NTLM Authentication in the Outlook Anywhere

Similar Messages

• Change Outlook Anywhere Authentication

  Hello experts,
  We have an Exchange 2010 environment and all clients are connecting using Outlook Anywhere. By All I mean all clients inside the network, outside the network, domain joined, so all.
  Following is the Authentication settings on Outlook Anywhere.
  ClientAuthenticationMethod      : Basic
  IISAuthenticationMethods        : {Basic}
  I want to change all users to use NTLM, so no more password prompts. I want to reduce the impact because we have more than 10k clients. Based on my understanding, I am planning below approach. Any suggestion will be appreciated.
  1. Change the IISAuthenticationMethods to have both Basic & NTLM using set-outlookanywhere command. This will allow clients to use both Basic & NTLM and we can do tests from all locations if its working without any issue.
  2. Chang the ClientAuthenticationMethod to NTLM, so Autodiscover will update all existing and new clients to use NTLM.
  3. Modify any GPO if in place to change the Outlook authentication to NTLM.
  Anything else which need to be taken care of. Many thanks for any suggestions in advance.
  -V
  -V

  Hi,
  To make Outlook client use NTLM authentication, I recommend you use the command set-outlookanywhere to change the authentication method. Because the Outlook Anywhere configuration in the Outlook client side will be updated by Autodiscover service every time
  we open Outlook.
  And we can run the following command: get-outlookanywhere | set-outlookanywhere -IISAuthenticationMethods  basic,Ntlm –
  ClientAuthenticationMethod NTLM
  Best regards,
  Angela Shi
  TechNet Community Support

• ISA 2006 publish Exchange 2010 Outlook Anywhere with KCD/NTLM and IPSEC - Problem

  Hi
  I have setup ISA 2006 to publish Exchange 2010 Outlook Anywhere with Kerberos Constrained Delegation and IPSEC.
  The clients have an IPSEC policy pushed to them via GPO.  The clients are windows 7 laptops and the ISA server is server 2003, so the IPSEC connection is IKE not AuthIP.
  However, it seems that the connection will work for a while, then all of a sudden stop working with zero trace of why.  I cant get the Oakley log to work and I cant see any traffic on the ISA.
  I am wondering if I need to publish the CRL's externally?  Currently we don't, and the Outlook Anywhere uses private certificates (as the whole point of IPSEC is to validate the internal certificate, there is no point in using
  public certificates).
  I have tried using the StrongCRLCheck=0 registry key in the IPsec Policy Agent on the windows 7 machine but it doesn't seem to make a difference.
  Any advice would be appreciated.
  Steven

  Hi,
  Firstly, have you received any related error messages in ISA server or on the clients' side? Besides, as you mentioned IPsec, did you have a VPN connection?
  In addition,
  While ISA 2006 only includes a Client Access Web Publishing Wizard for both Exchange 2003 and Exchange 2007. Which Exchange version you have chosen when publishing Exchange 2010?
  Please also make sure that you have selected the
  External interface for the web listener to listen on.
  Besides, the link below would be helpful to you:
  OWA publishing using Kerberos Constrained Delegation
  method for authentication delegation
  Best regards,
  Susie

• Outlook Anywhere proxy changed from Basic to NTLM for external users

  I have a Exchange 2013 environment that is also running Exchange 2010 coexistence (migrating). What is happening is autodiscover is handing out NTLM for the proxy settings and not basic. However when it is using NTLM we seem to get the password prompt over
  and over. If I manually changed it to Basic then it works fine, but when autodiscover goes again it changes back to NTLM and prompts that the Administrator made a change and you need to restart Outlook.
  I checked Outlook Anywhere and all my servers have Basic set for external users and NTLM set for internal.
  I only have a few mailboxes on 2013 and 2010 mailboxes seem not to have a problem.
  Here is an output for Outlook Anywhere on all six servers:
  Identity                           : CAS01\Rpc (Default Web Site)
  ExchangeVersion                    : 0.10 (14.0.100.0)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm}
  Identity                           : CAS02\Rpc (Default Web Site)
  ExchangeVersion                    : 0.10 (14.0.100.0)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm}
  Identity                           : CAS03\Rpc (Default Web Site)
  ExchangeVersion                    : 0.10 (14.0.100.0)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm}
  Identity                           : EXCH2K13-01\Rpc (Default Web Site)
  ExchangeVersion                    : 0.20 (15.0.0.0)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}
  Identity                           : EXCH2K13-02\Rpc (Default Web Site)
  ExchangeVersion                    : 0.20 (15.0.0.0)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}
  Identity                           : EXCH2K13-03\Rpc (Default Web Site)
  ExchangeVersion                    : 0.20 (15.0.0.0)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}

  Hi,
  Please refer to the following KB to set the Outlook Anywhere settings on Exchange Server 2013 Client Access servers:
  http://support.microsoft.com/en-us/kb/2834139
  If it doesn’t work with the resolution above, please do the following checking in ADSI Edit:
  1. In Adsiedit, expand Configuration-->CN=Services -> CN=Microsoft Exchange -> CN=domain -> CN=Administrative Groups -> CN=Exchange Administrative Group -> CN=Databases.
  2. Right-click the listed database > Properties.
  3. Check whether the msExchHomePublicMDB value is set to an available value. Please change the value to <not set>.
  4. Click OK.
  Then check whether the issue persists.
  Regards,
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Winnie Liang
  TechNet Community Support

• Server Name VS Outlook Anywhere Proxy Server and the behaviour I should expect when using SAN certificates...

  (I'll upload screen captures if needed once my account gets verified)
  I have a basic (as in freshly installed single exchange server 2010 SP3) Exchange Server installation. I've setup Outlook Anywhere. I've also setup a SAN (SubjectAltName) certificate.
  My setup:
  ex01.eci.XXXX.XX = is the server name and also the CN of my SAN certificate
  mail.eci.XXXX.XX = an A record I've setup to access my exchange server. It is also a subjectAltName in my SAN certificate
  When setting up Outlook, I enter the server name and specify the Outlook Anywhere proxy server in the Outlook Anywhere section. This works fine and I connect to my exchange server using RPC over HTTPS.
  Now, I was under the impression that specifying SANs in the certificate would allow me to enter the SAN alt name (mail.eci.XXXX.XX) in the field reserved for the Server Name, in Outlook..
  But it does not work. The proxy will give me an error each time, like that:
  HTTP    544    RPC_IN_DATA /rpc/rpcproxy.dll?mail.eci.XXXX.XX:6002 HTTP/1.1 , NTLMSSP_NEGOTIATE
  HTTP    635    HTTP/1.1 401 Unauthorized , NTLMSSP_CHALLENGE (text/html)
  HTTP    123    HTTP/1.0 503 RPC Error: 6ba
  My question is: is this the behaviour I should expect? Or should I be able to specify the SAN alt name in the Server Name in Outlook?
  Thanks!

