Exchange 2013 + Outlook 2010, Security Alert

A small customer has Outlook 2010 connecting to Exchange Server 2013 on a Windows 2008
R2 server at a remote site. Recently, the users began receiving a security
alert ("The identity of this web site or the integrity of this connection
cannot be verified", "The name on the security certificate is invalid
or does not match the name of the site"). This occurs every time a user
opens Outlook, and when they click on "Yes" they are able to use
Outlook normally. <o:p></o:p>
This problem began not long after 1) the wildcard ssl certificate was renewed and 2)
Exchange 2013 was updated to the most recent SP and CU. It is noteworthy that
the PCs being used are not members of the domain. The users also receive this
error if they use Outlook to connect from their home PCs. <o:p></o:p>
The Exchange server passes connectivity and autodiscover tests. I have checked all the URLs
in Exchange Server. I have tried changing authentication, re-enabling the the
*.domain.ca certificate, I have not been able to reproduce the error on my own
laptop from the customer's site. <o:p></o:p>
This problem is not critical, but it is annoying for the users, and I have tried
just about everything I can find on the Internet to resolve it. <o:p></o:p>
Any suggestions? <o:p></o:p>

Hi,
Please run the following command to set the CertPrincipalName parameter which specifies the Secure Sockets Layer (SSL) certificate principal name required for connecting to Exchange from an external location to have a try:
Set-OutlookProvider EXPR -CertPrincipalName msstd:*.domain.ca
If the issue persists, please follow the steps below to check Exchange services for the problematic users :
Open Outlook - press CTRL key - right click on the Outlook icon from right bottom corner taskbar -
Test Email AutoConfiguration. Put your email address - uncheck use guessmart and secure guessmart authentication - click Test to check your Autodiscover service.
Please collect the information in the Log tab and Results tab.
Regards,
Winnie Liang
TechNet Community Support

Similar Messages

Exchange 2013 - Outlook 2010 - 550 5.1.0 RESOLVER.ADR.InvalidInSmtp; encapsulated INVALID address inside an SMTP address

Hello,
I have issue when sending email to some addresses. Server respond with:
Remote Server returned '550 5.1.0 RESOLVER.ADR.InvalidInSmtp; encapsulated INVALID address inside an SMTP address (IMCEAINVALID-)'
My enviroment: Exchange 2013, Outlook 2010 - no cached mode. Issue happend with two email addresses but not always.
Any suggestion, how to resolve issue?
Thx.

Hi Tomas,
Does this issue occur in OWA? How is the impact, only one user or all users?
Please try to run Outlook under safe mode to avoid add-ins and AVs.
If there is any 3rd party add-ins, please try to disable them for testing.
Thanks
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Mavis Huang
TechNet Community Support

Exchange 2010/Outlook 2010 Security Alert (...there is a problem with the site's security certificate.)

I've been looking to resolve this issue for a while now and was hoping someone could help me understand my options.
We have Exchange 2010 & Outlook 2010 in our environment. I've created a SSL cert for our ActiveSync from a reputable CA and unfortunately, as you may not be surprised, we are seeing an alert each time we open Outlook that states:
"Security Alert; Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the site's security certificate.
The name on the security certificate is invalid or does not match the name of the site."
Of course my internal server name does not match my external server name. So the SSL I had created for use with OWA and ActiveSync is rejected by my internal Outlook clients.
After doing some research I believe this is related to the Autodiscover service being configured with my internal server name and not my external name.
I've found some info about adding New-AutodiscoverVirtualDirectory and Set-ClientAccessServer commands and then found this article that might help. (Configure
Outlook Anywhere to Use Multiple SSL Certificates) but nothing is specific to my configuration and I'm concerned about what will happen to my existing configuration if this fails.
What happens when you run Set-ClientAccessServer? Does it retain and keep the old server config in place and add a new one or does it wipe it out? Will all of my devices need to be reconfigured?
Same with New-AutodiscoverVirtualDirectory. Does this simply add another virtual directory or is it going to overwrite my existing config?
Then there is the question of whether or not any of this will actually address my issue at all.
absolutezero273c

