Outlook 2013 - Exchange Outlook anywhere

Hi
I'm the admin of our own hosted Exchange 2010 server. We have 1 client access server and 1 mailbox server, both running Server 2008 Std and Exchange 2010.
Running Outlook 2010 and earlier, there's absolutely no problems, no popups whatsoever. I upgraded to Outlook 2013 as one of my clients did the same and started getting popups. When you open Outlook, I get a popup - "Windows Security - Microsoft Outlook
- Connecting to my e-mail address". The OK is greyed out and when I click on Cancel, Outlook shows "Need Password" in the bottom right hand corner. When I click on that, Outlook connects and works perfectly from there. When I close
and re-open Outlook, same thing happens.
From other forums I checked for the two updates they mentioned, but I do not have them. I tried installing them to remove again, but they weren't even compatible with my setup. (Win 7 Ent, Office 2013 Pro). I checked the Autodiscover SSL settings under my CAS'
IIS and that is set to Ignore Client Certificates.
Are there any other things I can try?

Hi,
Is your Outlook 2013 upgraded from othe version such as 2007 or 2010?
Have you tried to create new Outlook profile.
Determine if it is credential case:
http://support.microsoft.com/kb/2762344
If it's related to redirectservers, check the suggestion here:
http://social.technet.microsoft.com/Forums/en-US/outlook/thread/e99f9924-b5d8-4360-84ae-ca947d99d693
Best regards,
Rex Zhang
TechNet Community Support

Similar Messages

Outlook Anywhere, Office 2013 + Exchange 2013 freezes

Hi.
I'm pulling my hair out with this problem as it seems to make no sense.
I have a client using outlook 2013 through outlook anywhere to their new server running Exchange 2013. when outlook is opened it seems to work for about 10 mins or so then after that if you go to send an email it freezes and says it trying to contact the
server. you wait for 10 mins then it works again for a while.
I've changed the timeout settings on the server and everything, they are currently experiencing this in their Spanish office which connects back to the UK.
No if they dial up the vpn ( no settings changed at all) and run outlook, it all works perfectly..... No one in the UK office (about 10 users) have any issues its only the 2 people in Spain, and one of them uses the laptop in the UK office that they have
in Spain with no issues.
I have a CA certificate from slls so not using a self certified one. however its not a wildcard so I haven't set-up on the external domain dns and instead just manually enter the settings (which works fine)
Its almost as if after 10 mins some connection drops but then takes ages to reconnect again.
There are a lot of schannel errors appearing on the machines which suggests they are looking at the wrong ports for connection on a couple of attempts, but the questions is why? and whether this has anything to do with the OA problem.
If anyone has some fresh ideas or any thoughts i would be very grateful as this is driving me round the bend, and i have 2 other clients who have a very similar set-up but have no issues.
Router Spanish side is a Comcast router and UK side is a draytek 2820
Exchange is running on Server 2012 with both the CA and Mailbox roles on the same server.
heeeellp before I go bald :)

Hi,
Please have the users in Spain open Outlook, go to FILE
-> Account Settings -> Account Settings -> Double click the account name ->
More Settings -> Connection tab -> Select
Connect to Microsoft Exchange using HTTP, and click Exchange Proxy Settings, tick
On slow networks, connect using HTTP first, then connect using TCP/IP
-> OK.
We can also have the users in Spain test the connectivity to Exchange via Remote Connectivity Analyzer to find if there's any error.
https://testconnectivity.microsoft.com/
Regards,
Melon Chen
TechNet Community Support

Exchange 2007 to 2013 Migration Outlook Anywhere keeps asking password

Hi all,
i'm migrating an Exchange 2007 Server with all roles installed on a Windows Server 2008 R2 to 2 Exchange 2013 SP1 Servers (1 Cas and 1 Mailbox) installed on Windows Server 2012 R2.
I installed Exchange 2007 SP3 RU13 for coexistance and everything was ok until i switched to the new 2013 CAS.
After that the client using Outlook Anywhere started asking for password.
I configured the Outlook Anywhere with these settings:
Exchange 2007:
OA Hostname mail.domain.com
Client Authentication NTLM
IISAuthenticathion Basic, NTLM
SSL Required True
Exchange 2013
OA Hostname mail.domain.com
Client Authentication NTLM (Both internal and external)
IISAuthentication Basic, NTLM
SSL Required True (both internal and external)
Before switching to 2013 Cas everything works smoothly and the Outlook clients receive NTLM as HTTP Proxy authentication.
After switching to 2013 Cas, test users migrated on 2013 Mailbox Server are ok, but Outlook users on Exchange 2007 Server get Basic as HTTP Proxy authentication and continue asking for credentials.
In the Exchange 2007 server i configured the host file to resolve servername and servername.domain.local with the ipv4 address to avoid issues regarding IPv6 with OA in Exchange 2007.
Using Microsoft Connectivity Test i receive the error "RPC Proxy can't be pinged - The remote server returned an error:
(500) Internal Server Error"
Any Ideas?
Thanks for your Help

Run this and post the result
https://testconnectivity.microsoft.com/
Cheers,
Gulab Prasad
Technology Consultant
Blog:
http://www.exchangeranger.com    Twitter:
  LinkedIn:
   Check out CodeTwo’s tools for Exchange admins
Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

How to disable Exchange 2013 Outlook Anywhere for internal Outlook client

Hello;
By default, Exchange 2013's Outlook Anywhere is enable for all user mailbox, if I disable the Outlook Anywhere per user mailbox, the user will not able to connect his Outlook client to Exchange 2013. What is the best method to disable the Outlook anywhere
on mailbox but let the Outlook 2013 still able access to Exchg server.
The initial idea is to prevent user from access to company Exchange server from ANYWHERE, we just want to open the Outlook Anywhere for the authorized user only. Looks like Microsoft did not think about the security.
thanks!