  Hi,
  Firstly, I’d like to explain, the server name tab should be filled with your mailbox server name in the process of configuring Exchange 2010 account.
  And the Outlook Anywhere proxy server is configured at the server side and cannot be randomly defined at the client side. To check it, we can run: get-outlookanywhere |fl externalhostname
  Thus, it’s an expected behavior that we would get error if we randomly enter name in the server name tab when we configure an account. If I misunderstand your meaning, please feel free to let me know.
  Additionally, Autodiscover service can help us automatically complete the configuration of the Outlook account. And how about the result if you use the Autodiscover to automatically configure the account?
  If you have any question, please feel free to let me know.
  Thanks,
  Angela Shi
  TechNet Community Support

• Exchange 2007 to 2013 Migration Outlook Anywhere keeps asking password

  Hi all, 
  i'm migrating an Exchange 2007 Server with all roles installed on a Windows Server 2008 R2 to 2 Exchange 2013 SP1 Servers (1 Cas and 1 Mailbox) installed on Windows Server 2012 R2.
  I installed Exchange 2007 SP3 RU13 for coexistance and everything was ok until i switched to the new 2013 CAS. 
  After that the client using Outlook Anywhere started asking for password. 
  I configured the Outlook Anywhere with these settings:
  Exchange 2007:
  OA Hostname mail.domain.com
  Client Authentication NTLM
  IISAuthenticathion Basic, NTLM
  SSL Required True
  Exchange 2013
  OA Hostname mail.domain.com
  Client Authentication NTLM (Both internal and external)
  IISAuthentication Basic, NTLM
  SSL Required True (both internal and external)
  Before switching to 2013 Cas everything works smoothly and the Outlook clients receive NTLM as HTTP Proxy authentication.
  After switching to 2013 Cas, test users migrated on 2013 Mailbox Server are ok, but Outlook users on Exchange 2007 Server get Basic as HTTP Proxy authentication and continue asking for credentials. 
  In the Exchange 2007 server i configured the host file to resolve servername and servername.domain.local with the ipv4 address to avoid issues regarding IPv6 with OA in Exchange 2007. 
  Using Microsoft Connectivity Test i receive the error "RPC Proxy can't be pinged - The remote server returned an error:
  (500) Internal Server Error"
  Any Ideas?
  Thanks for your Help

  Run this and post the result
  https://testconnectivity.microsoft.com/
  Cheers,
  Gulab Prasad
  Technology Consultant
  Blog:
  http://www.exchangeranger.com    Twitter:
    LinkedIn:
     Check out CodeTwo’s tools for Exchange admins
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

