Sunday, August 16, 2015

Troubleshooting Outlook Anywhere in Exchange 2010 SP3


Outlook Anywhere stops connecting due to several reasons. The possible issues could be at server level, client level and network level. To start troubleshooting, start by verifying the configuration for Outlook Anywhere.

Server Configuration

  1. Verify that the prerequisites are installed correctly. 
                    -  Web server role with all the necessary feature.
                    -   Rpc over Http feature on Windows 2008 server.

RPC over Http feature in Server Manager

    2.   I have seen many times that one of the authentication methods such as basic authentication is missed during the installation of web server role. Outlook Anywhere cannot authenticate and will prompt for credentials.

    3.  Verify registry for RpcProxy which is created as soon as we installed the Rpc over Http                      feature.


Rpc over Http registry key

The valid ports entry is default and incorrect and will not let Outlook Anywhere client to connect successfully. We will see how to populate this with correct information.

   4. Enable Outlook Anywhere on Exchange 2010 sp1 server. There are two ways to do it.

GUI mode: Open EMC > Server Configuration > Client Access > under Action pane "Enable Outlook Anywhere". Type the host name for Outlook Anywhere and the host name must be resolvable from internet.

Enable Outlook Anywhere from GUI

The certificate assigned to the Client Access server must have an entry which is in the host name. You can select any authentication for Outlook Anywhere, but port 443 must be open in firewall. If you select NTLM authentication client will be prompted for password only one time. However, Windows Integrated authentication for RPC virtual directory is IIS must be selected. Otherwise, the authentication for Outlook Anywhere will fail. If "Basic" is selected the client will be prompted fro credentials every time.

Command to enable Outlook Anywhere : Enable-OutlookAnywhere -Server <server name> -DefaultAuthenticationMethod basic -ExternalhostName mail.contosolife.com -SSLOffloading: $false

      1. Restart the Microsoft Exchange Service Host service to correctly populate the "ValidPorts" registry entry. Now I hae a new ValidPort_AutoConfig_Exchange entry and you must enter the same for valid ports registry.

Valid Port Auto config Exchange registry entry
     2.  Verify the certificate assigned for IIS and it should have a SAN entry for host name given to Outlook Anywhere. Following is the entry from my Exchange 2010 environment and the certificate has an entry for mail.contosolife.com.

Certificate SAN name should have Outlook Anywhere and Autodiscover entry
Before we configure the client for Outlook Anywhere, you may want to check a few things which is also valid for troubleshooting related to Outlook Anywhere.

      a. Outlook Anywhere communicates on port 6001, 6002 and 6004. Run netstat -ano to verify the ports are occupied by correct processes.
      b. To verify if the Rpc over Http component is installed correctly and working. Browse https://localhost/rpc/rpcproxy.dll and in response you may get a blank IE page, which is default response. If not then you may have some issue with the Rpc component or IIS or ports.

Client Configuration

There is not many thing to configure at the client end, But basic components are important.

  • Certificate - The client computer must have a valid root certificate.
  • DNS - Client computer should be able to resolve the Outlook Anywhere host name such as mail.contosolife.com. Here I can ping my exchange server from the client.
Ping the Outlook anywhere url and check the responses.

  • Through both Outlook 2007 and Outlook 2010 will connect to Exchange 2010 sp1 with same efficiency. It is important to install updates for the client that you are choosing for a number of reasons.
  • Autodiscover - Through Outlook Anywhere can be configured without autodiscover feature, but the client will not get services such as OAB, FreeBusy, OOF if not autodiscover is not available.

Here is how you will configure Outlook Anywhere on the client. Go to Control Panel > Mail (32 bit control panel option).

Mail Options in Control Panel

Under Choose E-mail service, select Microsoft Exchange.

Choose E-mail service

Under Microsoft Exchange Settings, you can add the Exchange server name and username.

Exchange Server Settings

Click on "More Settings" and we found following options. Select Connection and select "Connect to Microsoft Exchange using HTTP".

General tab
Connection tab

Client on Exchange Proxy settings complete the following information according to your server settings.

Exchange Proxy settings

We will discuss each option here

  • "Use this URL to connect to my proxy server for Exchange" is where you will type you Outlook Anywhere host name.
  • "Connect using SSL only" is selected by default, But the second check box is selected when you want Outlook Anywhere to check if host name matches the subject name of the certificate. If they do not match the connection will be unsuccessful. If leave this option empty, Out will not check for principle name checking and still connects successfully.
  • Suppose you want to find out about Outlook Anywhere configuration and not sure about the firewall. You can configure a regular Outlook client for Outlook Anywhere to test the connectivity. However, since the internal network is fast it will connect on TCP/IP, ignoring that we want to connect using HTTP.
A regular Outlook TCP connectivity will look like following.

TCP Connectivity of Outlook 

So, to make the connection fallback to HTTP, in Microsoft Exchange Proxy Settings, select "On fast network connect using HTTP first...".
The connection will look something like this in connection status for Outlook.

HTTPS connectivity of Outlook Anywhere

No comments:

Post a Comment