Hello;
By default, Exchange 2013's Outlook Anywhere is enable for all user mailbox, if I disable the Outlook Anywhere per user mailbox, the user will not able to connect his Outlook client to Exchange 2013. What is the best method to disable the Outlook anywhere
on mailbox but let the Outlook 2013 still able access to Exchg server.
The initial idea is to prevent user from access to company Exchange server from ANYWHERE, we just want to open the Outlook Anywhere for the authorized user only. Looks like Microsoft did not think about the security.
thanks!
I don't understand your request. If you disabled Outlook Anywhere, Outlook will only be able to connect via IMAP or POP3.
If you want to disable this ability and allow some then perhaps use cas-mailbox to disable in bulk and then enable only those allowed:
http://technet.microsoft.com/en-us/library/bb125264(v=exchg.150).aspx
The MAPIBlockOutlookRpcHttp parameter enables or disables access to the mailbox by using Outlook Anywhere (RPC over HTTP) in Microsoft Outlook.
Valid values for this parameter are:
$true Only Outlook clients that aren't configured to use Outlook Anywhere (RPC over HTTP) are allowed to access the mailbox. By default, Outlook 2013 is configured to use Outlook Anywhere.
$false Outlook clients that are configured to use Outlook Anywhere (RPC over HTTP) are allowed to access the mailbox.
The default value is $false.
Twitter!:
Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

Exchange Server 2013 Outlook Anywhere issue

I am working on an issue with Outlook Anywhere in Exchange 2013 where external users cannot connect. This is a new server co-existing with an Exchange
2010 server that will soon be decommissioned.
When I run an Outlook Connectivity test on testexchangeconnectivity.com I get the following error. I am not seeing anything in the application or system logs.
I already applied CU 6 (which was released today) and am seeing the same results. Port 443 is exposed directly to the web (no TMG, load balancer, proxy server, or SSL accelerator). Any help would be greatly appreciated!
Attempting to ping RPC proxy <external Exchange URL>.
RPC Proxy can't be pinged.
Additional Details
An unexpected network-level exception was encountered. Exception details:
Message: The remote server returned an error: (500) Internal Server Error.
Type: Microsoft.Exchange.Tools.ExRca.Extensions.MapiTransportException
Stack trace:
at Microsoft.Exchange.Tools.ExRca.Extensions.MapiRpcTestClient.PingProtocolProxy(String endpointIdentifier)
at Microsoft.Exchange.Tools.ExRca.Tests.MapiPingProxyTest.PerformTestReally()
Exception details:
Message: The remote server returned an error: (500) Internal Server Error.
Type: System.Net.WebException
Stack trace:
at System.Net.HttpWebRequest.GetResponse()
at RpcPingLib.RpcPing.PingProxy(String internalServerFqdn, String endpoint)
at Microsoft.Exchange.Tools.ExRca.Extensions.MapiRpcTestClient.PingProtocolProxy(String endpointIdentifier)
Elapsed Time: 290 ms.

Hi,
Does the issue only happen to your Exchange 2013 external users? How about Exchange 2010 users?
Please make sure the external host name in your external Exchange URL is pointed to your Exchange 2013 in public DNS. For your coexistence environment, please make sure the Outlook Anywhere configurations are correct in both Exchange 2010 and Exchange 2013.
We can run the following command to check it:
Get-OutlookAnywhere | FL
If the configuration is not correct, we can run the following command to set it(supposing the mail.domain.com is your External host name):
For Exchange 2010:
Set-OutlookAnywhere -Identity “E14-01\Rpc (Default Web Site)” -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName mail.domain.com -IISAuthenticationMethods NTLM, Basic
For Exchange 2013:
Set-OutlookAnywhere -Identity "E15-01\Rpc (Default Web Site)" -InternalHostname mail.domain.com -ExternalHostname mail.domain.com -InternalClientAuthenticationMethod Ntlm -ExternalClientAuthenticationMethod Basic -ExternalClientsRequireSsl
$True -InternalClientsRequireSsl $true
After all settings, please recycle MS Exchange RPCProxy AppPools and Default AppPools on both Exchange 2013 and Exchange 2010. Then restart IIS service by running IISReset /noforce from a command prompt window.
Regards,
Winnie Liang
TechNet Community Support

Exchange 2013, Outlook 2007 clients Problems with Outlook Anywhere connection

Hi everyone,
I have a mail system Exchange 2013 SP1, on Windows Server 2012 R2.
I have only one mail server with the Client Access and Mailbox roles Server.
I have a Wildcard certificate type *. Mydomain.com.
All connections to the Outlook Anywhere Outlook 2010, Outook 2013 work correctly.
The ActiveSync connections are working properly, too.
But Outlook 2007 clients connecting with Outlook Anywhere asking for credentials continuously fail continuously.
How can I solve this?
thank you very much
Microsoft Certified IT Professional Server Administrator

Hi,
Based on my experience, we need to set Outlook provider with the domain name if it's wildcard certificate:
Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:*.domain.com
http://technet.microsoft.com/en-us/library/cc535023(EXCHG.80).aspx
Thus, I recommend you try the above configuration and test the Outlook connection again.
Thanks,
Angela Shi
TechNet Community Support

Exchange 2013 2007 co-existence Outlook Anywhere issues

Sorted out all other issues (apart from a SSO issue- another thread) . Activesync, autodiscover etc all working- but Outlook Anywhere does not work for Exchange 2007 external mailboxes. It does work for 2013 mailboxes internally and externally-
and 2007 mailboxes internally.
Exchange 2013 SP1. Exchange 2007 Sp3 RU10. Legacy namespace is in use and on certificate. Outlook Anywhere IIS Authentication is set to Basic and NTLM on both 2007 and 2013 servers. Outlook Anywhere external client authentication is set to Basic.
Any sugestions what to look at next?

Tony,
I apologize for the stupid question, but was Outlook Anywhere working on Exchange 2007 before you started the upgrade?
When you open command prompt on Exchange 2007 and ping the Exchange 2007 internal FQDN or NetBIOS name, do you get an IPv4 address or you get the IPv6 one?
Step by Step Screencasts and Video Tutorials

Outlook Anywhere settings in a Exchange 2013 coexistence scenario with Exchange 2007

I have exchange 2013 and 2007 set up in a coexist environment. At the moment, the few mailboxes I am testing on Exchange 2013 are getting multiple pop ups in outlook and cannot connect to items like Public Folders on 2007. I found an article
that told me to change the authentication method from Negotiate to NTLM and that broke some of my Lync 2013 compatibility issues on users on exchange 2007 (ie conversation history and they got outlook integration errors.) I would like someone to confirm
if the change I am about to make from doing research will help me in my situation.
Current Setup:
Exchange 2007 OA CAS Settings
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod: NTLM
IISAuthenticationMethods : {Basic, Ntlm}
Exchange 2013 OA CAS Settings
ExternalClientAuthenticationMethod : Negotiate
InternalClientAuthenticationMethod: Negotiate
IISAuthenticationMethods : {Basic, Ntlm, Negotiate}
New Settings I am considering based on research:
Exchange 2007 OA CAS Settings
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod: Basic
IISAuthenticationMethods : {NTLM}
Exchange 2013 OA CAS Settings
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod: Basic
IISAuthenticationMethods : {Basic}
Will this work and eliminate my popups?

