to the following article:
http://technet.microsoft.com/en-us/library/bb430792(v=exchg.141).aspx
If you have any question, please feel free to let me know.
Thanks,
If you have feedback for TechNet Subscriber Support, contact
[email protected]
Angela Shi
TechNet Community Support

Some Outlook clients getting internal FQDN of newly installed Exchange 2013 CAS server as Outlook Anywhere Proxy address

Hello Folks,
I have this problem and is making me crazy if anyone have any idea please shed some light on this:-
1. Working Outlook 2010 and 2013 clients with webmail.xyz.com as Outlook Anywhere proxy address.
2. Installed new Exchange 2013 server (server02)with CAS and Mailbox role, Exchange install wizard finished and server is rebooted.
3. Server came up online started changing internal and external FQDN's of Virtual Directories and Outlook Anywhere to webmail.xyz.com
4. As soon as Fqdn's changed some outlook clients create support request that Outlook suddenly white's out and after reopening it is giving error cannot connect to exchange. upon checking Clients Exchange Proxy address is set to http://server02.xyz.com,
even though OA/OWA/ECP/OAB/EWS/Autodiscover/ActiveSync FQDN's Point to webmail.xyz.com, on all servers if i create new outlook profile for same user it picks up correct settings through autodiscover and connects fine, this is happening to about 20% of outlook
clients every time i am introducing new Exchange 2013 server in Organization. we have around 2000 users and planning on installing 4 exchange servers to distribute load and everytime changing outlook profile of close to 150-200 users is not possible.
Any help is greatly appreciated.
Thanks
Cool