• Access to Outlook Anywhere does not work

  Good evening,
  I recently installed an Exchange Server 2013 CAS / MB.
  Until now, the server presented a few errors (mainly in the
  event log) that does not seem to significantly influence functionality.
  This week I published the server on the Internet and verified various malfunctions
  related to the access from outside.
  In particular from outside:
  1 - OWA does not work with Windows integrated authentication, it works with the Forms based authentication;
  2 - Outlook Anywhere does not work from internet.
  I've done a lot of research and testing without success.
  With regard to the first issue (which is not a priority but can relate to second one)
  add that in Firefox I get a first authentication request. If
  I enter credentials it ask again for identical authentication (repeatly), if I cancel it shows a second one that instead allows me access (are slightly different).
  I assume that the first is the integrated Windows application and the second is basic authentication.
  Internet Explorer shows me only the first authentication request and if I cancel shows blank page.
  The problem is
  priority 2:
  Outlook connects without problems on LAN network, the Internet
  seems to download the correct information
  (autodiscover), but then does not connect
  to the server (connection to Microsoft Exchange is unavailable).
  If you manually edit the settings,
  auto-configuration server returns as
  a [email protected]. If I change
  manually the server (and proxy settings
  http), the result does not change.
  - Setting information -
  The server is installed
  in the LAN network and is exposed on the Internet through
  a firewall (Pat on port 443, et al. not 80)
  on a public address.
  The public and private DNS have been configured with a
  host record (A) and two
  CNAME (webmail and autodiscover).
  The internal Outlook clients connect
  with autodiscover and HTTPS /
  NTLM / SSL (Outlook connectivity
  status).
  IMAP, SMTP, POP, ActiveSync function.
  Exchange remote connectivity analizer retrieves Autodiscover information but doesn't pass test for RPC/HTTP access (it discard accesson
  port 443 and try port 80, SPF isn't configured).
  The navigation to the url
  https://proxyexternalURL/rpc/rpcproxy.dll  has the same behaviour like problem 1.
  Test-OutlookConnectivity returns unmanaged error ('WARNING: An unexpected error has occurred and a Watson dump is being generated: Failed to find the probe result for invoke now request id -- and probe workdefinition id --').
  Errors in eventviewer: 5011 - WAS (one time), 139 - MSExchange OWA (some not ripetitive), 3028 - MSExchangeApplicationLogic (every 6 hours), 106 - MSExchange common (many during working hour), 65535 - application (some at nighttime 00.00 - 03.00 a.m.), 1006
  - MSExchangeDiagnostic (every 30 min), 6002 - MSExchange Mid-Tier Storage (about every 5 minutes), 5 - MSExcahnge Workload Management (one time).
  Ask for further information.
  - Cmdlet and Autodiscover output -
  Get-OutlookAnywhere | fl name,*auth*,*ssl*,*host*
  Name                               : Rpc (Default Web site)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}
  SSLOffloading                      : True
  ExternalClientsRequireSsl          : True
  InternalClientsRequireSsl          : True
  ExternalHostname                   : webmail.name_domain.test
  InternalHostname                   : webmail.name_domain.test
  Get-OutlookProvider | ft -autosize
  Name     Server CertPrincipalName                      TTL
  EXCH            msstd:webmail.name_domain.test         1  
  EXPR             msstd:webmail.name_domain.test         1  
  WEB                                              
       1  
  Get-AutodiscoverVirtualDirectory | fl name,*auth*,*url*
  Name                          : Autodiscover (Default Web site)
  InternalAuthenticationMethods : {Basic, WSSecu.testy, OAuth}
  ExternalAuthenticationMethods : {Basic, WSSecu.testy, OAuth}
  LiveIdNegotiateAuthentication : False
  WSSecu.testyAuthentication      : True
  LiveIdBasicAuthentication     : False
  BasicAuthentication           : True
  DigestAuthentication          : False
  WindowsAuthentication         : False
  OAuthAuthentication           : True
  AdfsAuthentication            : False
  InternalUrl                   :
  ExternalUrl                   :
  Get-MapiVirtualDirectory | fl name,*auth*,*url*
  Name                          : mapi (Default Web site)
  IISAuthenticationMethods      : {Basic, Ntlm, Negotiate}
  InternalAuthenticationMethods : {Basic, Ntlm, Negotiate}
  ExternalAuthenticationMethods : {Basic, Ntlm, Negotiate}
  InternalUrl                   : https://webmail.name_domain.test/mapi
  ExternalUrl                   : https://webmail.name_domain.test/mapi
  Autodiscover.xml
  <?xml version="1.0" encoding="utf-8"?>
  <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
    <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
      <User>
        <DisplayName>user</DisplayName>
        <LegacyDN>/o=organization_name/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=e4c0c18c8f214afbb5152bb08823179d-user</LegacyDN>
        <AutoDiscoverSMTPAddress>user@name_domain.test</AutoDiscoverSMTPAddress>
        <DeploymentId>d60c71c9-3740-404c-a38c-aa24e6105432</DeploymentId>
      </User>
      <Account>
        <AccountType>email</AccountType>
        <Action>settings</Action>
        <MicrosoftOnline>False</MicrosoftOnline>
        <Protocol>
          <Type>EXCH</Type>
          <Server>72036b30-a4d4-4b42-9c39-445bd04c23a6@name_domain.test</Server>
          <ServerDN>/o=organization_name/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=72036b30-a4d4-4b42-9c39-445bd04c23a6@name_domain.test</ServerDN>
          <ServerVersion>73C082C8</ServerVersion>
          <MdbDN>/o=organization_name/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=72036b30-a4d4-4b42-9c39-445bd04c23a6@name_domain.test/cn=Microsoft Private MDB</MdbDN>
          <PublicFolderServer>webmail.name_domain.test</PublicFolderServer>
          <AD>DC2.name_domain.test</AD>
          <ASUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</ASUrl>
          <EwsUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</EwsUrl>
          <EmwsUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</EmwsUrl>
          <EcpUrl>https://webmail.name_domain.test/ecp/</EcpUrl>
          <EcpUrl-um>?rfr=olk&amp;p=customize/voicemail.aspx&amp;exsvurl=1&amp;realm=name_domain.test</EcpUrl-um>
          <EcpUrl-aggr>?rfr=olk&amp;p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1&amp;realm=name_domain.test</EcpUrl-aggr>
          <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&amp;exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;&amp;realm=name_domain.test</EcpUrl-mt>
          <EcpUrl-ret>?rfr=olk&amp;p=organize/retentionpolicytags.slab&amp;exsvurl=1&amp;realm=name_domain.test</EcpUrl-ret>
          <EcpUrl-sms>?rfr=olk&amp;p=sms/textmessaging.slab&amp;exsvurl=1&amp;realm=name_domain.test</EcpUrl-sms>
          <EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&amp;exsvurl=1&amp;FldID=&lt;FldID&gt;&amp;realm=name_domain.test</EcpUrl-publish>
          <EcpUrl-photo>PersonalSettings/E.testAccount.aspx?rfr=olk&amp;chgPhoto=1&amp;exsvurl=1&amp;realm=name_domain.test</EcpUrl-photo>
          <EcpUrl-tm>?rfr=olk&amp;ftr=TeamMailbox&amp;exsvurl=1&amp;realm=name_domain.test</EcpUrl-tm>
          <EcpUrl-tmCreating>?rfr=olk&amp;ftr=TeamMailboxCreating&amp;SPUrl=&lt;SPUrl&gt;&amp;.testle=&lt;.testle&gt;&amp;SPTMAppUrl=&lt;SPTMAppUrl&gt;&amp;exsvurl=1&amp;realm=name_domain.test</EcpUrl-tmCreating>
          <EcpUrl-tmE.testing>?rfr=olk&amp;ftr=TeamMailboxE.testing&amp;Id=&lt;Id&gt;&amp;exsvurl=1&amp;realm=name_domain.test</EcpUrl-tmE.testing>
          <EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&amp;exsvurl=1&amp;realm=name_domain.test</EcpUrl-extinstall>
          <OOFUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</OOFUrl>
          <UMUrl>https://webmail.name_domain.test/EWS/UM2007Legacy.asmx</UMUrl>
          <OABUrl>https://webmail.name_domain.test/OAB/e66d9a4a-6ed2-4512-b72f-522381524dd9/</OABUrl>
          <ServerExclusiveConnect>off</ServerExclusiveConnect>
          <CertPrincipalName>msstd:webmail.name_domain.test</CertPrincipalName>
        </Protocol>
        <Protocol>
          <Type>EXPR</Type>
          <Server>webmail.name_domain.test</Server>
          <SSL>On</SSL>
          <AuthPackage>Basic</AuthPackage>
          <ASUrl>https://webmail.name_domain.test/ews/exchange.asmx</ASUrl>