Hi,
The following TechNet article indicates that:
“In order to support access for Outlook Anywhere clients whose mailboxes are on legacy versions of Exchange, you will need to make some changes to your environment which are documented in the steps within the
Exchange Deployment Assistant. Specifically,
you will need to enable Outlook Anywhere on your legacy Client Access servers and enable NTLM in addition to basic authentication for the IIS Authentication Method.”
Client Connectivity in an Exchange 2013 Coexistence Environment
http://blogs.technet.com/b/exchange/archive/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment.aspx
As for the Autodiscover service, please make sure the Autodiscover.domain.com is pointed to your Exchange 2013 in Internal and External DNS. For more detailed information about Exchange 2013 coexistence with Exchange 2007, please refer to:
http://blogs.technet.com/b/meamcs/archive/2013/07/25/part-3-step-by-step-exchange-2007-to-2013-migration.aspx
Regards,
Winnie Liang
TechNet Community Support

2 exchange 2013 multirole server and 1 addess for Outlook Anywhere. How to?

Hello everybody.
I'm coming to you with a question about my new Exchange 2013 infrastructure.
I have 2 Exchange 2013 SP1 servers. Both are multirole (CAS + MBX). My servers are Server12 and Server13.
I created a DAG which IP adderss is 192.168.3.30 (Servers IP are 3.31 and 3.32). Everything's working fine.
For CAS High Availability, I followed this thread : http://exchangeserverpro.com/exchange-2013-client-access-server-high-availability/
On my firewall, I use NAT to send https flow from my public IP address (mail.domain.fr, external domain
published on internet) to point to mail.domain.org (internal domain, non published on Internet). The mail.domain.org alias is my record defined in my internal DNS to
point to my 2 multirole server, as shown in the tutorial above.
I encounter a problem with external outlook anywhere. My problem comes with Outlook Anywhere which is not working fine when I redirect https flow to my cluster IP address (192.168.3.30) (DAG's address, corresponding to my servers). If I do the same redirection,
but pointing to only one of my servers, it's working fine. In Exchange, external outlook Anywhere directory points to mail.domain.fr
But anyway, if this servers goes down, I have to change manually the NAT on my firewall. And I don't want to :).
How can I do ? Can I do something without a physical load-balancer?
Thanks

You cannot point Outlook Anywhere to your DAG cluster IP address. It must be pointed to the actual IP address of either server.
For no extra cost DNS round robin is the best you will get, but it does have some drawbacks as it may give the IP address of a server you have taken down for maintenance or the server has an issue.
You could look to implement a load balancer but again if you are doing this for high availability then you want more than one load balancer in the cluster - otherwise you've just moved your single point of failure.
Having your existing NAT and just remembering to update it to point to the other server during maintenance may suit your needs for now.
If you can go into more detail about what the high availability your business is looking to achieve and the budget we can suggest the best method to meet those needs for the price point.
Have a great day
Oliver
Oliver Moazzezi | Exchange MVP, MCSA:M, MCITP:Exchange 2010,Exchange 2013, BA (Hons) Anim | http://www.exchange2010.com | http://www.cobweb.com | http://twitter.com/OliverMoazzezi

Some Outlook clients getting internal FQDN of newly installed Exchange 2013 CAS server as Outlook Anywhere Proxy address

Hello Folks,
I have this problem and is making me crazy if anyone have any idea please shed some light on this:-
1. Working Outlook 2010 and 2013 clients with webmail.xyz.com as Outlook Anywhere proxy address.
2. Installed new Exchange 2013 server (server02)with CAS and Mailbox role, Exchange install wizard finished and server is rebooted.
3. Server came up online started changing internal and external FQDN's of Virtual Directories and Outlook Anywhere to webmail.xyz.com
4. As soon as Fqdn's changed some outlook clients create support request that Outlook suddenly white's out and after reopening it is giving error cannot connect to exchange. upon checking Clients Exchange Proxy address is set to http://server02.xyz.com,
even though OA/OWA/ECP/OAB/EWS/Autodiscover/ActiveSync FQDN's Point to webmail.xyz.com, on all servers if i create new outlook profile for same user it picks up correct settings through autodiscover and connects fine, this is happening to about 20% of outlook
clients every time i am introducing new Exchange 2013 server in Organization. we have around 2000 users and planning on installing 4 exchange servers to distribute load and everytime changing outlook profile of close to 150-200 users is not possible.
Any help is greatly appreciated.
Thanks
Cool