Here are the EXCRA results
Here IP (x.x.x.x) returned is my Load Balancer IP (Webmail.xyz.com).
Connectivity Test Successful with Warnings
Test Details
    Testing Outlook connectivity.
    The Outlook connectivity test completed successfully.
       Additional Details
    Elapsed Time: 9881 ms.
       Test Steps
       The Microsoft Connectivity Analyzer is attempting to test Autodiscover for [email protected].
    Autodiscover was tested successfully.
       Additional Details
    Elapsed Time: 2063 ms.
       Test Steps
       Attempting each method of contacting the Autodiscover service.
    The Autodiscover service was tested successfully.
       Additional Details
    Elapsed Time: 2063 ms.
       Test Steps
       Attempting to test potential Autodiscover URL https://xyz.com:443/Autodiscover/Autodiscover.xml
    Testing of this potential Autodiscover URL failed.
       Additional Details
    Elapsed Time: 186 ms.
       Test Steps
       Attempting to resolve the host name xyz.com in DNS.
    The host name couldn't be resolved.
       Tell me more about this issue and how to resolve it
       Additional Details
    Host xyz.com couldn't be resolved in DNS InfoNoRecords.
Elapsed Time: 186 ms.
    Attempting to test potential Autodiscover URL https://autodiscover.xyz.com:443/Autodiscover/Autodiscover.xml
    Testing of the Autodiscover URL was successful.
       Additional Details
    Elapsed Time: 1876 ms.
       Test Steps
       Attempting to resolve the host name autodiscover.xyz.com in DNS.
    The host name resolved successfully.
       Additional Details
    IP addresses returned: x.x.x.x
Elapsed Time: 338 ms.
    Testing TCP port 443 on host autodiscover.xyz.com to ensure it's listening and open.
    The port was opened successfully.
       Additional Details
    Elapsed Time: 173 ms.
    Testing the SSL certificate to make sure it's valid.
    The certificate passed all validation requirements.
       Additional Details
    Elapsed Time: 318 ms.
       Test Steps
       The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.xyz.com on port 443.
    The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
       Additional Details
    Remote Certificate Subject: CN=webmail.xyz.com, Issuer: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US.
Elapsed Time: 219 ms.
    Validating the certificate name.
    The certificate name was validated successfully.
       Additional Details
    Host name autodiscover.xyz.com was found in the Certificate Subject Alternative Name entry.
Elapsed Time: 1 ms.
    Certificate trust is being validated.
    The certificate is trusted and all certificates are present in the chain.
       Test Steps
       The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=webmail.xyz.com, OU=Terms of use at www.verisign.com/rpa (c)05,.
    One or more certificate chains were constructed successfully.
       Additional Details
    A total of 1 chains were built. The highest quality chain ends in root certificate CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign,
Inc.", C=US.
Elapsed Time: 36 ms.
    Analyzing the certificate chains for compatibility problems with versions of Windows.
    Potential compatibility problems were identified with some versions of Windows.
       Additional Details
    The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature
isn't enabled.
Elapsed Time: 5 ms.
    Testing the certificate date to confirm the certificate is valid.
    Date validation passed. The certificate hasn't expired.
       Additional Details
    The certificate is valid. NotBefore = 1/3/2013 12:00:00 AM, NotAfter = 11/16/2015 11:59:59 PM
Elapsed Time: 0 ms.
    Checking the IIS configuration for client certificate authentication.
    Client certificate authentication wasn't detected.
       Additional Details
    Accept/Require Client Certificates isn't configured.
Elapsed Time: 289 ms.
    Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
    The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST.
       Additional Details
    Elapsed Time: 756 ms.
       Test Steps
       The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.xyz.com:443/Autodiscover/Autodiscover.xml for user [email protected].
    The Autodiscover XML response was successfully retrieved.
       Additional Details
    Autodiscover Account Settings
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>Test Exch1</DisplayName>
<LegacyDN>/o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=add423106fbb47d5bf237462f52b8dab-Test Exch1</LegacyDN>
<DeploymentId>4ec753c9-60d9-4c05-9451-5b24e2d527a7</DeploymentId>
</User>
<Account>
<AccountType>email</AccountType>
<Action>settings</Action>
<Protocol>
<Type>EXCH</Type>
<Server>[email protected]</Server>
<ServerDN>/o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/[email protected]</ServerDN>
<ServerVersion>73C0834F</ServerVersion>
<MdbDN>/o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/[email protected]/cn=Microsoft Private MDB</MdbDN>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://webmail.xyz.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://webmail.xyz.com/OAB/6a6a06ad-4717-4636-bd98-0b4fa3aaf4a5/</OABUrl>
<UMUrl>https://webmail.xyz.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<PublicFolderServer>webmail.xyz.com</PublicFolderServer>
<AD>DC-03.domain.xyz.com</AD>
<EwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.xyz.com/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=domain.xyz.com</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=domain.xyz.com</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-sms>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=domain.xyz.com</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=domain.xyz.com</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&Title=<Title>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmCreating>
<EcpUrl-tmEditing>?rfr=olk&ftr=TeamMailboxEditing&Id=<Id>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmEditing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=domain.xyz.com</EcpUrl-extinstall>