          <EwsUrl>https://webmail.name_domain.test/ews/exchange.asmx</EwsUrl>
          <EmwsUrl>https://webmail.name_domain.test/ews/exchange.asmx</EmwsUrl>
          <EcpUrl>https://webmail.name_domain.test/ecp/</EcpUrl>
          <EcpUrl-um>?rfr=olk&amp;p=customize/voicemail.aspx&amp;exsvurl=1&amp;realm=name_domain.test</EcpUrl-um>
          <EcpUrl-aggr>?rfr=olk&amp;p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1&amp;realm=name_domain.test</EcpUrl-aggr>
          <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&amp;exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;&amp;realm=name_domain.test</EcpUrl-mt>
          <EcpUrl-ret>?rfr=olk&amp;p=organize/retentionpolicytags.slab&amp;exsvurl=1&amp;realm=name_domain.test</EcpUrl-ret>
          <EcpUrl-sms>?rfr=olk&amp;p=sms/textmessaging.slab&amp;exsvurl=1&amp;realm=name_domain.test</EcpUrl-sms>
          <EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&amp;exsvurl=1&amp;FldID=&lt;FldID&gt;&amp;realm=name_domain.test</EcpUrl-publish>
          <EcpUrl-photo>PersonalSettings/E.testAccount.aspx?rfr=olk&amp;chgPhoto=1&amp;exsvurl=1&amp;realm=name_domain.test</EcpUrl-photo>
          <EcpUrl-tm>?rfr=olk&amp;ftr=TeamMailbox&amp;exsvurl=1&amp;realm=name_domain.test</EcpUrl-tm>
          <EcpUrl-tmCreating>?rfr=olk&amp;ftr=TeamMailboxCreating&amp;SPUrl=&lt;SPUrl&gt;&amp;.testle=&lt;.testle&gt;&amp;SPTMAppUrl=&lt;SPTMAppUrl&gt;&amp;exsvurl=1&amp;realm=name_domain.test</EcpUrl-tmCreating>
          <EcpUrl-tmE.testing>?rfr=olk&amp;ftr=TeamMailboxE.testing&amp;Id=&lt;Id&gt;&amp;exsvurl=1&amp;realm=name_domain.test</EcpUrl-tmE.testing>
          <EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&amp;exsvurl=1&amp;realm=name_domain.test</EcpUrl-extinstall>
          <OOFUrl>https://webmail.name_domain.test/ews/exchange.asmx</OOFUrl>
          <UMUrl>https://webmail.name_domain.test/ews/UM2007Legacy.asmx</UMUrl>
          <OABUrl>https://webmail.name_domain.test/OAB/e66d9a4a-6ed2-4512-b72f-522381524dd9/</OABUrl>
          <ServerExclusiveConnect>on</ServerExclusiveConnect>
          <CertPrincipalName>msstd:webmail.name_domain.test</CertPrincipalName>
          <EwsPartnerUrl>https://webmail.name_domain.test/ews/exchange.asmx</EwsPartnerUrl>
          <GroupingInformation>LAN</GroupingInformation>
        </Protocol>
        <Protocol>
          <Type>WEB</Type>
          <Internal>
            <OWAUrl AuthenticationMethod="Basic, Fba">https://webmail.name_domain.test/</OWAUrl>
            <Protocol>
              <Type>EXCH</Type>
              <ASUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</ASUrl>
            </Protocol>
          </Internal>
          <External>
            <OWAUrl AuthenticationMethod="Basic">https://webmail.name_domain.test/</OWAUrl>
            <Protocol>
              <Type>EXPR</Type>
              <ASUrl>https://webmail.name_domain.test/ews/exchange.asmx</ASUrl>
            </Protocol>
          </External>
        </Protocol>
        <Protocol>
          <Type>EXHTTP</Type>
          <Server>webmail.name_domain.test</Server>
          <SSL>On</SSL>
          <AuthPackage>Ntlm</AuthPackage>
          <ASUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</ASUrl>
          <EwsUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</EwsUrl>
          <EmwsUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</EmwsUrl>
          <EcpUrl>https://webmail.name_domain.test/ecp/</EcpUrl>
          <EcpUrl-um>?rfr=olk&amp;p=customize/voicemail.aspx&amp;exsvurl=1&amp;realm=name_domain.test</EcpUrl-um>
          <EcpUrl-aggr>?rfr=olk&amp;p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1&amp;realm=name_domain.test</EcpUrl-aggr>
          <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&amp;exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;&amp;realm=name_domain.test</EcpUrl-mt>
          <EcpUrl-ret>?rfr=olk&amp;p=organize/retentionpolicytags.slab&amp;exsvurl=1&amp;realm=name_domain.test</EcpUrl-ret>
          <EcpUrl-sms>?rfr=olk&amp;p=sms/textmessaging.slab&amp;exsvurl=1&amp;realm=name_domain.test</EcpUrl-sms>
          <EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&amp;exsvurl=1&amp;FldID=&lt;FldID&gt;&amp;realm=name_domain.test</EcpUrl-publish>
          <EcpUrl-photo>PersonalSettings/E.testAccount.aspx?rfr=olk&amp;chgPhoto=1&amp;exsvurl=1&amp;realm=name_domain.test</EcpUrl-photo>
          <EcpUrl-tm>?rfr=olk&amp;ftr=TeamMailbox&amp;exsvurl=1&amp;realm=name_domain.test</EcpUrl-tm>
          <EcpUrl-tmCreating>?rfr=olk&amp;ftr=TeamMailboxCreating&amp;SPUrl=&lt;SPUrl&gt;&amp;.testle=&lt;.testle&gt;&amp;SPTMAppUrl=&lt;SPTMAppUrl&gt;&amp;exsvurl=1&amp;realm=name_domain.test</EcpUrl-tmCreating>
          <EcpUrl-tmE.testing>?rfr=olk&amp;ftr=TeamMailboxE.testing&amp;Id=&lt;Id&gt;&amp;exsvurl=1&amp;realm=name_domain.test</EcpUrl-tmE.testing>
          <EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&amp;exsvurl=1&amp;realm=name_domain.test</EcpUrl-extinstall>
          <OOFUrl>https://webmail.name_domain.test/EWS/Exchange.asmx</OOFUrl>
          <UMUrl>https://webmail.name_domain.test/EWS/UM2007Legacy.asmx</UMUrl>
          <OABUrl>https://webmail.name_domain.test/OAB/e66d9a4a-6ed2-4512-b72f-522381524dd9/</OABUrl>
          <ServerExclusiveConnect>On</ServerExclusiveConnect>
          <CertPrincipalName>msstd:webmail.name_domain.test</CertPrincipalName>
        </Protocol>
        <Protocol>
          <Type>EXHTTP</Type>
          <Server>webmail.name_domain.test</Server>
          <SSL>On</SSL>
          <AuthPackage>Basic</AuthPackage>
          <ASUrl>https://webmail.name_domain.test/ews/exchange.asmx</ASUrl>
          <EwsUrl>https://webmail.name_domain.test/ews/exchange.asmx</EwsUrl>
          <EmwsUrl>https://webmail.name_domain.test/ews/exchange.asmx</EmwsUrl>
          <EcpUrl>https://webmail.name_domain.test/ecp/</EcpUrl>
          <EcpUrl-um>?rfr=olk&amp;p=customize/voicemail.aspx&amp;exsvurl=1&amp;realm=name_domain.test</EcpUrl-um>
          <EcpUrl-aggr>?rfr=olk&amp;p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1&amp;realm=name_domain.test</EcpUrl-aggr>
          <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&amp;exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;&amp;realm=name_domain.test</EcpUrl-mt>
          <EcpUrl-ret>?rfr=olk&amp;p=organize/retentionpolicytags.slab&amp;exsvurl=1&amp;realm=name_domain.test</EcpUrl-ret>
          <EcpUrl-sms>?rfr=olk&amp;p=sms/textmessaging.slab&amp;exsvurl=1&amp;realm=name_domain.test</EcpUrl-sms>
          <EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&amp;exsvurl=1&amp;FldID=&lt;FldID&gt;&amp;realm=name_domain.test</EcpUrl-publish>
          <EcpUrl-photo>PersonalSettings/E.testAccount.aspx?rfr=olk&amp;chgPhoto=1&amp;exsvurl=1&amp;realm=name_domain.test</EcpUrl-photo>
          <EcpUrl-tm>?rfr=olk&amp;ftr=TeamMailbox&amp;exsvurl=1&amp;realm=name_domain.test</EcpUrl-tm>
          <EcpUrl-tmCreating>?rfr=olk&amp;ftr=TeamMailboxCreating&amp;SPUrl=&lt;SPUrl&gt;&amp;.testle=&lt;.testle&gt;&amp;SPTMAppUrl=&lt;SPTMAppUrl&gt;&amp;exsvurl=1&amp;realm=name_domain.test</EcpUrl-tmCreating>
          <EcpUrl-tmE.testing>?rfr=olk&amp;ftr=TeamMailboxE.testing&amp;Id=&lt;Id&gt;&amp;exsvurl=1&amp;realm=name_domain.test</EcpUrl-tmE.testing>
          <EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&amp;exsvurl=1&amp;realm=name_domain.test</EcpUrl-extinstall>
          <OOFUrl>https://webmail.name_domain.test/ews/exchange.asmx</OOFUrl>
          <UMUrl>https://webmail.name_domain.test/ews/UM2007Legacy.asmx</UMUrl>
          <OABUrl>https://webmail.name_domain.test/OAB/e66d9a4a-6ed2-4512-b72f-522381524dd9/</OABUrl>
          <ServerExclusiveConnect>On</ServerExclusiveConnect>
          <CertPrincipalName>msstd:webmail.name_domain.test</CertPrincipalName>
        </Protocol>
      </Account>
    </Response>
  </Autodiscover>
  Get-OwaVirtualDirectory | fl name,*auth*,*url*
  Name                          : owa (Default Web Site)
  ClientAuthCleanupLevel        : High
  InternalAuthenticationMethods : {Basic, Fba}
  BasicAuthentication           : True
  WindowsAuthentication         : False
  DigestAuthentication          : False
  FormsAuthentication           : True
  LiveIdAuthentication          : False
  AdfsAuthentication            : False
  OAuthAuthentication           : False
  ExternalAuthenticationMethods : {Basic}
  Url                           : {}
  SetPhotoURL                   :
  Exchange2003Url               :
  FailbackUrl                   :
  InternalUrl                   : https://webmail.name_domain.test/
  ExternalUrl                   : https://webmail.name_domain.test/