Here are the EXCRA results
Here IP (x.x.x.x) returned is my Load Balancer IP (Webmail.xyz.com).
Connectivity Test Successful with Warnings
Test Details
    Testing Outlook connectivity.
    The Outlook connectivity test completed successfully.
       Additional Details
    Elapsed Time: 9881 ms.
       Test Steps
       The Microsoft Connectivity Analyzer is attempting to test Autodiscover for [email protected].
    Autodiscover was tested successfully.
       Additional Details
    Elapsed Time: 2063 ms.
       Test Steps
       Attempting each method of contacting the Autodiscover service.
    The Autodiscover service was tested successfully.
       Additional Details
    Elapsed Time: 2063 ms.
       Test Steps
       Attempting to test potential Autodiscover URL https://xyz.com:443/Autodiscover/Autodiscover.xml
    Testing of this potential Autodiscover URL failed.
       Additional Details
    Elapsed Time: 186 ms.
       Test Steps
       Attempting to resolve the host name xyz.com in DNS.
    The host name couldn't be resolved.
       Tell me more about this issue and how to resolve it
       Additional Details
    Host xyz.com couldn't be resolved in DNS InfoNoRecords.
Elapsed Time: 186 ms.
    Attempting to test potential Autodiscover URL https://autodiscover.xyz.com:443/Autodiscover/Autodiscover.xml
    Testing of the Autodiscover URL was successful.
       Additional Details
    Elapsed Time: 1876 ms.
       Test Steps
       Attempting to resolve the host name autodiscover.xyz.com in DNS.
    The host name resolved successfully.
       Additional Details
    IP addresses returned: x.x.x.x
Elapsed Time: 338 ms.
    Testing TCP port 443 on host autodiscover.xyz.com to ensure it's listening and open.
    The port was opened successfully.
       Additional Details
    Elapsed Time: 173 ms.
    Testing the SSL certificate to make sure it's valid.
    The certificate passed all validation requirements.
       Additional Details
    Elapsed Time: 318 ms.
       Test Steps
       The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.xyz.com on port 443.
    The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
       Additional Details
    Remote Certificate Subject: CN=webmail.xyz.com, Issuer: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US.
Elapsed Time: 219 ms.
    Validating the certificate name.
    The certificate name was validated successfully.
       Additional Details
    Host name autodiscover.xyz.com was found in the Certificate Subject Alternative Name entry.
Elapsed Time: 1 ms.
    Certificate trust is being validated.
    The certificate is trusted and all certificates are present in the chain.
       Test Steps
       The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=webmail.xyz.com, OU=Terms of use at www.verisign.com/rpa (c)05,.
    One or more certificate chains were constructed successfully.
       Additional Details
    A total of 1 chains were built. The highest quality chain ends in root certificate CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign,
Inc.", C=US.
Elapsed Time: 36 ms.
    Analyzing the certificate chains for compatibility problems with versions of Windows.
    Potential compatibility problems were identified with some versions of Windows.
       Additional Details
    The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature
isn't enabled.
Elapsed Time: 5 ms.
    Testing the certificate date to confirm the certificate is valid.
    Date validation passed. The certificate hasn't expired.
       Additional Details
    The certificate is valid. NotBefore = 1/3/2013 12:00:00 AM, NotAfter = 11/16/2015 11:59:59 PM
Elapsed Time: 0 ms.
    Checking the IIS configuration for client certificate authentication.
    Client certificate authentication wasn't detected.
       Additional Details
    Accept/Require Client Certificates isn't configured.
Elapsed Time: 289 ms.
    Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
    The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST.
       Additional Details
    Elapsed Time: 756 ms.
       Test Steps
       The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.xyz.com:443/Autodiscover/Autodiscover.xml for user [email protected].
    The Autodiscover XML response was successfully retrieved.
       Additional Details
    Autodiscover Account Settings
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>Test Exch1</DisplayName>
<LegacyDN>/o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=add423106fbb47d5bf237462f52b8dab-Test Exch1</LegacyDN>
<DeploymentId>4ec753c9-60d9-4c05-9451-5b24e2d527a7</DeploymentId>
</User>
<Account>
<AccountType>email</AccountType>
<Action>settings</Action>
<Protocol>
<Type>EXCH</Type>
<Server>[email protected]</Server>
<ServerDN>/o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/[email protected]</ServerDN>
<ServerVersion>73C0834F</ServerVersion>
<MdbDN>/o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/[email protected]/cn=Microsoft Private MDB</MdbDN>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://webmail.xyz.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://webmail.xyz.com/OAB/6a6a06ad-4717-4636-bd98-0b4fa3aaf4a5/</OABUrl>
<UMUrl>https://webmail.xyz.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<PublicFolderServer>webmail.xyz.com</PublicFolderServer>
<AD>DC-03.domain.xyz.com</AD>
<EwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.xyz.com/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=domain.xyz.com</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=domain.xyz.com</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-sms>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=domain.xyz.com</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=domain.xyz.com</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&Title=<Title>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmCreating>
<EcpUrl-tmEditing>?rfr=olk&ftr=TeamMailboxEditing&Id=<Id>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmEditing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=domain.xyz.com</EcpUrl-extinstall>
<ServerExclusiveConnect>off</ServerExclusiveConnect>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>webmail.xyz.com</Server>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://webmail.xyz.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://webmail.xyz.com/OAB/6a6a06ad-4717-4636-bd98-0b4fa3aaf4a5/</OABUrl>
<UMUrl>https://webmail.xyz.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<EwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.xyz.com/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=domain.xyz.com</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=domain.xyz.com</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-sms>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=domain.xyz.com</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=domain.xyz.com</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&Title=<Title>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmCreating>
<EcpUrl-tmEditing>?rfr=olk&ftr=TeamMailboxEditing&Id=<Id>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmEditing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=domain.xyz.com</EcpUrl-extinstall>
<ServerExclusiveConnect>on</ServerExclusiveConnect>
<EwsPartnerUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsPartnerUrl>
<GroupingInformation>Default-First-Site-Name</GroupingInformation>
</Protocol>
<Protocol>
<Type>WEB</Type>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<Internal>
<OWAUrl AuthenticationMethod="Basic, Fba">https://webmail.xyz.com/owa/</OWAUrl>
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
</Protocol>
</Internal>
<External>
<OWAUrl AuthenticationMethod="Fba">https://webmail.xyz.com/owa/</OWAUrl>
<Protocol>
<Type>EXPR</Type>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
</Protocol>
</External>
</Protocol>
<Protocol>
<Type>EXHTTP</Type>
<Server>webmail.xyz.com</Server>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://webmail.xyz.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://webmail.xyz.com/OAB/6a6a06ad-4717-4636-bd98-0b4fa3aaf4a5/</OABUrl>
<UMUrl>https://webmail.xyz.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<EwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.xyz.com/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=domain.xyz.com</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=domain.xyz.com</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-sms>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=domain.xyz.com</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=domain.xyz.com</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&Title=<Title>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmCreating>
<EcpUrl-tmEditing>?rfr=olk&ftr=TeamMailboxEditing&Id=<Id>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmEditing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=domain.xyz.com</EcpUrl-extinstall>
<ServerExclusiveConnect>On</ServerExclusiveConnect>
</Protocol>
<Protocol>
<Type>EXHTTP</Type>