<ServerExclusiveConnect>off</ServerExclusiveConnect>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>webmail.xyz.com</Server>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://webmail.xyz.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://webmail.xyz.com/OAB/6a6a06ad-4717-4636-bd98-0b4fa3aaf4a5/</OABUrl>
<UMUrl>https://webmail.xyz.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<EwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.xyz.com/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=domain.xyz.com</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=domain.xyz.com</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-sms>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=domain.xyz.com</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=domain.xyz.com</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&Title=<Title>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmCreating>
<EcpUrl-tmEditing>?rfr=olk&ftr=TeamMailboxEditing&Id=<Id>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmEditing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=domain.xyz.com</EcpUrl-extinstall>
<ServerExclusiveConnect>on</ServerExclusiveConnect>
<EwsPartnerUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsPartnerUrl>
<GroupingInformation>Default-First-Site-Name</GroupingInformation>
</Protocol>
<Protocol>
<Type>WEB</Type>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<Internal>
<OWAUrl AuthenticationMethod="Basic, Fba">https://webmail.xyz.com/owa/</OWAUrl>
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
</Protocol>
</Internal>
<External>
<OWAUrl AuthenticationMethod="Fba">https://webmail.xyz.com/owa/</OWAUrl>
<Protocol>
<Type>EXPR</Type>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
</Protocol>
</External>
</Protocol>
<Protocol>
<Type>EXHTTP</Type>
<Server>webmail.xyz.com</Server>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://webmail.xyz.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://webmail.xyz.com/OAB/6a6a06ad-4717-4636-bd98-0b4fa3aaf4a5/</OABUrl>
<UMUrl>https://webmail.xyz.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<EwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.xyz.com/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=domain.xyz.com</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=domain.xyz.com</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-sms>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=domain.xyz.com</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=domain.xyz.com</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&Title=<Title>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmCreating>
<EcpUrl-tmEditing>?rfr=olk&ftr=TeamMailboxEditing&Id=<Id>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmEditing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=domain.xyz.com</EcpUrl-extinstall>
<ServerExclusiveConnect>On</ServerExclusiveConnect>
</Protocol>
<Protocol>
<Type>EXHTTP</Type>
<Server>webmail.xyz.com</Server>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://webmail.xyz.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://webmail.xyz.com/OAB/6a6a06ad-4717-4636-bd98-0b4fa3aaf4a5/</OABUrl>
<UMUrl>https://webmail.xyz.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<EwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.xyz.com/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=domain.xyz.com</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=domain.xyz.com</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-sms>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=domain.xyz.com</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=domain.xyz.com</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&Title=<Title>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmCreating>
<EcpUrl-tmEditing>?rfr=olk&ftr=TeamMailboxEditing&Id=<Id>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmEditing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=domain.xyz.com</EcpUrl-extinstall>
<ServerExclusiveConnect>On</ServerExclusiveConnect>
</Protocol>
</Account>
</Response>
</Autodiscover>HTTP Response Headers:
request-id: 9d325a80-f1fd-4496-ac48-2be6bb782c28
X-CalculatedBETarget: Server01.domain.xyz.com
X-DiagInfo: Server01
X-BEServer: Server01
Persistent-Auth: true
X-FEServer: Server01
Content-Length: 11756
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Date: Mon, 25 Aug 2014 19:12:25 GMT
Set-Cookie: X-BackEndCookie=S-1-5-21-1293235207-2459173341-1304346827-14544=u56Lnp2ejJqBypqcnsfJx5nSy8ucnNLLnJzP0sfKz8/Sy5nHmsiamZrMyZrLgYHPxtDNy9DNz87L387Gxc7Nxc3J; expires=Thu, 25-Sep-2014 00:12:26 GMT; path=/Autodiscover; secure; HttpOnly
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Elapsed Time: 756 ms.
    Autodiscover settings for Outlook connectivity are being validated.
    The Microsoft Connectivity Analyzer validated the Outlook Autodiscover settings.
       Additional Details
    Elapsed Time: 0 ms.
    Testing RPC over HTTP connectivity to server webmail.xyz.com
    RPC over HTTP connectivity was verified successfully.
       Additional Details
    HTTP Response Headers:
request-id: 835acf95-78b7-40ae-b232-117318d1577e
Server: Microsoft-IIS/8.5
WWW-Authenticate: Basic realm="webmail.xyz.com",Negotiate,NTLM
X-Powered-By: ASP.NET
X-FEServer: Server01
Date: Mon, 25 Aug 2014 19:12:26 GMT
Content-Length: 0
Elapsed Time: 7817 ms.
       Test Steps
       Attempting to resolve the host name webmail.xyz.com in DNS.
    The host name resolved successfully.
       Additional Details
    IP addresses returned: x.x.x.x
Elapsed Time: 107 ms.
    Testing TCP port 443 on host webmail.xyz.com to ensure it's listening and open.
    The port was opened successfully.
       Additional Details
    Elapsed Time: 180 ms.
    Testing the SSL certificate to make sure it's valid.
    The certificate passed all validation requirements.
       Additional Details
    Elapsed Time: 303 ms.
       Test Steps
       The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server webmail.xyz.com on port 443.
    The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