Sorry.
"[PS] C:\Windows\system32>Set-ClientAccessServer -Identity MailExt -AutoDiscoverServiceInternalUri "https://MailExt
.contoso.com/autodiscover/autodiscover.xml"
The operation couldn't be performed because object 'MailExt' couldn't be found on 'DomainController2.contoso.local'.
+ CategoryInfo : NotSpecified: (0:Int32) [Set-ClientAccessServer], ManagementObjectNotFoundException
+ FullyQualifiedErrorId : 4D980455,Microsoft.Exchange.Management.SystemConfigurationTasks.SetClientAccessServer"...is the error I get.
I've created the split zones and populated the Forward Lookup Zones as follows:
CONTOSO.COM
MailExt(CNAME)MailInt.contoso.local
_tcp _autodiscover(SRV)MailExt.contoso.com
CONTOSO.LOCAL
MailInt(A)192.168.1.10
MailExt(CNAME)MailInt.contoso.com
One thing I did notice is that there isn't a _tcp _autodiscover entry for MailInt in my Forward Lookup Zones. It was recommended that I make that entry for _tcp _autodiscover(SRV)MailExt.contoso.com in another post I read somewhere.
I believe what I am trying to do is create a new autodiscover object as is shown here:
I see there is a Get-ClientAccessServer & Set-ClientAccessServer command but I need to add a CAS. Does the Set-ClientAccessServer add or simply modify?
Or would that require the New-AutodiscoverVirtualDirectory command? I read
this page that discussed creating new virtual directories but that seemed a little risky without knowing all the ins and outs of how this service functions and to what degree this would affect the existing configuration.
I was able to use the Set-ClientAccessServer command and change the actual internal autodiscoverUri to https://MailExt.contoso.com/autodiscover/autodiscover.xml but the name still says MailInt and I continue to get the SSL cert warnings because it is looking
at MailInt.contoso.local.
absolutezero273c

Windows XP Machines Always Prompt for Credentials (Exchange 2013, Outlook 2010)

I am running Exchange 2013 on Server 2012 Datacenter (VM). Windows 7 clients with Outlook 2010 work fine. Windows XP clients with Outlook 2010 prompt for credentials (user name and password) each time Outlook is started, and checking the "Remember
my password" box does not prevent this from happening the next time. The "Always prompt for logon credentials" checkbox on the "Security" tab of the "More Settings" section of the Exchange account is not checked. I have found a myriad of posts
with similar issues, but they all seem to have to do with SBS/Exchange 2007, and I haven't come across something that works as a solution for me. One suggested certificate issues, and I was having certificate security warnings, but I got that resolved.
I am hopefuly that the fact that this only happens on Windows XP will be telling.

Proxy settings:
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 50
auth_param ntlm keep_alive on
auth_param basic program /usr/lib/squid3/squid_ldap_auth -R \
-b "DC=domain,DC=local" \
-D "CN=Squid Proxy,OU=TI,OU=Domain,DC=domain,DC=local" \
-W passldap \
-f "sAMAccountName=%s" \
-h domain.local
auth_param basic children 20
auth_param basic realm Domain Internet Proxy
auth_param basic credentialsttl 8 hours
external_acl_type ADS children=50 ipv4 ttl=60 %LOGIN /usr/lib/squid3/squid_ldap_group -S -K -b "DC=domain,DC=local" -f "(&(objectclass=person)(sAMAccountName=%v)(memberof =CN=%a,OU=Domain,DC=domain,DC=local))" -D "CN=Squid Proxy,OU=TI,OU=Domain,DC=domain,DC=local" -s sub -W ldappass domain.local
tks.