  Follow the results of the test
  Outlook Anywhere (RPC over HTTP).
  Has been used an account for which
  outlook anywhere works. The account
  for which the outlook anywhere does not work is
  an administrative account and therefore
  can not be used in the test.
  Autodiscovery returns the
  same result for both mailbox.
  I'm testing RPC/HTTP connectivity.
  Testing RPC over HTTP has not been exceeded.
  Test steps
  Microsoft connectivity Analyzer is attempting to test the Autodiscover service for user_test@domain_name.test.
  Test the Autodiscover service has not been exceeded.
  Test steps
  I'm trying to contact the Autodiscover service with each method available.
  I was not able to contact the Autodiscover service with no method.
  Test steps
  I'm trying to test the possible URL for the Autodiscover service https://domain_name.test/AutoDiscover/AutoDiscover.xml
  The test of this potential URL for the Autodiscover service has not been exceeded.
  Test steps
  I'm trying to resolve the host name domain_name. DNS test.
  I was able to resolve the host name.
  IP addresses are returned: xxx.yyy.zzz.www
  I'm testing the TCP port 443 on the host domain_name. tests to check that is open and listening.
  The door has been opened properly.
  I'm testing the validity of your SSL certificate.
  The SSL certificate has not exceeded one or more validation controls.
  Test steps
  Microsoft connectivity Analyzer is attempting to obtain the SSL certificate from the remote server domain_name. test on port 443.
  Microsoft connectivity Analyzer got the remote SSL certificate.
  Remote certificate subject: E = it_staff@domain_name.test, CN = * domain_name. test, OU = it staff, O = domain_name, L = city, S = state, C = test issuer: E = it_staff@domain_name.test, CN = * domain_name. test, OU = it staff, O = domain_name,
  L = city, S = state, C = test.
  I am validating the certificate name.
  I could not validate the certificate name.
  More info about this issue and how to resove it
  The host name domain_name. testing does not match any name found on the certificate and server = it_staff@domain_name.test, CN = * domain_name. test, OU = it staff, O = domain_name, L = city, S = state, C = test.
  I'm trying to test the possible URL for the Autodiscover service https://autodiscover.domain_name.test/AutoDiscover/AutoDiscover.xml
  The test of this potential URL for the Autodiscover service has not been exceeded.
  Test steps
  I'm trying to resolve the host name autodiscover. domain_name. DNS test.
  I was able to resolve the host name.
  IP addresses are returned: xxx.yyy.zzz.kkk
  I'm testing the TCP port 443 on the host autodiscover. domain_name. tests to check that is open and listening.
  The door has been opened properly.
  I'm testing the validity of your SSL certificate.
  The SSL certificate has not exceeded one or more validation controls.
  Test steps
  Microsoft connectivity Analyzer is attempting to obtain the SSL certificate from the remote server autodiscover. domain_name. test on port 443.
  Microsoft connectivity Analyzer got the remote SSL certificate.
  Other details
  Remote certificate subject: CN = webmail. domain_name. test, OU = it staff, O = domain_name, L = city, S = city, C = test issuer: CN = domain_name-DC1-CA, DC = domain_name, DC = test.
  I am validating the certificate name.
  I validated the certificate name.
  Other details
  I found the host name autodiscover. domain_name. test in the voice of the alternative name of the certificate object.
  Elapsed time: 1 ms.
  I am validating the reliability of certificates.
  I was not able to validate the reliability of the certificate.
  Test steps
  Microsoft connectivity Analyzer is attempting to generate certificate chains to a certificate CN = webmail. domain_name. test, OU = it staff, O = domain_name, L = city, S = city, C = test.
  I failed to build a certificate chain for the certificate.
  Other details
  Failed to generate the certificate chain.
  May be missing the required intermediate certificates.
  I'm trying to contact the Autodiscover service using the HTTP redirect method.
  I was not able to contact the Autodiscover service using the HTTP redirect method.
  Test steps
  I'm trying to resolve the host name autodiscover. domain_name. DNS test.
  I was able to resolve the host name.
  IP addresses are returned: xxx.yyy.zzz.kkk
  I'm testing the TCP port 80 on the host autodiscover. domain_name. tests to check that is open and listening.
  The specified port is blocked, is not listening or doesn't produce the expected response.
  More info about this issue and how to resove it
  I encountered a network error while communicating with the remote host.
  I'm trying to
  find the
  SRV DNS record _audiscover._tcp.domain_name.test.
  I failed to find
  the SRV record of the
  Autodiscover service
  in DNS.
  Some clarifications:
  1 - xxx.yyy.zzz.www and xxx.yyy.zzz.kkk
  are two static public addresses
  of which only the latter exposes Exchange services;
  2 - The certificate
  *. Domain_name.test is not related
  to Exchange services;
  3 -I imported the certificate
  of the issuing CA on the standalone test PC to validate the certificate.
  3- The port 80 is not open and are not published SRV records.
  Best regards.