       Additional Details
    Remote Certificate Subject: CN=webmail.xyz.com, OU=Terms of use at www.verisign.com/rpa (c)05, Issuer: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign,
Inc.", C=US.
Elapsed Time: 224 ms.
    Validating the certificate name.
    The certificate name was validated successfully.
       Additional Details
    Host name webmail.xyz.com was found in the Certificate Subject Common name.
Elapsed Time: 0 ms.
    Certificate trust is being validated.
    The certificate is trusted and all certificates are present in the chain.
       Test Steps
       The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=webmail.xyz.com, OU=Terms of use at www.verisign.com/rpa (c)05,
    One or more certificate chains were constructed successfully.
       Additional Details
    A total of 1 chains were built. The highest quality chain ends in root certificate CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign,
Inc.", C=US.
Elapsed Time: 34 ms.
    Analyzing the certificate chains for compatibility problems with versions of Windows.
    Potential compatibility problems were identified with some versions of Windows.
       Additional Details
    The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature
isn't enabled.
Elapsed Time: 5 ms.
    Testing the certificate date to confirm the certificate is valid.
    Date validation passed. The certificate hasn't expired.
       Additional Details
    The certificate is valid. NotBefore = 1/3/2013 12:00:00 AM, NotAfter = 11/16/2015 11:59:59 PM
Elapsed Time: 0 ms.
    Checking the IIS configuration for client certificate authentication.
    Client certificate authentication wasn't detected.
       Additional Details
    Accept/Require Client Certificates isn't configured.
Elapsed Time: 298 ms.
    Testing HTTP Authentication Methods for URL https://webmail.xyz.com/rpc/[email protected]:6002.
    The HTTP authentication methods are correct.
       Additional Details
    The Microsoft Connectivity Analyzer found all expected authentication methods and no disallowed methods. Methods found: Basic, Negotiate, NTLMHTTP Response Headers:
request-id: 835acf95-78b7-40ae-b232-117318d1577e
Server: Microsoft-IIS/8.5
WWW-Authenticate: Basic realm="webmail.xyz.com",Negotiate,NTLM
X-Powered-By: ASP.NET
X-FEServer: Server01
Date: Mon, 25 Aug 2014 19:12:26 GMT
Content-Length: 0
Elapsed Time: 296 ms.
    Attempting to ping RPC proxy webmail.xyz.com.
    RPC Proxy was pinged successfully.
       Additional Details
    Elapsed Time: 454 ms.
    Attempting to ping the MAPI Mail Store endpoint with identity: [email protected]:6001.
    The endpoint was pinged successfully.
       Additional Details
    The endpoint responded in 0 ms.
Elapsed Time: 1007 ms.
    Testing the MAPI Address Book endpoint on the Exchange server.
    The address book endpoint was tested successfully.
       Additional Details
    Elapsed Time: 2177 ms.
       Test Steps
       Attempting to ping the MAPI Address Book endpoint with identity: [email protected]:6004.
    The endpoint was pinged successfully.
       Additional Details
    The endpoint responded in 906 ms.
Elapsed Time: 918 ms.
    Testing the address book "Check Name" operation for user [email protected] against server [email protected].
    The test passed with some warnings encountered. Please expand the additional details.
       Tell me more about this issue and how to resolve it
       Additional Details
    The address book Bind operation returned ecNotSupported. This typically indicates that your server requires encryption. The Microsoft Connectivity Analyzer will attempt the Address Book test again with encryption.
NSPI Status: 2147746050
Elapsed Time: 825 ms.
    Testing the address book "Check Name" operation for user [email protected] against server [email protected].
    Check Name succeeded.
       Additional Details
    DisplayName: Test Exch1, LegDN: /o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=add423106fbb47d5bf237462f52b8dab-Test Exch1
Elapsed Time: 433 ms.
    Testing the MAPI Referral service on the Exchange Server.
    The Referral service was tested successfully.
       Additional Details
    Elapsed Time: 1808 ms.
       Test Steps
       Attempting to ping the MAPI Referral Service endpoint with identity: [email protected]:6002.
    The endpoint was pinged successfully.
       Additional Details
    The endpoint responded in 953 ms.
Elapsed Time: 949 ms.
    Attempting to perform referral for user /o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=add423106fbb47d5bf237462f52b8dab-Test Exch1 on server [email protected].
    We got the address book server successfully.
       Additional Details
    The server returned by the Referral service: [email protected]
Elapsed Time: 858 ms.
    Testing the MAPI Address Book endpoint on the Exchange server.
    The address book endpoint was tested successfully.
       Additional Details
    Elapsed Time: 626 ms.
       Test Steps
       Attempting to ping the MAPI Address Book endpoint with identity: [email protected]:6004.
    The endpoint was pinged successfully.
       Additional Details
    The endpoint responded in 156 ms.
Elapsed Time: 154 ms.
    Testing the address book "Check Name" operation for user [email protected] against server [email protected].
    Check Name succeeded.
       Additional Details
    DisplayName: Test Exch1, LegDN: /o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=add423106fbb47d5bf237462f52b8dab-Test Exch1
Elapsed Time: 472 ms.
    Testing the MAPI Mail Store endpoint on the Exchange server.
    We successfully tested the Mail Store endpoint.
       Additional Details
    Elapsed Time: 555 ms.
       Test Steps
       Attempting to ping the MAPI Mail Store endpoint with identity: [email protected]:6001.
    The endpoint was pinged successfully.
       Additional Details
    The endpoint responded in 234 ms.
Elapsed Time: 228 ms.
    Attempting to log on to the Mailbox.
    We were able to log on to the Mailbox.
       Additional Details
    Elapsed Time: 326 ms.