Exchange 2010 - Exchange 2013 Outlook 2010 resolves wrong server

Hello,
We are upgrading from exchange 2010 to 2013.
Now I have migrated a testmailbox, but when I try to configure it in outlook it tries to connect to the Exchange 2010 server instead of the Exchange 2013 server.
I have configured outlook manually like described on the following url:
http://www.zerohoursleep.com/2013/02/manual-outlook-configuration-with-exchange-2013/
At the "Check Name" step, it will not resolve the Exchange 2013 server guid but the Exchange 2010 server... but the mailbox is migrated to Exchange 2013...
When I try to launch outlook an error occurs: Cannot open your default e-mail folders. You must connect to Microsoft Exchange with the current profile before you can synchronize your folders with your Outlook data
file (.ost)."
Can someone help me out please?
Thx!

Are you sure the mailbox move completed? What happens when you log into OWA? Are you having AD replication issues in your environment?
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread

Exchange 2013 / Outlook 2010+ Attachment size limit

I have an issue with my Exchange 2013 deployment. I am unable to send attachments over 10MB. I know, I know not another one of those threads, but I promise I have searched for a solution to my issue as best I can before posting.
So in the EMC I have set the Send/Receive connectors to unlimited, I have set the organizational limits to unlimited, I have even set both the Internal and ExternalDsnMaxMessageAttachSize
to 2047MB.
I have restarted the the Exchange Transport service, failing that I restarted the Exchange Box. I have closed and opened my Outlook Client Several times but when ever
I select an attachment over 10MB I get the message "The Attachment size exceed the allowable limit"
There must be something I am missing but I can't see it. I did also check my (and other) user accounts to confirm that no limits had somehow been set, they are all unconfigured or
blank in the EMC which my research has told means there is no limit on the account.
Now I know in in non exchange environment there are limits on the client, but attached to an exchange server these limits are supposed to be driven by exchange.
Here is the output of Get-TransportConfig
AddressBookPolicyRoutingEnabled : False
AnonymousSenderToRecipientRatePerHour : 1800
ClearCategories : True
ConvertDisclaimerWrapperToEml : False
DSNConversionMode : UseExchangeDSNs
JournalArchivingEnabled : False
ExternalDelayDsnEnabled : True
ExternalDsnDefaultLanguage :
ExternalDsnLanguageDetectionEnabled : True
ExternalDsnMaxMessageAttachSize : 1.999 GB (2,146,435,072 bytes)
ExternalDsnReportingAuthority :
ExternalDsnSendHtml : True
ExternalPostmasterAddress :
GenerateCopyOfDSNFor : {}
HygieneSuite : Standard
InternalDelayDsnEnabled : True
InternalDsnDefaultLanguage :
InternalDsnLanguageDetectionEnabled : True
InternalDsnMaxMessageAttachSize : 1.999 GB (2,146,435,072 bytes)
InternalDsnReportingAuthority :
InternalDsnSendHtml : True
InternalSMTPServers : {}
JournalingReportNdrTo : <>
LegacyJournalingMigrationEnabled : False
LegacyArchiveJournalingEnabled : False
LegacyArchiveLiveJournalingEnabled : False
RedirectUnprovisionedUserMessagesForLegacyArchiveJournaling : False
RedirectDLMessagesForLegacyArchiveJournaling : False
MaxDumpsterSizePerDatabase : 18 MB (18,874,368 bytes)
MaxDumpsterTime : 7.00:00:00
MaxReceiveSize : Unlimited
MaxRecipientEnvelopeLimit : 500
MaxRetriesForLocalSiteShadow : 2
MaxRetriesForRemoteSiteShadow : 4
MaxSendSize : Unlimited
MigrationEnabled : False
OpenDomainRoutingEnabled : False
RejectMessageOnShadowFailure : False
Rfc2231EncodingEnabled : False
SafetyNetHoldTime : 2.00:00:00
ShadowHeartbeatFrequency : 00:02:00
ShadowMessageAutoDiscardInterval : 2.00:00:00
ShadowMessagePreferenceSetting : PreferRemote
ShadowRedundancyEnabled : True
ShadowResubmitTimeSpan : 03:00:00
SupervisionTags : {Reject, Allow}
TLSReceiveDomainSecureList : {}
TLSSendDomainSecureList : {}
VerifySecureSubmitEnabled : False
VoicemailJournalingEnabled : True
HeaderPromotionModeSetting : NoCreate
Xexch50Enabled : True
Thanks in advance for any assistance.
Carl