• Outlook Anywhere Continues to Prompt for User Credentials

  Hi,
  Our Outlook AnyWhere clients continually get prompted to enter their user credentials while in Outlook.  We've tested connecting to  Outlook AnyWhere from the Internet and from our internal network.  We're using Exchange 2007 SP3. 

  Hi,
  Please run the following command to check the Authentication configuration for your Outlook Anywhere in Exchange 2007:
  Get-OutlookAnywhere | FL
  If the configuration is not correct, please run:
  Set-OutlookAnywhere -Identity "E12-01\Rpc (Default WebSite)" -IISAuthenticationMethods Basic,Ntlm
  In Outlook client, please configure to use Ntlm Authentication in the Connetions tab of Account Settings.
  Regards,
  Winnie Liang
  TechNet Community Support

• Outlook anywhere in 2007/2013 coexistence

  Hi!
  I have a multitenant exchange 2007 at a single server setup and I’m trying to do migration to exchange 2013. I’m testing this in my lab environment before I go the production. I’m quite far and for example the owa redirection to exchange
  2007 works. Also I can connect with outlook anywhere the exchange 2013 server when the mailbox is transferred.
  Problem is that the exchange 2013 proxy redirection to 2007 server isn’t working. My Outlook 2010 just keeps asking username and password. Outlooks are configured to connect with basic authentication.
  I have done a lot of googling about the issue and there is a lot of discussion about it. I have tried a lot of things and I’m quite lost now.
  I have tried to configure the externalclientauthenticationmethod, internalauthenticationmethod and IISauthenticationmethods with different kind of setups but can’t get it to work. Also tried to change the internal and external hostnames.
  My outlook anywhere setup at 2007 server is:
  RunspaceId                        
  : 714f0d1a-c0f0-4694-aefe-8cf6218521ea
  ServerName                        
  : EXCHANGE07
  SSLOffloading                     
  : False
  ExternalHostname                  
  : exchange07.xxx.fi
  InternalHostname                  
  : legacy.xxx.fi
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods          
  : {Basic, Ntlm}
  XropUrl                           
  ExternalClientsRequireSsl      
     : True
  InternalClientsRequireSsl         
  : True
  MetabasePath                      
  : IIS://wcn-exchange07.welcomnet.fi/W3SVC/1/ROOT/Rpc
  Path                              
  : C:\WINDOWS\System32\RpcProxy
  ExtendedProtectionTokenChecking   
  : None
  ExtendedProtectionFlags           
  ExtendedProtectionSPNList         
  AdminDisplayVersion               
  : Version 8.3 (Build 83.6)
  Server                            
  : WCN-EXCHANGE07
  AdminDisplayName                  
  ExchangeVersion                 
    : 0.1 (8.0.535.0)
  Name                              
  : Rpc (Default Web Site)
  ObjectClass                       
  : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
  WhenChanged                       
  : 14.5.2014 20:56:18
  WhenCreated          
               : 14.10.2008 12:33:07
  WhenChangedUTC                    
  : 14.5.2014 17:56:18
  WhenCreatedUTC                    
  : 14.10.2008 9:33:07
  Exchange 2013 outook anywhere setup:
  RunspaceId                        
  : 714f0d1a-c0f0-4694-aefe-8cf6218521ea
  ServerName                        
  : EXCHANGE13
  SSLOffloading                     
  : False
  ExternalHostname                  
  : exchange07.xxx.fi
  InternalHostname                  
  : exchange07.xxx.fi
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods          
  : {Basic, Ntlm}
  XropUrl                           
  ExternalClientsRequireSsl         
  : True
  InternalClientsRequireSsl         
  : True
  MetabasePath                      
  : IIS://exchange13.xxx.fi/W3SVC/1/ROOT/Rpc
  Path 
                               : C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\rpc
  ExtendedProtectionTokenChecking   
  : None
  ExtendedProtectionFlags           
  ExtendedProtectionSPNList         
  AdminDisplayVersion             
    : Version 15.0 (Build 847.32)
  Server                            
  : WCN-EXCHANGE13
  AdminDisplayName                  
  ExchangeVersion                   
  : 0.20 (15.0.0.0)
  Name                       
         : Rpc (Default Web Site)
  ObjectClass         
                : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
  WhenChanged                       
  : 14.5.2014 20:55:56
  WhenCreated                       
  : 2.4.2014 0:57:19
  WhenChangedUTC                    
  : 14.5.2014 17:55:56
  WhenCreatedUTC                    
  : 1.4.2014 21:57:19
  Any help would be appreciated.