Exchange 2013 2007 co-existence Outlook Anywhere issues

Sorted out all other issues (apart from a SSO issue- another thread) . Activesync, autodiscover etc all working- but Outlook Anywhere does not work for Exchange 2007 external mailboxes. It does work for 2013 mailboxes internally and externally-
and 2007 mailboxes internally.
Exchange 2013 SP1. Exchange 2007 Sp3 RU10. Legacy namespace is in use and on certificate. Outlook Anywhere IIS Authentication is set to Basic and NTLM on both 2007 and 2013 servers. Outlook Anywhere external client authentication is set to Basic.
Any sugestions what to look at next?

Tony,
I apologize for the stupid question, but was Outlook Anywhere working on Exchange 2007 before you started the upgrade?
When you open command prompt on Exchange 2007 and ping the Exchange 2007 internal FQDN or NetBIOS name, do you get an IPv4 address or you get the IPv6 one?
Step by Step Screencasts and Video Tutorials

Publish Exchange 2013 OWA + Active Sync + Outlook Anywhere using TMG 2010

We plan to publish our new Exchange 2013 SP1 servers (3 in DAG) outside corporate network using TMG 2010. I am looking for some guide how to do it in the proper way. What I found is little old and does not take into consideration Exchange 2013
SP1
http://blogs.technet.com/b/exchange/archive/2012/11/21/publishing-exchange-server-2013-using-tmg.aspx
Any advice how to publish Exchange 2013 OWA using form-based authentication and how to use Kerberos Constrained Delegation?

Hi,
The blog below describes some scenarios about publishing Exchange. You could have a look the Scenario 2.
Exchange publishing after TMG/UAG
http://dizdarevic.ba/ddamirblog/?p=168
Note: Microsoft provides third-party contact information to help you find technical support. This contact
information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information
Best Regards,
Joyce
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

How do I disable Outlook Anywhere Externally with Split-DNS?

Hello,
I am trying to disable Outlook Anywhere Externally. This issue is that we use split-dns and all of our Exchange services point to mail.domain.com both internally and externally. This can't be changed due to our SSL certificate not including the internal
server DNS name for the Exchange server, and we still have another two years on it.
Is there a way to white-list a range of IP Addresses (potentially through IIS since Outlook Anywhere uses HTTPS)? Would setting the External URL to null for Outlook Anywhere prohibit autodiscover from configuring the Outlook client, or would it do nothing
at all since the internal DNS name is the same as the external?
I could potentially add an internal SSL certificate and change the internal DNS name of Outlook Anywhere. Is this a good move?
Thank you for your time.

Hello,
I am trying to disable Outlook Anywhere Externally. This issue is that we use split-dns and all of our Exchange services point to mail.domain.com both internally and externally. This can't be changed due to our SSL certificate not including the internal
server DNS name for the Exchange server, and we still have another two years on it.
Is there a way to white-list a range of IP Addresses (potentially through IIS since Outlook Anywhere uses HTTPS)? Would setting the External URL to null for Outlook Anywhere prohibit autodiscover from configuring the Outlook client, or would it do nothing
at all since the internal DNS name is the same as the external?
I could potentially add an internal SSL certificate and change the internal DNS name of Outlook Anywhere. Is this a good move?
Thank you for your time.
The only way within Exchange is to set the internal Outlook Anywhere host name to something not resolvable externally and/or null out the external hostname or set to something bogus.
Twitter!:
Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

Can it be possible to disable outlook anywhere for some few users who are working from home ?

One of my customer wants to disable outlook anywhere for some of the users who are working from home.They have exchange server 2013 in their premises and also have outlook 2010/2013 on their clients machine.Please advice?