I have an issue with my Exchange 2013 deployment. I am unable to send attachments over 10MB. I know, I know not another one of those threads, but I promise I have searched for a solution to my issue as best I can before posting.
So in the EMC I have set the Send/Receive connectors to unlimited, I have set the organizational limits to unlimited, I have even set both the Internal and ExternalDsnMaxMessageAttachSize
to 2047MB.
I have restarted the the Exchange Transport service, failing that I restarted the Exchange Box. I have closed and opened my Outlook Client Several times but when ever
I select an attachment over 10MB I get the message "The Attachment size exceed the allowable limit"
There must be something I am missing but I can't see it. I did also check my (and other) user accounts to confirm that no limits had somehow been set, they are all unconfigured or
blank in the EMC which my research has told means there is no limit on the account.
Now I know in in non exchange environment there are limits on the client, but attached to an exchange server these limits are supposed to be driven by exchange.
Here is the output of Get-TransportConfig
AddressBookPolicyRoutingEnabled : False
AnonymousSenderToRecipientRatePerHour : 1800
ClearCategories : True
ConvertDisclaimerWrapperToEml : False
DSNConversionMode : UseExchangeDSNs
JournalArchivingEnabled : False
ExternalDelayDsnEnabled : True
ExternalDsnDefaultLanguage :
ExternalDsnLanguageDetectionEnabled : True
ExternalDsnMaxMessageAttachSize : 1.999 GB (2,146,435,072 bytes)
ExternalDsnReportingAuthority :
ExternalDsnSendHtml : True
ExternalPostmasterAddress :
GenerateCopyOfDSNFor : {}
HygieneSuite : Standard
InternalDelayDsnEnabled : True
InternalDsnDefaultLanguage :
InternalDsnLanguageDetectionEnabled : True
InternalDsnMaxMessageAttachSize : 1.999 GB (2,146,435,072 bytes)
InternalDsnReportingAuthority :
InternalDsnSendHtml : True
InternalSMTPServers : {}
JournalingReportNdrTo : <>
LegacyJournalingMigrationEnabled : False
LegacyArchiveJournalingEnabled : False
LegacyArchiveLiveJournalingEnabled : False
RedirectUnprovisionedUserMessagesForLegacyArchiveJournaling : False
RedirectDLMessagesForLegacyArchiveJournaling : False
MaxDumpsterSizePerDatabase : 18 MB (18,874,368 bytes)
MaxDumpsterTime : 7.00:00:00
MaxReceiveSize : Unlimited
MaxRecipientEnvelopeLimit : 500
MaxRetriesForLocalSiteShadow : 2
MaxRetriesForRemoteSiteShadow : 4
MaxSendSize : Unlimited
MigrationEnabled : False
OpenDomainRoutingEnabled : False
RejectMessageOnShadowFailure : False
Rfc2231EncodingEnabled : False
SafetyNetHoldTime : 2.00:00:00
ShadowHeartbeatFrequency : 00:02:00
ShadowMessageAutoDiscardInterval : 2.00:00:00
ShadowMessagePreferenceSetting : PreferRemote
ShadowRedundancyEnabled : True
ShadowResubmitTimeSpan : 03:00:00
SupervisionTags : {Reject, Allow}
TLSReceiveDomainSecureList : {}
TLSSendDomainSecureList : {}
VerifySecureSubmitEnabled : False
VoicemailJournalingEnabled : True
HeaderPromotionModeSetting : NoCreate
Xexch50Enabled : True
Thanks in advance for any assistance.
Carl
1. If you send a message larger than 10MB from an external client to your org, does it bounce back because its over the limit?
2. Do you see the same problem sending internally with OWA?
Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