<Server>webmail.xyz.com</Server>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://webmail.xyz.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://webmail.xyz.com/OAB/6a6a06ad-4717-4636-bd98-0b4fa3aaf4a5/</OABUrl>
<UMUrl>https://webmail.xyz.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<EwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.xyz.com/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=domain.xyz.com</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=domain.xyz.com</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-sms>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=domain.xyz.com</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=domain.xyz.com</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&Title=<Title>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmCreating>
<EcpUrl-tmEditing>?rfr=olk&ftr=TeamMailboxEditing&Id=<Id>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmEditing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=domain.xyz.com</EcpUrl-extinstall>
<ServerExclusiveConnect>On</ServerExclusiveConnect>
</Protocol>
</Account>
</Response>
</Autodiscover>HTTP Response Headers:
request-id: 9d325a80-f1fd-4496-ac48-2be6bb782c28
X-CalculatedBETarget: Server01.domain.xyz.com
X-DiagInfo: Server01
X-BEServer: Server01
Persistent-Auth: true
X-FEServer: Server01
Content-Length: 11756
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Date: Mon, 25 Aug 2014 19:12:25 GMT
Set-Cookie: X-BackEndCookie=S-1-5-21-1293235207-2459173341-1304346827-14544=u56Lnp2ejJqBypqcnsfJx5nSy8ucnNLLnJzP0sfKz8/Sy5nHmsiamZrMyZrLgYHPxtDNy9DNz87L387Gxc7Nxc3J; expires=Thu, 25-Sep-2014 00:12:26 GMT; path=/Autodiscover; secure; HttpOnly
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Elapsed Time: 756 ms.
    Autodiscover settings for Outlook connectivity are being validated.
    The Microsoft Connectivity Analyzer validated the Outlook Autodiscover settings.
       Additional Details
    Elapsed Time: 0 ms.
    Testing RPC over HTTP connectivity to server webmail.xyz.com
    RPC over HTTP connectivity was verified successfully.
       Additional Details
    HTTP Response Headers:
request-id: 835acf95-78b7-40ae-b232-117318d1577e
Server: Microsoft-IIS/8.5
WWW-Authenticate: Basic realm="webmail.xyz.com",Negotiate,NTLM
X-Powered-By: ASP.NET
X-FEServer: Server01
Date: Mon, 25 Aug 2014 19:12:26 GMT
Content-Length: 0
Elapsed Time: 7817 ms.
       Test Steps
       Attempting to resolve the host name webmail.xyz.com in DNS.
    The host name resolved successfully.
       Additional Details
    IP addresses returned: x.x.x.x
Elapsed Time: 107 ms.
    Testing TCP port 443 on host webmail.xyz.com to ensure it's listening and open.
    The port was opened successfully.
       Additional Details
    Elapsed Time: 180 ms.
    Testing the SSL certificate to make sure it's valid.
    The certificate passed all validation requirements.
       Additional Details
    Elapsed Time: 303 ms.
       Test Steps
       The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server webmail.xyz.com on port 443.
    The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
       Additional Details
    Remote Certificate Subject: CN=webmail.xyz.com, OU=Terms of use at www.verisign.com/rpa (c)05, Issuer: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign,
Inc.", C=US.
Elapsed Time: 224 ms.
    Validating the certificate name.
    The certificate name was validated successfully.
       Additional Details
    Host name webmail.xyz.com was found in the Certificate Subject Common name.
Elapsed Time: 0 ms.
    Certificate trust is being validated.
    The certificate is trusted and all certificates are present in the chain.
       Test Steps
       The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=webmail.xyz.com, OU=Terms of use at www.verisign.com/rpa (c)05,
    One or more certificate chains were constructed successfully.
       Additional Details
    A total of 1 chains were built. The highest quality chain ends in root certificate CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign,
Inc.", C=US.
Elapsed Time: 34 ms.
    Analyzing the certificate chains for compatibility problems with versions of Windows.
    Potential compatibility problems were identified with some versions of Windows.
       Additional Details
    The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature
isn't enabled.
Elapsed Time: 5 ms.
    Testing the certificate date to confirm the certificate is valid.
    Date validation passed. The certificate hasn't expired.
       Additional Details
    The certificate is valid. NotBefore = 1/3/2013 12:00:00 AM, NotAfter = 11/16/2015 11:59:59 PM
Elapsed Time: 0 ms.
    Checking the IIS configuration for client certificate authentication.
    Client certificate authentication wasn't detected.
       Additional Details
    Accept/Require Client Certificates isn't configured.
Elapsed Time: 298 ms.
    Testing HTTP Authentication Methods for URL https://webmail.xyz.com/rpc/[email protected]:6002.
    The HTTP authentication methods are correct.
       Additional Details
    The Microsoft Connectivity Analyzer found all expected authentication methods and no disallowed methods. Methods found: Basic, Negotiate, NTLMHTTP Response Headers:
request-id: 835acf95-78b7-40ae-b232-117318d1577e
Server: Microsoft-IIS/8.5
WWW-Authenticate: Basic realm="webmail.xyz.com",Negotiate,NTLM
X-Powered-By: ASP.NET
X-FEServer: Server01
Date: Mon, 25 Aug 2014 19:12:26 GMT
Content-Length: 0
Elapsed Time: 296 ms.
    Attempting to ping RPC proxy webmail.xyz.com.
    RPC Proxy was pinged successfully.
       Additional Details
    Elapsed Time: 454 ms.
    Attempting to ping the MAPI Mail Store endpoint with identity: [email protected]:6001.
    The endpoint was pinged successfully.
       Additional Details
    The endpoint responded in 0 ms.
Elapsed Time: 1007 ms.
    Testing the MAPI Address Book endpoint on the Exchange server.
    The address book endpoint was tested successfully.
       Additional Details
    Elapsed Time: 2177 ms.
       Test Steps
       Attempting to ping the MAPI Address Book endpoint with identity: [email protected]:6004.
    The endpoint was pinged successfully.
       Additional Details
    The endpoint responded in 906 ms.
Elapsed Time: 918 ms.
    Testing the address book "Check Name" operation for user [email protected] against server [email protected].
    The test passed with some warnings encountered. Please expand the additional details.
       Tell me more about this issue and how to resolve it
       Additional Details
    The address book Bind operation returned ecNotSupported. This typically indicates that your server requires encryption. The Microsoft Connectivity Analyzer will attempt the Address Book test again with encryption.
NSPI Status: 2147746050
Elapsed Time: 825 ms.
    Testing the address book "Check Name" operation for user [email protected] against server [email protected].
    Check Name succeeded.
       Additional Details
    DisplayName: Test Exch1, LegDN: /o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=add423106fbb47d5bf237462f52b8dab-Test Exch1
Elapsed Time: 433 ms.
    Testing the MAPI Referral service on the Exchange Server.
    The Referral service was tested successfully.
       Additional Details
    Elapsed Time: 1808 ms.
       Test Steps
       Attempting to ping the MAPI Referral Service endpoint with identity: [email protected]:6002.
    The endpoint was pinged successfully.
       Additional Details
    The endpoint responded in 953 ms.
Elapsed Time: 949 ms.
    Attempting to perform referral for user /o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=add423106fbb47d5bf237462f52b8dab-Test Exch1 on server [email protected].
    We got the address book server successfully.
       Additional Details
    The server returned by the Referral service: [email protected]
Elapsed Time: 858 ms.
    Testing the MAPI Address Book endpoint on the Exchange server.
    The address book endpoint was tested successfully.
       Additional Details
    Elapsed Time: 626 ms.
       Test Steps
       Attempting to ping the MAPI Address Book endpoint with identity: [email protected]:6004.
    The endpoint was pinged successfully.
       Additional Details
    The endpoint responded in 156 ms.
Elapsed Time: 154 ms.
    Testing the address book "Check Name" operation for user [email protected] against server [email protected].
    Check Name succeeded.
       Additional Details
    DisplayName: Test Exch1, LegDN: /o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=add423106fbb47d5bf237462f52b8dab-Test Exch1
Elapsed Time: 472 ms.
    Testing the MAPI Mail Store endpoint on the Exchange server.
    We successfully tested the Mail Store endpoint.
       Additional Details
    Elapsed Time: 555 ms.
       Test Steps
       Attempting to ping the MAPI Mail Store endpoint with identity: [email protected]:6001.
    The endpoint was pinged successfully.
       Additional Details
    The endpoint responded in 234 ms.
Elapsed Time: 228 ms.
    Attempting to log on to the Mailbox.
    We were able to log on to the Mailbox.
       Additional Details
    Elapsed Time: 326 ms.