Hi,
In Exchange 2013, all Outlook connectivity (Internal and External) are using Outlook Anywhere anyways. It is not recommended to use the following command to disable Outlook Anywhere for a specific user:
Set-CASMailbox UserA -MAPIBlockOutlookRpcHttp $True
If you disable it, the UserA would not be able to access the mailbox from both Internal Outlook client (Office) and external Outlook client (Home).
For your requirement about disable Outlook anywhere for some few users instead of all external users, there seems to be no method to achieve it directly in Exchange server. Sorry for any inconvenience.
Regards,
Winnie Liang
TechNet Community Support

Migrating to 2013 from 2007 with Outlook Anywhere disabled

Hello
I'm in the middle of a migration from 2007 With Outlook anywhere disabled.
After I installed 2013 I added the external url to both inside and outside url's on CliantAccess, o-anywhere url and Virtual catalogs.
When I configured the External Access domain on the 2013 it also added this on the external url's on the 2007 server. On the 2007 server i manuelly changed the external url's to the Legacy name which is mail.domain.com. The New server is webmail.domain.com
both internally and externally. The servers real name is xxmail.domain.internal
After this, when I configure an Outlook Client With a user on the old server With autodiscover it configures it With Outlook anywhere, not mapi, but With the external name of the New server, webmail.domain.com under http Proxy settings. When I then
moved this user to the New server it stopped working in Outlook.
Is the best approch to enable Outlook anywhere on the 2007 server before migrating the users or can I og from mapi/rpc to rpc over http in 2013 without Outlook problems?
Regards

Hi,
Firstly, I’d like to explain, all users in Exchange 2013 use Outlook Anywhere. The information of Exchange proxy settings tab is automatically updated by Autodiscover.
I recommend you the following troubleshooting:
1. Check the Autodiscover configuration on both Exchange 2007 and Exchange 2013 servers:
Get-clientaccessserver |fl autodiscoverserviceinternaluri
2. Check if there is any DNS entry about the legacy name points to Exchange 2007 IP address.
3. Check if you can logon OWA with both Exchange 2007 and Exchange 2013 server.
Best regards,
Angela Shi
TechNet Community Support

Exchange 2013 / 2010 co-existence - Outlook won't connect to Exchange 2010 mailboxes

Greetings! I have a lab set up at home where I have been testing co-existence of Exchange 2013 and 2010 for a future corporate upgrade project.
I am running into some odd behavior. Any mailbox that has been migrated to Exchange 2013 works just fine, however, when I try to set up Outlook for a mailbox still on Exchange 2010 I receive errors. OWA works just fine for these Exchange
2010 mailboxes, it is just Outlook that has the problem. This is what I am running into:
1. Outlook uses autodiscover to locate server settings. It fails at the 'logging on to mail server' step saying that Exchange isn't available; Outlook must be connected, etc.
2. It then gives me the settings box for Exchange server and Mailbox. This is auto populated with one of the Exchange 2013 servers (there are 3 of them, all have both MBX and CAS role). If I then change the server to the Exchange 2010 CAS server,
and hit 'check names', it underlines the very same entries (like it found them this time) that were there initially and goes on to finish the configuration.
3. When I launch Outlook with this Exchange 2010 user, it fails to open with the error message that the set of folders couldn't be opened.
I've been doing as much research on this as I can. I've tried disabling IPv6 to no avail. It seems as if perhaps the issue is with Exchange 2013 proxying the request back to the Exchange 2010 servers but I am not sure what to check in that regards.
Any suggestions? Thanks in advance!

Hi,
Don´t disable IPV6 on an Exchange Server, it is, in my opinion not necessary - also applies for AD.
You can use your original SSL Cert for your new Ex 2013 environment.
In dns you want two host A records: mail.domain.com and autodiscover.domain.com
On your 2013 set your internal and external virtual directories to mail.domain.com
leave autodiscover and Powershell alone.
Also set the autodiscover URI to your Certificate name ie. mail.domain.com
Set-ClientAccessServer -Identity "YourCASServer" -AutoDiscoverServiceInternalUri "https://mail.domain.com/autodiscover/autodiscover.xml"
Thanks. I wanted to give some additional info before I run any commands. I currently have an A record for autodiscover and it is pointed to the Exchange 2013 DAG/cluster IP. I have a 3 entries for mail.domain, for DNS round robin; basically
it is listed 3 times for the IP of each of my Exchange 2013 servers. Does any of this sound problematic?