Exchange 2003 + Outlook 2010 hangs if deleted shared mailbox exists into profile

Environment - Exchange 2003 + Outlook 2010 published via Citrix
We recently did the cleanup of shared mailboxes which are no longer needed. However post our activity we found that many users are reporting that their Outlook is hanging for a long time during startup and it continues while working on outlook. Upon investigation
we found that their Outlook profile was having 1 or 2 shared mailboxes listed which were deleted from organization. As soon these shared mailboxes were removed from profile the Outlook started working fine.
Is this know issue of Outlook and if any hotfix available for same, I have already checked the 'download shared folder' option which isn't selected.
Absar

Hi,
Maybe the issue is related to the default behavior in Outlook.
How about try the following:
http://support.microsoft.com/kb/982697
Best regards,
Rex Zhang
TechNet Community Support

Outlook 2010 Certificate Alert when connecting to Exchange 2010 Server

Hi,
I am receiving the below security alert when launching a domain joined Outlook 2010 client;
The security certificate was issued by a company you have not chosen to trust
This is a self-signed certificate on the CAS server role which is separate to the Hub and Mailbox. Unless something is completely screwed, Outlook 2007 against Exchange 2007 had no issues with domain joined machines and self-signed certificates.
The following KB article explains the same issue http://support.microsoft.com/default.aspx/kb/2006728 but this is a native Exchange 2010 environment with no previous versions of CAS roles.
Any help appreciated.
Cheers

Hi,
Yes, when internal user try to use outlook to connect exchange Server, outlook will try to find the e-mail address and exchange server name from AD. After that it will look for SCP and then find the correct the autodiscover server to connect, retrieve settings.
So during the process of connecting to exchange server, it will have to use autodiscover to connect and retrieve user settings. So certificate regard to autodiscover will cause the issue.
I’d like to share the process of how internal outlook user connect to exchange server.
1.    Automatically retrieve e-mail address from Active Directory if domain joined machine.
2.    Retrieve Exchange Server name if found and store for later.
3.    Look for SCP objects or SCP pointer objects that correspond to user’s e-mail address, and find the correct Autodiscover server to connect to; then connect and retrieve settings.
4.    If previous step fails, attempt DNS discovery of Autodiscover XML (allowing for 10 redirects).
a.    HTTPS POST: https://DOMAIN/autodiscover/autodiscover.xml
b.    HTTPS POST: https://autodiscover.DOMAIN/autodiscover/autodiscover.xml
c.    HTTP GET: http://autodiscover.DOMAIN/autodiscover/autodiscover.xml (only to follow redirects, not to get settings)
d.    DNS SRV lookup: _autodiscover._tcp.DOMAIN (only to follow the redirect the SRV record points to)
5.    If previous step fails, attempt local XML discovery and use XML found on the local machine if applicable.
6.    If previous step fails but an Exchange Server name is found in step 2, configure Exchange account based on Exchange Server name.
7.    If previous step is not applicable, attempt Common Settings Discover, as described in the next section.
More related information to share with you:
Security warning when you start Outlook 2007 and then connect to a mailbox that is hosted on a server that is running Exchange Server 2007 or Exchange Server 2010: "The name of the security certificate is invalid or does not match the name of the site"
http://support.microsoft.com/kb/940726
Regards,
Xiu

Exchange Server 2013 / Outlook 2010 Auto-Complete address problems

Hi
We run an Exchange 2013 environment where end users use Outlook 2010.
For some reason several users (at least 5 so far, maybe more that haven't noticed yet) are complaining that they are now unable to add any additional address to the Auto-Complete cache. This can be resolved manually by emptying the cache from within
Outlook then disabling and re-enabling auto-complete but obviously they then have a blank slate.
My question is - is there anything that can cause this type of problem collectively? I have seen it previously, but occurrences have always been isolated to an individual user.
Thanks in advance
M

Hello,
You can try use NK2View tool to modify your Outlook Auto Complete Addresses.
With NK2View you can delete unwanted email addresses from your autocomplete file and add new addresses from your address book as well as edit current email address entries. And NK2View is a free download from NirSoft and you can get the software by going
to their website.
Besides, the auto-complete cache is a outlook feature, I recommend you post your issue to outlook forum.
http://social.technet.microsoft.com/Forums/en-US/home?forum=outlook
If you have any feedback on our support, please click
here
Cara Chen
TechNet Community Support