Exchange 2013 how to disable outlook anywhere

Hi Team,
I have migrated some mailboxes from Exchange 2010 to 2013. But i want to restrict some users to use outlook anywhere.
How can i do this?
Also, Some outlook 2010 clients are not able to open outlook after migrating to Exchange 2013. Please help.
Thanks.
Regards, Sunny Kewalramani.

Hi,
Firstly, I'm afraid that we cannot disable Outlook Anywhere for certain users only when they use OA externally. And if the property MAPIBLOCKOutlookRpcHttp of a user is set to true, the user cannot access Exchange server both internally and externally.
Thanks,
Angela Shi
TechNet Community Support

Outlook anywhere not workinhg , exchange 2013

i have exchange 2013 environment everything is working fine except outlook anywhere iam using TMG 2010 for publishing rule (OWA , Active sync and OA ) all are working fine except OA
when i try to configure outlook user his computer not in domain it keep asking for username and password during configuration and after 2 times asking the password it shows the attached screen with no success
can you advice why this happening ?

this happen to all users , no one can use OA but others services like OWA and active sync working fine with all , they all configured in same TMG sever with same listener
get-outlookanywhee | fl output as below
RunspaceId                         : 8153f39f-76d2-4b02-8b4b-fdd8fa9f4977
ServerName                         : severname
SSLOffloading                      : True
ExternalHostname                   : webmail.xxxx.com
InternalHostname                   : webmail.xxxx.com
ExternalClientAuthenticationMethod : Ntlm
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}
XropUrl                            :
ExternalClientsRequireSsl          : True
InternalClientsRequireSsl          : True
MetabasePath                       : IIS://servename.xxxxx.local/W3SVC/1
                                     T/Rpc
Path                               : C:\Program Files\Microsoft\Exchange
                                     Server\V15\FrontEnd\HttpProxy\rpc
ExtendedProtectionTokenChecking    : None
ExtendedProtectionFlags            : {}
ExtendedProtectionSPNList          : {}
AdminDisplayVersion                : Version 15.0 (Build 847.32)
Server                             : servername
AdminDisplayName                   :
ExchangeVersion                    : 0.20 (15.0.0.0)
Name                               : Rpc (Default Web Site)
DistinguishedName                  : CN=Rpc (Default Web Site),CN=HTTP,CN=P
                                     cols,CN=servername,CN=Servers,CN=Exchan
                                     Administrative Group
                                     (FYDIBOHF23SPDLT),CN=Administrative
                                     Groups,CN=xxxxxx
                                     Co,CN=Microsoft Exchange,CN=Services,C
                                     nfiguration,DC=xxxxx,DC=local
Identity                           : servername\Rpc (Default Web Site)
Guid                               : b667bc75-2280-4b1b-99cd-9991b2300f6e
ObjectCategory                     : xxxxxx.local/Configuration/Schema/ms
                                     h-Rpc-Http-Virtual-Directory
ObjectClass                        : {top, msExchVirtualDirectory,
                                     msExchRpcHttpVirtualDirectory}
WhenChanged                        : 12/18/2014 6:07:17 PM
WhenCreated                        : 11/4/2014 9:07:48 AM
WhenChangedUTC                     : 12/18/2014 2:07:17 PM
WhenCreatedUTC                     : 11/4/2014 5:07:48 AM
OrganizationId                     :
OriginatingServer                  : DC.xxxxx.local
IsValid                            : True
ObjectState                        : Changed
note
my domian xxxxxxx.local and my extrenal url webmail.xxxxxx.com

Exchange 2013 - How to configure Outlook Anywhere with certificate based authentication?

Hello,
is it possible to secure Outlook Anywhere in Exchange 2013 with certficate based authentication?
I found documentation to configure CBA for OWA and ActiveSync, but not for Outlook Anywhere.
We would like to secure external access to the mailboxes via Outlook by using CBA.
Thanks a lot in advance!
Regards,
André

Hi,
Let’s begin with the answer in the following thread:
http://social.technet.microsoft.com/Forums/en-US/e4b44ff0-4416-44e6-aa78-be4c1c03f433/twofactor-authentication-outlook-anywhere-2010?forum=exchange2010
Based on my experience, Outlook client only has the following three authentication methods:Basic, NTML, Negotiate. And for more information about Security for Outlook Anywhere, you can refer to the following article:
http://technet.microsoft.com/en-us/library/bb430792(v=exchg.141).aspx
If you have any question, please feel free to let me know.
Thanks,
If you have feedback for TechNet Subscriber Support, contact
[email protected]
Angela Shi
TechNet Community Support