Password prompts - Exchange 2013 RTM vs. [Outlook 2007 & Outlook 2010] - Fully patched

Exchange 2013 RTM - Multi-Tenant
ExternalClientAuthenticationMethod : Ntlm
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Basic, Ntlm, Negotiate}
Clients using Outlook Anywhere only, not Exchange domain members.
1. Windows XP SP3 (fully patched), Outlook 2007 SP3 + Nov 2012 Patch - When launching Outlook prompts for password only once.
2. Windows 7 (fully patched), Outlook 2010 (fully patched) - When launching Outlook doesn't prompt for password.
I'm aware of this:
http://support.microsoft.com/kb/956531
The goal - Eliminate issue with password prompts for Windows XP.
Any chance resolving this? CU install? Anything else?
Thanks.
Memento Mori

Hi,
Based on my experience, the credential issue is mostly likely caused by authentication method.
And I recommend the following troubleshooting:
1. Change LmCompatibilityLevel on the windows XP client to a value of 2 or 3:
a. Click Start, click Run, type regedit in the Open box, and then press ENTER.
b. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\
c. In the pane on the right side, double-click lmcompatibilitylevel.
d. In the Value data box, type a value of 2 or 3 that is appropriate for your environment, and then click OK.
e. Exit Registry Editor.
f. Restart your computer
2. Reset the windows credential store.
If you have any question, please feel free to let me know.
Thanks,
Angela Shi
TechNet Community Support

Update from Exchange 2013 Cu2 to SP1 - Outlook 2010 with SP2 clients disconnected

Hi,
we recently upgraded a standalone Exchange 2013 Server to SP1. Owa works fine, but all internal Outlook 2010 Clients (with SP2) get disconnected. Creating a new Profile, and testing the internal autodiscovery leeds to an Error 12030 (Connection reset) during
the discovery process.
I already checked the Service Point, the discovery URLs, even recreated the autodiscover virtual Directory in iis. But nothing changed.
The self signed certificate, that was used before the update is further used, and well known to all Clients. As I tested, OWA is working well everywhere.
Anyone some new ideas?
Best regards
Bernhard

Hi,
How did you recreate outlook profile? Manually or Automatic?
If automatic failed, please try to recreate manually and check the result.
If manual failed, please refer to the following methods to troubleshoot the issue:
1>Try to open the following link and check the result:
https://CASName/autodiscover/autodiscover.xml
2>Try to use RCA to test outlook autodiscover and check the result.
https://testconnectivity.microsoft.com/
Thansk.
Niko Cheng
TechNet Community Support

Set Exchange 2013 calendar permissions with Outlook 2007

Hi,
I have a new install of Exchange 2013 with ~30 Win 7, Office 2007 clients. Setting permissions on calendars doesn't work properly from Outlook 2007 (a known MS issue). Does anyone know if there is a fix or work around to assign permissions to the calendar?
i.e. where you right click the Calendar folder and set different levels of permission. There is a 'permission' option in OWA but this doesnt appear to work for calendars.
I have tried Outlook 2013 and that works ok. Is there alternate way to save having to move to Outlook 2013?
Thanks.

Hi,
The above issue occurs because of a limitation in how Exchange Server 2013 set Free/Busy permissions. The workaround is to use OWA to set up calendar permissions.
Here is a helpful article about setting up calendar permissions in OWA for your reference.
Sharing your calendar in Outlook Web App
https://support.office.com/en-us/article/Sharing-your-calendar-in-Outlook-Web-App-7ecef8ae-139c-40d9-bae2-a23977ee58d5?CorrelationId=7fe34d54-c3e4-4ca4-a83d-450dbd8075a5&ui=en-US&rs=en-US&ad=US#_Toc342645965
Hope this can be helpful to you.
Best regards,
Amy Wang
TechNet Community Support

How to disable Outlook for checking for IMAP/POP3 Certificate Name Mismatch?