Excahgne 2013 outlook 2010 don't update folders from exchange server, from owa send and receive is ok

I have exchange 2013 server, with database for each department last week we have power problem, servers down
after servers goes on line, i have database with dirty shutdown, cant mount it, then i do eseutil/p, then i mount it, then all users access there mails from outlook 2010 they can send and receive, except one user cant receive new mail to outlook but he can
send mails from outlook (in outlook the folder last update 22april), from owa he receive anew mails and can send,
i try to delete outlook profile and create it again i get folder has not yet been updated
i try to repair exchange database again, but the same problem
i try to move it to another database or another server but move fail
if i use outlook online (remove use cached mode) its receive new mails.
Any help?
Thanks

Hi,
What’s the user impact? If the issue only occur on specific users, I suggest we firstly take the troubleshooting from the client side.
If the issue occurs to all the users, it’s seems the Outlook sync issue with the CAS server, not like a database issue. Do you configure the NLB for the CAS server?
Thanks,
Simon Wu
TechNet Community Support

Publishing Exchange 2013 Outlook Web App with Forefront TMG 2010

Hello guys,
I have published Exchange 2013 via TMG 2010 with pre-authentication. Since this is the first time I am doing it- I want to ask experts for the explanations:).
When I configure Active Sync on mobile, I just type the password and it's starts syncing after 20 sec.
When I use browser and trying to login using TMG logon screen, after I enter credentials (if they were not wrong), I get exchange 2013 logon screen ( because my password was checked by DC's).
I have customized TMG tamplate to Exchange 2013 tamplate, but it did not help- I have two logon screens.
Is it possible to configure TMG for showing only one logon screen ( without disabling pre-authentication) ? Does it work this way?
Did I miss something?

Hi,
Please try to enable FBA for external and internal OWA 2010 users by the methods in the blog below.
There are several ways to accomplish this:
Have internal users pointed to the internal interface of the Forefront TMG and utilize the forms-based authentication logon page offered by Forefront TMG.
Deploy Forefront UAG instead of Forefront TMG. Forefront UAG allows you to have FBA enabled on both the Exchange 2010 Client Access Servers and on the Forefront UAG solution itself.
Publish Exchange 2010 to the Internet using Forefront TMG but do not configure pre-authentication. This way the users need to go through the Forefront TMG solution, but will authenticate directly against the Exchange 2010 Client Access servers.
Configure an additional OWA and ECP virtual directory on the Exchange 2010 Client Access Servers.
Reference:http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/enabling-forms-based-authentication-external-internal-owa-2010-users-exchange-2010-published-using-forefront-tmg-2010-part1.html
Then check the blog
- Creating a custom Forefront TMG 2010 OWA FBA logon page
Note:
Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
Best Regards,
Joyce
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

Migration to Exchange 2013 from 2010 - Client side issues

Hi Everyone,
I've been having issues with clients connecting to an existing Exchange server (Getting login prompt- but not usual reason).
We currently run Exchange 2010 with approx 200 mailboxes on the server. Last night I renewed the certificate on the 2010 server (go daddy SAN cert, all ok) and added the cert to my new Exchange 2013 server. I tested it with my account, and a
test account approx 12 times, and had not login prompt when launching Outlook. All seemed ok, until this morning.....
This morning, most (not all) users are getting the login prompt. We are able to get by this by inputting domain\username and Outlook opens fine and is able to connect. No users are on the Exchange 2013 server yet (only 1 test account)
I've been googling all morning and I'm not seeing anything directly relating to my issue. I've read about the Anon vs Negotiate issues (KB2834139) - But - the strange thing is all clients are set to negotiate network security (And encrypt data) This
is opposite of what the MS article says. CLients are all Outlook 2010
Here are my outlook anywhere settings:
ServerName : exchange2010
IISAuthenticationMethods : {Basic}
ServerName : exchange2013A
IISAuthenticationMethods : {Basic, Ntlm}
ServerName : exchange2013B
IISAuthenticationMethods : {Basic, Ntlm}
Identity ClientAuthenticationMethod IISAuthenticationMethods
exchange2010\Rpc (Default Web Site) Basic {Basic}
exchange2013a\Rpc (Default Web Site) Ntlm {Basic, Ntlm}
exchange2013b\Rpc (Default Web Site) Ntlm {Basic, Ntlm}
If I change the Exchange 2010 server to NTLM, will this resolve what I'm seeing? And do I need to restart RPC Client Access and Transport Service to make changes take effect? Or reboot the whole server?
If you need more info or logs please let me know
Thank you for any help!
-Jeff