  Hi,
  Firstly, I'd like to explain, only in Exchange 2013, internal and external Outlook clients use Outlook Anywhere. Thus,in Exchange 2007, Outlook Anywhere settings can only include the external host name.
  And based on my experience, the credential issue is related to connectivity issue, authentication issue or public folder access.
  So I'd like to confirm the following information to understand more about the issue:
  1.  Does the issue happens on all users? users on Exhcange 2007 or 2013? internal users or external users?
  As far as I know, redirection and proxy don't happen on Outlook clients:
  http://technet.microsoft.com/en-us/library/bb310763(v=exchg.141).aspx
  2. Which IP address do your host name points to? legacy.xxx.fi, exchange07.xxx.fi?
  3. Check the Outlook Anywhere connectivity of the problematic users by ExRCA:
  https://testconnectivity.microsoft.com/
  If you have any question, please feel free to let me know.
  Thanks,
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Angela Shi
  TechNet Community Support

• Outlook Anywhere Trouble for new users

  Hello,
  My client had Exchange 2010 SP3, lastest rollup. He has Outlook Anywhere enabled and all of his users, except a new one he created a few days ago, have no problem accessing their mailboxes.
  This new user experiences a problem, once she goes home and tries to open her Outlook 2010, a User\Password prompt appears which does not go away even when you get it right. Eventually after 3 attempts usually, it goes away but outlook opens up disconnected.
  There is this Error event - MSExchangeAL id 8364, on the exchange server, and it does correspond to our problem. although, no valid solution is given for it, wherever i've searched.
  We've tried Changing authentication methods from Basic to NTLM to Negotiate and to Basic back again, tried disabling the "Encrypt data between Outlook and Exchange", We've tries online mode, it does not even open outlook. it gives us an error regarding
  a bad ost file. If outlook does allow the user in, it's only in cached mode and it immeditaly changes status from "Trying to connect..." to "Disconnected". We've checked the checkbox of "On slow connections use....". OWA Works.
  Any insight would be greatly appreciated. Thank you.

  Hi,
  According to your description, only one your user cannot use Outlook Anywhere to connect to the server. If I misunderstand your meaning, please feel free to let me know.
  If yes, I recommend you firstly troubleshoot if the issue is related to the certain Outlook client:
  Recreate a new profile for the problematic users or change another computer to reconfigure the account.
  Additionally, you can also use ExRCA to check the Outlook Anywhere connectivity:
  https://testconnectivity.microsoft.com/
  If you have any question, please feel free to let me know.
  Thanks,
  Angela Shi
  TechNet Community Support

• Client side disabling of Outlook anywhere in Outlook 2013

  Hi
  Our admins recently had to disable external access for Outlook while keeping ActiveSync for Mobile Clients working. This was done by placing the autodiscover service (autodiscover.ourexternaldomain.com) behind a TMG with two factor authentication, and also
  putting our mail.ourexternaldomain.com behind the same TMG. So, Outlook from outside the network can't connect anymore (it will show you the login/pass prompt but what it wants is the two factor credentials, not your domain credentials.. so essentially you
  can't connect anymore), and mobile client still work.
  In addition, they've disabled the "Outlook anywhere" options (specifically, "Connect to Microsoft Exchange using HTTP" is not only grayed out, it is forced disabled) by GPO.
  Unfortunately, that doesn't work for the handful that's already using Outlook 2013. There, even when the "Connect to Microsoft Exchange using HTTP" option is unchecked, the client will query autodiscover.ourexternaldomain.com, and eventually gets
  the response containing not only the EXCH protocol (which contains the internal urls), but also the EXPR protocol containing the public urls. That in turn re-enables "Connect to Microsoft Exchange using HTTP", so now clients, even when inside the
  organization will try to access the mail.ourexternaldomain.com which is behind the TMG, resulting in perpetual login prompts being displayed (the login actually comes from the TMG, not Exchange). 
  So, is there a way to force disable "Connect to Microsoft Exchange using HTTP" for Outlook 2013, preferably without changing anything on Exchange and the GPO. I guess I'm looking for the registry key that is set for outlook 2010. I checked up on
  the GPO for Outlook 2010 and it seems it sets HKCU/Software/Policies/Microsoft/Office/14.0/Outlook/RPC/ProxyServerFlags = 0. Doing the same for Outlook 2013 (so using the Office/15.0/Outlook/RPC key) results in outlook no longer being able to connect altogether. 
  When I manually remove the checkbox and restart Outlook, it first connects using the internal url, then after getting autodiscover it sets the checkbox "Connect to Microsoft Exchange using HTTP" again, and since the external url can be resolved
  from inside the network, I get the password prompts again even from inside the corporate network.
  Is there a registry key combination that keeps outlook connecting but never using the http proxy?

  Hi Stephan,
  How about the suggestion from Ed.
  Feel free to contact me if there is any update.
  Thanks
  Mavis
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Mavis Huang
  TechNet Community Support

• Exchange Server 2013 Outlook Anywhere issue

  I am working on an issue with Outlook Anywhere in Exchange 2013 where external users cannot connect. This is a new server co-existing with an Exchange
  2010 server that will soon be decommissioned.
  When I run an Outlook Connectivity test on testexchangeconnectivity.com I get the following error. I am not seeing anything in the application or system logs.
  I already applied CU 6 (which was released today) and am seeing the same results. Port 443 is exposed directly to the web (no TMG, load balancer, proxy server, or SSL accelerator). Any help would be greatly appreciated! 
  Attempting to ping RPC proxy <external Exchange URL>.
  RPC Proxy can't be pinged.
  Additional Details
  An unexpected network-level exception was encountered. Exception details:
  Message: The remote server returned an error: (500) Internal Server Error.
  Type: Microsoft.Exchange.Tools.ExRca.Extensions.MapiTransportException
  Stack trace:
  at Microsoft.Exchange.Tools.ExRca.Extensions.MapiRpcTestClient.PingProtocolProxy(String endpointIdentifier)
  at Microsoft.Exchange.Tools.ExRca.Tests.MapiPingProxyTest.PerformTestReally()
  Exception details:
  Message: The remote server returned an error: (500) Internal Server Error.
  Type: System.Net.WebException
  Stack trace:
  at System.Net.HttpWebRequest.GetResponse()
  at RpcPingLib.RpcPing.PingProxy(String internalServerFqdn, String endpoint)
  at Microsoft.Exchange.Tools.ExRca.Extensions.MapiRpcTestClient.PingProtocolProxy(String endpointIdentifier)
  Elapsed Time: 290 ms.