I have outlook clients that are connected to an IMAP/POP3 server that's off-site provided by company A.
Company A requires me to enter imap.companya.com for imap server address and 993 for the port.
I must also enable SSL for the connection.
When I do this, Outlook pops up an error message (shown below), that must be reacted to every time it checks for mail.
The reason is that the certificate is for myserver.companya123.com and that's different than imap.companya.com but company A wont change it. They said I need to disable my email programs certificate check so it doesn't keep prompting
me. Now I can do this with my iphone, and other email programs without incident. But I cannot find where to disable it in outlook.
If I change the imap server address in my account settings for outlook to instead use myserver.company a123.com, outlook can't connect and as the vendor said I must use imap.companya.com as the imap server address.
I need to be able to connect via SSL (so nobody can swipe my password over the wire) but not have to react 1000x a day to the certificate warnings.
I don't want to use Eudora, or another email client that allows me to easily disable the warning. I want to use outlook. How do I set outlook so it doesn't keep popping up these certificate server name mismatch warnings?
I spent days searching for a fix, and it seems there are fixes via the registry for just about every type of certificate issue, but NOT THIS PARTICULAR ONE.
I am hoping someone knows exactly what I am talking about and knows of a easy fix. I must use SSL so please don't tell me to disable SSL.
What I need is to disable outlook from presenting that alert. That's what I need to do. No other solution will suffice. I hope outlook does not have a product limitation that prevents such a thing from being done. I am ok with a registry fix if need be, but
being able to disable outlook from presenting certificate name mismatch alerts is critical. Hope its possible! Thanks!

Hi,
I would suggest we try the registry key mentioned in this
article (Method 4) to configure Outlook to allow the connection to the mismatched domain name, and see if it works:
HKEY_CURRENT_USER\Software\Microsoft\Office\<var>xx</var>.0\Outlook\AutoDiscover\RedirectServers
Let me know if this doesn't work.
Regards,
Ethan Hua
Forum Support
Come back and mark the replies as answers if they help and unmark them if they provide no help.
If you have any feedback on our support, please click
here

SharePoint 2013 How to disable Drag and Drop Functionality

Hi,
In SharePoint 2013 in document library we have default behavior of drag and drop documents in document library. How to disable drag and drop documents in document library?

Hi,
As a work around, you can edit the Drag and Drop js as to remove the drag and drop functionality, edit the document library page (default
page) place the content editor web part on top of the library include the modified Drag and Drop js file in the content editor web part, Please save the Drag and Drop js file to other location (probably Site Assets library etc).
Hope it helps!!!
Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. Thanks, Ajeet

Exchange 2013/2010 Co-existance Outlook Users Always Prompted for Password

Hello,
We are in the process of attempting to migrate to Exchange 2013, but during the migration time, we need to coexist with the two versions. Our outlook clients are a mix of Office 2007, 2010, and 2013. When a user is migrated from 2010 to 2013,
they start getting prompted for their password in Outlook every few minutes. They can click cancel and continue working, but they continue to get prompts for their password. If they click the update folder button in outlook, it updates fine, and
the password prompt goes away for awhile.
Most topics on this state that this is caused by a certificate issue. We have an internally deployed CA, with the Root certificate trusted by all clients. The exchange 2013 server has a certificate that was created by this CA.
I believe that this is caused by OAB (address book) still being hosted on the Exchange 2010 server (with a self signed cert), that is causing the connection to fail. Is there anyway to test this without breaking outlook connections for the users that
are on Exchange 2010? Or is there any other reason that this would occur?
Thanks for any assistance.

Sorry for taking so long to reply, other items came up that rank higher then this migration.
I ran the Test-OutlookWebServices CMD and got this result:
[PS] C:\Windows\system32> Test-OutlookWebServices
Source                              ServiceEndpoint
Scenario                       Result Latency
(MS)
EXCHANGE13.company.local           exchange10.company.local           Autodiscover: Outlook Provider Failure     229
EXCHANGE13.company.local
Exchange Web Services          Skipped       0
EXCHANGE13.company.local
Availability Service           Skipped       0
EXCHANGE13.company.local
Offline Address Book           Skipped       0
I
am currently thinking that this may be the error. Is there a way to
change the first failing result to the hostname of the
exchange13.company.local without breaking the current settings for the
exchange10.company.local autodiscover?

Exchange 2013 how to disable outlook anywhere

Similar Messages

Maybe you are looking for