Hi,
Please confirm if the Login prompt issue occurs when users open the Outlook client at first time after renewing Exchange certificate or happens when opening the Outlook every time.
I noticed that the user can connect to Exchange server after inputting domain\username. Please confirm if the issue happens to external users who use Outlook Anywhere. For Outlook Anywhere coexistence,
please choose NTLM for IIS authentication.
Set-OutlookAnywhere -Identity "exchange2010\Rpc (Default Web Site)" -IISAuthenticationMethods Basic,Ntlm
Regards,
Winnie Liang
TechNet Community Support

The connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete this action. Error while connecting to exchange through Outlook 2010

Hi,
I have set up Exchange Server 2013 on Windows Server 2008 R2. Everything is working fine except I am unable to configure Exchange account in Outlook 2010 or any other version. It says
"The connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete this action."
Error screenshot is attached. Even, I am able to configure exchange active sync on my adroid and ipad which is working perfect. Please let me know if any body have any idea about it. Searched many blog and forum but still now solution till now.
Thanks in advance
Regards,
Manoj

Hi Manoj,
Can you ping your Exchange server? It would hlep us isolate the fault from network releated issue.
Is there a trusted certificate installed on Exchange 2013 server?
If you run the test of RPC over HTTP in
https://www.testexchangeconnectivity.com/, is there any error returned?
For more information, please refer to :
http://technet.microsoft.com/en-us/library/bb123741(v=exchg.150).aspx
http://social.technet.microsoft.com/Forums/en-US/exchangesvrgeneral/thread/1b4dc21c-c745-4699-8eee-423105608dcd/
Thanks.
Fiona Liao
TechNet Community Support

Exchange 2013 - Outlook 2007 - Server name GUID

Hi Guys.
I am hoping someone can shine some light on something for me.
Right now I have the following with roles.
1 x Exchange 2010 - MBX & CAS
1x Exchange 2013 - MBX
1 x Exchange 2013 - CAS
Mix of Outlook 2007 & 2010
I migrated a user from Exchange 2010 over to Exchange 2013 and the process went fine. Email flow is working, OWA and Active Sync again working ok.
However when we opened Outlook 2007 it displayed a message to say an Administrator had made changes and we needed to restart Outlook. No issues there.
Outlook connected up fine and everything works. However when you look in the mail profile for the Exchange server name i see something like
[email protected]
Also Outlook Anywhere is ticked and when you untick it from the client and then open it again it comes back.
Are the above items of migration?

Hi,
RPC is no longer a supported direct access protocol. This means that all Outlook connectivity must take place using RPC over HTTP (also known as Outlook Anywhere).
Outlook clients no longer connect to a server FQDN as they have done in all previous versions of Exchange. Outlook uses Autodiscover to create a new connection point comprised of mailbox GUID, @ symbol, and the domain portion of the user’s primary SMTP
address.
To expand on this a little bit, I worked an issue with a new Exchange 2013 environment for 3 days before figuring out that you do NOT specify a server name where it asks for it in Outlook, you use the format mentioned above.
For reference, I received a very particular error from testconnectivity.microsoft.com that made no sense until I discovered the server name format. If a test fails with a 404 HTTP Not Found error and an X-CasErrorCode of MailboxGuidWithDomainNotFound,
this is most likely your problem. Its very frustrating that Microsoft does not have it documented anywhere exactly what this error means, would have saved me a lot of time and energy.