Troubleshoot connectivity issues Outlook Anywhere - Exchange 2013

Hi there,
As part of our Exchange 2010 -> 2013 migration we've transitioned CAS to Exchange 2013 2 weeks ago. Some 50 mailboxes have been moved to exchange 2013. Moving mailboxes for everyone is scheduled the 2nd week of july . Because our current version of Outlook
is 2007 (migration to 2013 is due thissummer) we've configured NTLM authentication for OA.
Exchange setup: 8 Multirole (CAS/MBX) virtual (VMware) Servers: each 4 cores, 24 Gb memory (reserved) : Windows 2012 SP1, Exchange 2013 SP1 (15.0.847.4030)
Right now we're facing client connectivity issue's: Outlook Anywhere clients are continiously losing connection with exchange, some people (outllook 2007/exc. 2007) report every minute or worse.... Moving the mailboxes of affected people results in
less problems: Sometimes no disconnects for 10 to 30 minutes, then reconnects every minute for some time.
We've already set the timeout for the oa-pool in our network proxy (riverbed steelapp) to 20 minutes and the minimum keep alive on the 2013 servers to 120 seconds which improved Oultook 2013 clients; before I experienced reconnects every minute, after every
10 to 30 minutes (with periods of reconnects every minute)
testconnectivity.microsoft.com gives positive results (apart from a nspi warning about server side encryption)
testing with rpcping according to
http://blogs.technet.com/b/exchange/archive/2008/06/20/3405633.aspx gives some interesting results:
I've tested all (8) CAS 2013 servers over ports 6001, 6002 and 6003; each 100 rpcpings with a for loop: every response was either about 500 ms or about 21 Seconds ?!?
How can we furher troubleshoot the reason of the long reply time. Eventlogs (and SCOM with exchange 2013 MP) show no relevant events or alerts.
Part of the output of a rpcping
RPCPing v6.0. Copyright (C) Microsoft Corporation, 2002-2006
RPCPing set Activity ID: {59b56c7f-af5d-4836-b701-92070f674de6}
Completed 1 calls in 452 ms
2 T/S or 452.000 ms/T
RPCPing v6.0. Copyright (C) Microsoft Corporation, 2002-2006
RPCPing set Activity ID: {1197cd5e-c79d-4659-b598-3134c335b103}
Completed 1 calls in 468 ms
2 T/S or 468.000 ms/T
RPCPing v6.0. Copyright (C) Microsoft Corporation, 2002-2006
RPCPing set Activity ID: {0cbaef91-ec96-402e-aa00-4913e2be1c51}
Completed 1 calls in 483 ms
2 T/S or 483.000 ms/T
RPCPing v6.0. Copyright (C) Microsoft Corporation, 2002-2006
RPCPing set Activity ID: {525717e5-441b-4a8e-8398-dc86d38852c7}
Completed 1 calls in 21450 ms
0 T/S or 21450.000 ms/T
RPCPing v6.0. Copyright (C) Microsoft Corporation, 2002-2006
RPCPing set Activity ID: {408d806d-ed5a-4f96-8c3c-2446a1d48ad8}
Completed 1 calls in 21497 ms
0 T/S or 21497.000 ms/T
RPCPing v6.0. Copyright (C) Microsoft Corporation, 2002-2006
RPCPing set Activity ID: {3b441a9f-7606-4106-850f-fccb7c0f1bb1}
Completed 1 calls in 21497 ms
0 T/S or 21497.000 ms/T
RPCPing v6.0. Copyright (C) Microsoft Corporation, 2002-2006
RPCPing set Activity ID: {bf994811-8528-433f-b532-f29d347fce5b}
Completed 1 calls in 21590 ms
0 T/S or 21590.000 ms/T
RPCPing v6.0. Copyright (C) Microsoft Corporation, 2002-2006
RPCPing set Activity ID: {ddb5248b-82aa-4586-b2f7-9c04c9922034}
Completed 1 calls in 577 ms
1 T/S or 577.000 ms/T
Summary of all servers (test this morning)
Server
Port
# >20.0001
Server1
6001
32/100
Server1
6002
27/100
Server1
6004
0/100
Server2
6001
47/100
Server2
6002
0/100
Server2
6004
37/100
Server3
6001
0/100
Server3
6002
0/100
Server3
6004
41/100
Server4
6001
0/100
Server4
6002
29/100
Server4
6004
42/100
Server5
6001
69/100
Server5
6002
48/100
Server5
6004
69/100
Server6
6001
0/100
Server6
6002
0/100
Server6
6004
1/100
Server7
6001
0/100
Server7
6002
1/100
Server7
6004
1/100
Server8
6001
0/100
Server8
6002
0/100
Server8
6004
0/100
I've repeated above test this afternoon: All test resulted in about 40-60 (of 100) replies >20 seconds

We've changed a timeout setting in the Steelapp virtual server (old: 10 sec; new: disabled) the connections between Outlook and Exchange are, when established, very stable (almost no failed request anymore)
However there still existst a conectivity issue:
The 8 Exchange 2013 servers are placed in 2 different Active Directory sites (4 servers in each site) and I have found that a cross site rpcping consequently takes more than 20 seconds (with the loadbalancer bypassed ! !) where a rpcping on the
same AD-site takes 200-300 miliseconds...
rpcping -t ncacn_http -o RpcProxy=Host-in-site-A -P "user,domain,password" -H 2 -F 3 -a connect -u 10 -v 3 -s RpcProxy=Host-in-site-B -I "user,domain,password" -e 6001 => 20+ seconds
rpcping -t ncacn_http -o RpcProxy=Host-in-site-A -P "user,domain,password" -H 2 -F 3 -a connect -u 10 -v 3 -s RpcProxy=Host-in-site-A -I "user,domain,password" -e 6001 => 200 miliseconds
rpcping -t ncacn_http -o RpcProxy=Host-in-site-B -P "user,domain,password" -H 2 -F 3 -a connect -u 10 -v 3 -s RpcProxy=Host-in-site-B -I "user,domain,password" -e 6001 => 200 miliseconds
rpcping -t ncacn_http -o RpcProxy=Host-in-site-B -P "user,domain,password" -H 2 -F 3 -a connect -u 10 -v 3 -s RpcProxy=Host-in-site-A -I "user,domain,password" -e 6001 => 20+ seconds
The same tests with our Exchange 2010 CAS and MBX (NO multirole) shows fast (300 ms.) with every combination. The servers are both on the same networks in each site
We've already started talking with the network guy's: There should be no rules between both networks.
OWA, Autodiscover, EAS all work fine.
How or where to troubleshoot this slow response between two AD site's ??

Exchange 2013 & Exchange 2007 Co-exist - Problems with Outlook anywhere proxy

Hi,
Got EX13 and EX07 in co-exist. Pointed all the external URL to EX13. ActiveSync proxies to 2007 and OWA redirects to legacy url with SSO. Working perfectly!
But with Outlook Anywhere it does not work. Mailboxes on EX13 works good, but not for EX07 user.
Error message from MRCA:
Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server "internalFQDN ofbackend EX07 server"
The RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime process.