  Hi,
  Does the issue only happen to your Exchange 2013 external users? How about Exchange 2010 users?
  Please make sure the external host name in your external Exchange URL is pointed to your Exchange 2013 in public DNS. For your coexistence environment, please make sure the Outlook Anywhere configurations are correct in both Exchange 2010 and Exchange 2013.
  We can run the following command to check it:
  Get-OutlookAnywhere | FL
  If the configuration is not correct, we can run the following command to set it(supposing the mail.domain.com is your External host name):
  For Exchange 2010:
  Set-OutlookAnywhere -Identity “E14-01\Rpc (Default Web Site)” -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName mail.domain.com -IISAuthenticationMethods NTLM, Basic
  For Exchange 2013:
  Set-OutlookAnywhere -Identity "E15-01\Rpc (Default Web Site)" -InternalHostname mail.domain.com -ExternalHostname mail.domain.com -InternalClientAuthenticationMethod Ntlm -ExternalClientAuthenticationMethod Basic -ExternalClientsRequireSsl
  $True -InternalClientsRequireSsl $true
  After all settings, please recycle MS Exchange RPCProxy AppPools and Default AppPools on both Exchange 2013 and Exchange 2010. Then restart IIS service by running IISReset /noforce from a command prompt window.
  Regards,
  Winnie Liang
  TechNet Community Support

• Exchange 2013 & Exchange 2007 Co-exist - Problems with Outlook anywhere proxy

  Hi,
  Got EX13 and EX07 in co-exist. Pointed all the external URL to EX13. ActiveSync proxies to 2007 and OWA redirects to legacy url with SSO. Working perfectly!
  But with Outlook Anywhere it does not work. Mailboxes on EX13 works good, but not for EX07 user.
  Error message from MRCA:
  Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server "internalFQDN ofbackend EX07 server"
  The RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime process.

  Hi,
  We need to change the Authenticaion on the Outlook Anywhere to NTLM
  Set-OutlookAnywhere -Identity "xxx\Rpc (Default Web Site)" –InternalHostName mail.domain.com
   -InternalClientsRequireSsl $True -ExternalHostName mail.domain.com
   -ExternalClientsRequireSsl $True -InternalClientAuthenticationMethod NTLM 
  -ExternalClientAuthenticationMethod NTLM -IISAuthenticationMethods 
  Basic, NTLM, Negotiate 
  Please first backup the Outlook Anywhere settings then do the above changes.
  Thanks,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Simon Wu
  TechNet Community Support

• Outlook Anywhere not working for some users

  Hi All,
  I am having a strange issue today with a customer -
  Outlook Anywhere has been enabled on their Exchange 2010 environment, but it doesn't work for some users.
  Using the ExRCA I have been able to identify the following error on the users who are unable to connect:
  "Testing the MAPI Mail Store endpoint on the Exchange server."
  "Attempting to log on to the mailbox"
  Mailbox logon returned ecLoginPerm 1010. You don't have the correct permissions to log in to the mailbox.
  EMSMDB Status: ecLoginPerm 1010
  Elapsed Time: 225 ms.
  On users that are able to connect it goes through the ExRCA without any issues.
  Any help would be much appreciated.
  Cheers,
  Jack
  Testing the MAPI Mail Store endpoint on the Exchange server.
  An error occurred while testing the Mail Store.
  Additional Details
  Elapsed Time: 333 ms.
  Test Steps
  Attempting to ping the MAPI Mail Store endpoint with identity: outlook.mg.com:6001.
  The endpoint was pinged successfully.
  Additional Details
  Attempting to log on to the Mailbox.
  An error occurred while logging on to the Mailbox.
  Additional Details
  Mailbox logon returned ecLoginPerm 1010. You don't have the correct permissions to log in to the mailbox.
  EMSMDB Status: ecLoginPerm 1010
  Elapsed Time: 225 ms.

  Hi,
  I notice that this issue only impact "some users".
  I suggest double confirm whether the Outlook Anywhere configuration set correctly on Outlook client. Pic as blow:
  Thanks
  Mavis Huang
  TechNet Community Support

• How to disable Exchange 2013 Outlook Anywhere for internal Outlook client

  Hello;
  By default, Exchange 2013's Outlook Anywhere is enable for all user mailbox, if I disable the Outlook Anywhere per user mailbox, the user will not able to connect his Outlook client to Exchange 2013.  What is the best method to disable the Outlook anywhere
  on mailbox but let the Outlook 2013 still able access to Exchg server.
  The initial idea is to prevent user from access to company Exchange server from ANYWHERE, we just want to open the Outlook Anywhere for the authorized user only.  Looks like Microsoft did not think about the security.
  thanks!

  Hello;
  By default, Exchange 2013's Outlook Anywhere is enable for all user mailbox, if I disable the Outlook Anywhere per user mailbox, the user will not able to connect his Outlook client to Exchange 2013.  What is the best method to disable the Outlook anywhere
  on mailbox but let the Outlook 2013 still able access to Exchg server.
  The initial idea is to prevent user from access to company Exchange server from ANYWHERE, we just want to open the Outlook Anywhere for the authorized user only.  Looks like Microsoft did not think about the security.
  thanks!
  I don't understand your request. If you disabled Outlook Anywhere, Outlook will only be able to connect via IMAP or POP3.
  If you want to disable this ability and allow some then perhaps use cas-mailbox to disable in bulk and then enable only those allowed:
  http://technet.microsoft.com/en-us/library/bb125264(v=exchg.150).aspx
  The MAPIBlockOutlookRpcHttp parameter enables or disables access to the mailbox by using Outlook Anywhere (RPC over HTTP) in Microsoft Outlook.
  Valid values for this parameter are:
  $true   Only Outlook clients that aren't configured to use Outlook Anywhere (RPC over HTTP) are allowed to access the mailbox. By default, Outlook 2013 is configured to use Outlook Anywhere.
  $false   Outlook clients that are configured to use Outlook Anywhere (RPC over HTTP) are allowed to access the mailbox.
  The default value is $false.
  Twitter!:
  Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.