Exchange 2013 and 2010 co-existance

We will have 2013 and 2010 exist together for a while...we plan to move away from using Unified Access Gateway for HTTP redirection to our Exchange services and implement Kemp
load balancers...two at our HQ site and two at our DR stie...
We plan to have a one arm configuration...from what I gathered...each load balancer will have a network connection and only one network connection and be on the same network as
our new Exchange 2013 servers. Can someone take a look at my config and give some input whether or not this will work and some suggestion on Ex13 urls, cert SAN names, etc.
HQKemp 2400 A
HQKemp 2400 B
DCKemp 2400 A        DCKemp 2400 B
172.16.1.104
172.16.1.105
172.25.1.104
172.25.1.10
Virtual IP   172.16.1.106
                         Virtual IP
172.25.1.104
From the video I’ve watched for Kemp install…we’ll create the following internal DNS records for the Exchange services that will be configured on balancers.
OWA/ECP
    mail.corp.local.com
              172.16.1.107
EWS               ews.corp.local.com
172.16.1.108
OAB               oab.corp.local.com
172.16.1.109
ActiveSync      mobile.corp.local.co
172.16.1.110
OA                 oa.corp.local.com
172.16.1.111
Autodiscover   autodiscover.corp.local.com 172.16.1.112
Question:
We will configure the Exchange services with these ip addresses linked to each service on all four load balancers?
Or will DR site load balancers have different IPs configured for same Exchange services?
Exchange services are split between our two sites…meaning Outlook Anywhere is configured for our CAS servers at our DR site and ActiveSync comes to HQ CAS servers as an example…so
I want all Exchange services to come through the newly installed load balancers at HQ and if they don’t respond…the Exchange services get redirected to the load balancers at our DR site.
Can you give some insight on the config of load balancers as to how we can do that?
I have a question about the cert we will have.
Our Microsoft rep says we should get a new wildcard cert…currently we have a UCC cert with the following SANs attached.
Will this new cert have to be installed on load balancers?
If so…can you suggest some ideas as to what new SANs I need if any of the new cert with Exchange 2010 and 2013 co-existing for a while.
Below are the SANs on our current UCC cert.
Outside resolvable SANs
Webmail.corp.local.com
205.223.19.25           portal.corp.local.com     205.223.27.78
Portal2.corp.local.com
205.223.19.25
Autodiscover.corp.local.com
205.223.19.25
Internal SANs
Hqcas1.corp.local.com
Hqcas2.corp.local.com
Dccas1.corp.local.com
Dccas2.corp.local.com
Owamail.corp.local.com
(this CAS Array server name that HQ CAS servers create)
What do you suggest we use for the external urls on Exchange 2013 for these services?
Our firewall guy says we’ll use same names,
but I’m not sure if we try to use same name if we’ll get an error?
Active Directory may say name already in use?
We plan to have firewall to just redirect requests for external urls to load balancers…sound correct?
Meaning load balancer won’t have an external NIC defined…which makes it a one arm config…correct?

Hi Techy,
According to your description, I am still not quite sure about your environment. Could you please provide more information about it, such as:
1. How many Exchange servers in your coexistence environment? One Exchange 2010 with all roles and one Exchange 2013 with all roles? Or several Exchange 2010 and multiple Exchange 2013?
2. Are there two sites in your environment? What’s the Exchange deployment in different sites?
3. Please confirm if both Exchange 2010 and Exchange 2013 are Internet-facing.
Additionally, if you are using different namespaces for different services for internal access and external accessing, we need to include all service namespaces in your certificate with IIS service. Personal suggestion, we can follow ED Crowley’s suggestion
to use split-brain DNS in your environment and only use the same namespace for Exchange service URLs.
The following article described the details about how to configure different namespace for Exchange services by using Load Balance in Exchange 2013:
http://www.msexchange.org/articles-tutorials/exchange-server-2013/high-availability-recovery/introducing-load-balancing-exchange-server-2013-part2.html
Regards,
Winnie Liang
TechNet Community Support

Exchange 2013 + Outlook 2010, Security Alert

Similar Messages

Maybe you are looking for