Hi,
We need to change the Authenticaion on the Outlook Anywhere to NTLM
Set-OutlookAnywhere -Identity "xxx\Rpc (Default Web Site)" –InternalHostName mail.domain.com
-InternalClientsRequireSsl $True -ExternalHostName mail.domain.com
-ExternalClientsRequireSsl $True -InternalClientAuthenticationMethod NTLM
-ExternalClientAuthenticationMethod NTLM -IISAuthenticationMethods
Basic, NTLM, Negotiate
Please first backup the Outlook Anywhere settings then do the above changes.
Thanks,
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Simon Wu
TechNet Community Support

Outlook Anywhere Loosing connection : Outlook Event id 26 and Exchange IIS HTTPERR Log : Connection_Dropped_List_Full at the same time

Hi,
I have a Windows 2008R2 Updated / Exchange 2010 SP3 Rollup 7 (Role CAS,HUB,MBX) with only external users connection : ActiveSync, EWS, OWA, Outlook Anywhere.
4 processors and 24Go of memory are allocated to the Exchange server VM (VMWare).
Netscaller is used as reverse proxy in DMZ.
There is around 500 users connecting with Outlook Anywhere to Exchange. Users are using Outlook 2010 or 2013 with last updates and cache mode enabled (owner mailbox and delegations). Users are location all around the world (around 50 sites). So no users
is domain integrated.
Users are complaining about disconnection, and Outlook freeze (Outlook is not responding). This happened at any point of time during the day, and for different kind of actions (Outlook is just open, Try to press Send button, try to press Transfer button).
The freeze happened randomly for users. I have seen the problem, and Outlook sometimes freeze during few seconds, sometimes during 5 minutes without any reason. (no file copy, no action asked...)
I noticed that freeze are matching with the Outlook event id 26 on the workstation (Connection to the Microsoft Exchange Server has been lost. Outlook will restore the connection when possible). Also, at the same time, I can see around 200 lines in
the IIS HTTPERR Log (Exchange Server : C:\Windows\System32\LogFiles\HTTPERR) the following lines:
2014-11-20 10:39:43 NETSCALLERIP PORT EXCHANGEIP 443 HTTP/1.1 RPC_OUT_DATA /rpc/rpcproxy.dll?EXCHANGEFQDN:6004 - 1 Connection_Dropped_List_Full MSExchangeOutlookAnyWhere
2014-11-20 10:39:43 NETSCALLERIP PORT EXCHANGEIP 443 HTTP/1.1 RPC_OUT_DATA /rpc/rpcproxy.dll?EXCHANGEFQDN:6001 - 1 Connection_Dropped_List_Full MSExchangeOutlookAnyWhere
What has been already checked :
Check IOPS: seems to be normal
Check Processor consumption: seems to be normal
Netscaller TimeOut = 8h
Bandwidth where the server is hosted : more than enough
Bandwidth of client internet connection : Traffic do not increase when the problem happen
Firewall TimeOut : seems to be ok
Firewall Protocol Filter : seem to be ok
Workstation MTU : Ok : ping -l -f 1472 = Ok, so best MTU = 1500 (1472+28)
Outlook Profile : Clean Up OST, sync of all folders, download address book.
wireshark on workstation : nothing seems to be wrong but difficult to analyse, so I maybe missed something.
Configuration change on Exchange :
HKLM\Software\Policies\Microsoft\Windows NT\RPC\MinimumConnectionTimeout = 120
Disable throttling Policy
Adsiedit, change Max Memory alloc for ESE : msExchESEParamCacheSizeMax = 327680 (around 10GB) msExchESEParamCacheSizeMin = 131072 (around 4GB
Adsiedit, change Min Memory alloc for ESE : msExchESEParamCacheSizeMin = 131072 (around 4GB)
Host file : add hostname and FQDN of Exchange Server
Disable IPV6 : HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\DisabledComponents = HEX 0xffffffff
IIS : system.applicationHost : webLimits : minBytesPerSecond = 0
Create dedicated IIS AppPool MSExchangeOutlookAnyWhere for /RPC and /RPCWithCert
AppPool MSExchangeOutlookAnyWhere : Regular Time Interval (minutes) : 0
AppPool MSExchangeOutlookAnyWhere : Queue Length : 20000 (Should be the solution but not working)
netsh int tcp set global chimney=disabled
netsh int tcp set global rss=disabled
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\MaxUserPort = 65534
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\KeepAliveTime : 300000
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\MaxConcurrentAPI = 150
IIS machine.config : <system.web> : requestQueueLimit="65535"
Microsoft.Exchange.RpcClientAccess.Service.exe.config <add key=”LoggingTag” value=”ConnectDisconnect, Logon, Failures, ApplicationData, Warnings, Throttling”/>
Uninstall All agents (except Backup Agent)
Uninstall Antivirus
Will be done tonight :
Exchange and DCs : HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\MaxConcurrentAPI = 100
Exchange IIS : Increase AppPool MSExchangeOutlookAnyWhere Queue Length to 40000
Exchange : decrease HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\KeepAliveTime to 60000
You're welcome if you have any idea.
Thanks.
Jo.

Hi,
Thanks for your answer. Here are my comments :
1. Disable IPv6 then restart your Exchange server
Already done since the install of Exchange.
2. Confirm if there is any NLB device in your environment, please remove NLB firm client server
There is only one Exchange server in the Org. So no NLB installed on the server (NLB is used on the Netscaller used as a reverse proxy). In Addition, the article apply for Windows 2008, or the server is installed with Windows 2008 R2.
3. If there is a proxy server configured in IE, please uncheck it
I guess you are talking on the client side. There is no proxy on the client side, Outlook Anywhere connect directly to the internet.
4. Collect more error logs in Event Viewer in Exchange and collect the IIS logs in
folder “c:\inetpub\logs\logfiles\W3SVC1”
the error I reported in the description is from IIS, and always appear when end users report a problem. In W3SVC1 file, there is also errors, but those one appear even if Outlook clients are working fine. So I cannot isolate any specific
error. The most common from W3SVC1 log are :
2014-11-25 08:02:17 EXCHANGEIP POST /autodiscover/autodiscover.xml - 443 - NETSCALLERIP Microsoft+Office/15.0+(Windows+NT+6.1;+Microsoft+Outlook+15.0.4667;+Pro)
401 1 2148074254 0
2014-11-25 08:02:17 EXCHANGEIP POST /EWS/Exchange.asmx - 443 - NETSCALLERIP Mac_OS_X/10.9.5+(13F34)+CalendarAgent/176.2
401 1 2148074254 0
2014-11-25 08:02:18 EXCHANGEIP POST /EWS/Exchange.asmx - 443 - NETSCALLERIP Microsoft+Office/14.0+(Windows+NT+6.1;+Microsoft+Outlook+14.0.7128;+Pro)
401 1 2148074254 0
Regards,
Jo.

Outlook 2013 - Exchange Outlook anywhere

Similar Messages

Maybe you are looking for