Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Configuring Outlook anywhere client with out the machine being joined to the domain

Status
Not open for further replies.
telecotek1

telecotek1

Vendor
Nov 13, 2007
390
US
I have a user who BYOD's his laptop will not let me join it to the domain. has personal email accounts setup in his outlook and I have been trying to find away to easily give him email access to our exchange server. outlook anywhere is working on the server. Was just looking at the configuration of my iPhone and wondering why can't his outlook use the same authentication as my iPhone? What's the easiest wasy to get this to work. all the documentation that i see about setting up a cient assumes the machine is on the domain and connected locally.

thanks in advance

-j
 
Sort by date Sort by votes
The system does not have to be domain-joined. Most users with cloud-based mailboxes are not domain-joined, so I would estimate at least 50% of Outlook/Exchange users connect from systems that aren't domain-joined. If you have autodiscover set up properly, his Outlook will actually be able to find the server and connect to it without having to manually specify the server name and so forth.

BTW, your phone uses ActiveSync and may use Autodiscover to configure itself (if autodiscover is set up), while Outlook would use something called Outlook Anywhere to tunnel MAPI traffic over HTTPS. The important thing is that the server is set up to handle Outlook Anywhere (RPC-over-HTTP) connections and that the client has been configured properly. If the server is set up to do Autodiscover properly, it makes things even easier.

Some links:

To prepare the server (and client):

To configure the client:

Dave Shackelford
ThirdTier.net
TrainSignal.com
 
Upvote 0 Downvote
Thanks shackdaddy it looks like autodiscover is activated but my certificate is invalid and maybe one or 2 issues.

Note that I removed all actual domain names and replaced with domain

Test-OutlookWebServices -identity:name@domain.com | ft * -AutoSize -Wrap
Id Type Message
-- ---- -------
1003 Information About to test AutoDiscover with the e-mail address name@
domain.com.
1005 Warning When accessing cover.xml the error "NotTimeValid:A required certificate is no
t within its validity period when verifying against the curren
t system clock or the timestamp in the signed file.
" was reported.
1013 Error When contacting received the er
ror The server committed a protocol violation. Section=Respons
eStatusLine
1017 Error [EXPR]-Error when contacting the RPC/HTTP service at emote.domain.com/Rpc. The elapsed time was 408 milliseconds.
1006 Success The Autodiscover service was tested successfully.
1021 Information The following web services generated errors.
Contacting server in EXPR
Please use the prior output to diagnose and correct the errors
.
The rest of the items in this test were successful. So tackling the first error led me to look at certs...


So I followed the steps in this..


[PS] C:\Windows\System32>Get-ExchangeCertificate

Thumbprint Services Subject
---------- -------- -------
6B78F3991F7BB795E21A602AB2E5DFEB3B847F52 IP... CN=DOMAINSERVER.domai...
30D024F812B673B3C4FCB8E90CB59731A847F9CF IP.WS CN=remote.domain.com
ABDEC7BDBB086F46C32956231DCB220670D2C927 IP..S CN=remote.domain.com
B15EE22D1D4500325D940CB340460114ABAE7DF5 IP..S CN=remote.domain.com
3EED33C1750CDEC378EE1B59B23820FAEC9398CD IP..S CN=remote.domain.com
37125CA118C3B60B3F9A03E5DC1CACC9AAD93462 IP..S CN=remote.domain.com
6397DA867426DAE47D1EB995871007A99A863FCC IP..S CN=Sites
3175E798AEE2AECC9BB1AEF3797FB7064B750F4B ..... CN=teawolf-DOMAINSERVE...
B09FFDF5730DA0659EC23C5836D27D31F8D682B4 ..... CN=WMSvc-WIN-L8PB9IMLES6

remote.domain.com is what im using for mail but it doesn't show that it's for mail. All of the certs that say remote.domain.com are expired. the were all self signed and were created on the same date. I'd like to delete them all but when I attmpted to delete them I received the following scary warning - You will not be able to dcrypt data encrypted with this certificate.

I'm a bit out of my comfort zone here not sure how we got several certs on the same date someone must have got a little happy with the -get command.

If anyone has anything to add i would be really happy to take it.. confused..
 
Upvote 0 Downvote
You don't need to delete any certs, but deleting them is unlikely to be a problem. The second cert on the list up there is the one that is being used currently (you can tell because it has IP.WS in the string and not just IP..S. Just focus on having a valid cert and enabling it (enable-exchangecertificate) to use the necessary services (IMAP,POP,IIS,SMTP).

You should get a public cert: they are so cheap now that it's hard to justify the work involved when you don't have one. Given that the hostname is "remote", I'm guessing you have a Small Business Server 2008, and the cert provisioning process for that is even easier than on a vanilla Exchange server.

Dave Shackelford
ThirdTier.net
TrainSignal.com
 
Upvote 0 Downvote
yep good'ol sbs2008 planning on getting a signed cert. but for now i need a quick work around want to get this cert self signed and working then see what else is broken.. Thanks pal
 
Upvote 0 Downvote

[PS] C:\Windows\System32>Enable-ExchangeCertificate -Thumbprint 30D024F812B673B3
C4FCB8E90CB59731A847F9CF -Services "POP, IMAP, IIS, SMTP"
WARNING: This certificate will not be used for external TLS connections with an
FQDN of 'MYSERVER.MYSERVER.local' because the CA-signed certificate with
thumbprint '6B78F3991F7BB795E21A602AB2E5DFEB3B847F52' takes precedence. The
following connectors match that FQDN: Default ~~~~~~, mail.~~~~~.com.
[PS] C:\Windows\System32>

Should I use the thumbprint that takes precedence and enable that one instead of the one that is being used now?
 
Upvote 0 Downvote
I wouldn't do anything differently than you've already done. Since the FQDN is always going to be the internal server name, and the certificate you want to use for the public doesn't have that name on it, you are always going to have this error. Just ignore it.

Check the "Note" in the FQDN section of this link for an explanation:
Dave Shackelford
ThirdTier.net
TrainSignal.com
 
Upvote 0 Downvote
Accept outlook anywhere still doesn't work. Guess I need to look at the rest of the errors in my log. When I test going to auto discover URL I get a 404 error.
 
Upvote 0 Downvote
Well not sure what happened now my moblie users cant connect and when browsing to webmail i get 403 - Forbidden: Access is denied error
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

T
  • Locked
  • Question
How to use third party mail security gateway to scan internal/inter-domain mails in Exchange On-Premise?
Replies
3
Views
1K
DrB0b
DrB0b
microsGuy16
  • Locked
  • Question
Global Address List Names not showing in Outlook OWA 365
Replies
0
Views
2K
microsGuy16
microsGuy16
PatrickRoggers
  • Locked
  • Helpful tip
Safest Way to Import PST file into Exchange Online
Replies
0
Views
1K
PatrickRoggers
PatrickRoggers
Satishkumar007
  • Locked
  • Question
Help needed to recover after complete site failure
Replies
0
Views
1K
Satishkumar007
Satishkumar007
ComputersUnlimited
  • Locked
  • Question
Migrating to Exchange 2019
Replies
0
Views
1K
ComputersUnlimited
ComputersUnlimited

Part and Inventory Search

Sponsor

Back
Top