Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Outlook Anywhere - connecting inside and outside - credentials error 1

Status
Not open for further replies.
mingtmak

mingtmak

Technical User
Apr 5, 2006
101
CA
I've searched most of the threads in regards to outlook anywhere and I can't seem to find the issue.

When I try to connect inside or outside using HTTP, I get a certificate error (expected) and then it asks for login credentials to connect to the server. No credentials work.
When I cancel it, it brings up the mail server name and the user name. This happens inside and out of the network.

Here's where I see some inconsistency. It brings up the name of '<exchangeservername.xxx.local>'. I created a dns address of 'exchange.xxx.ca' internally and externally.
When I change it to the latter, it gives me a "cannot complete...no connection to exchange is available..." if I leave it to the former it gives me "your server or mailbox names cannot be resolved".

email domain: xxx.ca
internal AD domain: xxx.local
I've tested only on a client that's not part of the domain since non-domain users are required to use this service.

I won't comment on autodiscover since the issue is happening inside and out. Autodiscover tests are successfully testing outside.
Exchange OWA is setup and working perfectly

has anyone seen anything like this? I'm quite aware it's probably something completely stupid.

Thanks

- Jon
 
Sort by date Sort by votes
You haven't properly defined your internal and external OWA urls, it sounds like to me. Go into the Server\CAS settings and look at OWA. You will see two URLs, one for internal and one for external. If you have a 3rd party cert and have set up a forward lookup zone internally using your external domain name, you can use the external URL for both. Otherwise you'll want your external URL on the external setting and the...internal URL (.local) on the internal setting....

Dave Shackelford
Shackelford Consulting
 
Upvote 0 Downvote
Otherwise you'll want your external URL on the external setting and the...internal URL (.local) on the internal setting....
Click to expand...
That's assuming you're using a subject alternative name certificate with both names defined.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
Upvote 0 Downvote
Very true. Jon, what kind of cert did you get? Was it a single name cert, or a SAN/UCC cert with multiple names? I assumed that since autodiscover works, that it was a SAN cert.

Dave Shackelford
Shackelford Consulting
 
Upvote 0 Downvote
Thanks for the responses guys.
I have OWA working properly using a selfssl created certificate. So internally and externally, there are no certificate errors. So I don't think this is a certificate issue.
I will post some screen caps tomorrow.

- Jon
 
Upvote 0 Downvote

I get to step 5 in the above article, "5. We are prompted to Logon to MBX server" except whatever credentials I put in fail. This happens inside and outside.
Then I get the "there's no connection to the server" after a few attempts.

The certificate is a self-signed certificate I generated using the SelfSSL tool. I'll probably have to recreate it to have the multiple names. But I would expect that I should still get a connection without the proper certificate. Could this be causing the issue? I don't think it should.

Thanks for the link. It's giving me the expected certificate errors. (mismatching name).

- Jon
 
Upvote 0 Downvote
Yes, I did.

here are some more details.
From inside I was able to add the exchange account to the laptop.
Inside the network, it now works. When I check the connection status (ctrl-right click Outlook system tray icon), the mail connection shows it's connecting by HTTPS but the directory connection is showing as TCP. (should be HTTPS).
Taking the laptop outside, I can now email from outside to any outside clients but I can't email any clients that belong to the same domain as the notebook.
directory connection is showing as not established instead in the connection status.

Still can't connect to an Exchange account outside of the network, which makes sense.

- Jon
 
Upvote 0 Downvote
What if you specify the internal client by full email address? Does it go through then? If so, then what is broken is the directory lookup.

It wasn't clear if you had any other email accounts configured on your mail client. Do you just have the Exchange, or is there also a POP3/IMAP account as well?

Dave Shackelford
Shackelford Consulting
 
Upvote 0 Downvote
sorry a slight correction on my above post
"Still can't CREATE A NEW Exchange CONNECTION outside of the network, which makes sense."

when I specify the internal client by the full email address, Outlook pops up with a dialog bubble that says the connection to Exchange is not available. When I send an email to any outside address, it sends with no issue.

No other email accounts are setup on the client.

- Jon
 
Upvote 0 Downvote
ok, a little update....

I can now send email to internal clients. Still required to login with user@domain.local when outlook opens the first time.
I can also create calendar items.
GAL is available.
I have no specifc solution as to what enabled this. But I made few changes.

-created a multiple name certificate using selfssl. names of 'autodiscover.domain.ca' and 'mail.domain.ca' were used. Seemed to just stop the certificate errors.
-verified global address list was updated in EMC yesterday. This could have been empty before and by updating I populated the list. User had mentioned before that they did not have this show up in OWA, previously.
-added "rpccfg /ha mail.domain.ca 6001-6002 6004" to the Exchange server.
after this (not immediately, however) I was able to do an rpcping with the W2K3 resource tools successfully using the -E option, then the -e 6001...6004.
This might have been the critical step.
-ensured all authentication methods were set to Basic authentication.

still unsolved...
- The Outlook connection status window still doesn't show the directory connections as established.
- Still cannot add an Exchange connection for an Outlook client from outside the network.

I'd still like to resolve the last 2 items but the major functionality issues seemed to have been fixed...

Thanks for your assistance guys!

- Jon
 
Upvote 0 Downvote
Jon, thanks for posting back with what you did and breaking things down for everyone.

So you can't connect an Outlook 2007 client to the server via Outlook Anywhere? If Autodiscover is working, you should be able to have the client auto-provision.

Dave Shackelford
Shackelford Consulting
 
Upvote 0 Downvote
Now I'm getting a constant login prompt for internal users...

users (one site a domain, the other not) are getting login prompts everytime they open outlook.

- Jon
 
Upvote 0 Downvote
I wish I could show you what a working config looks like so that you could compare it with yours, but that's too many screenshots to take. Maybe a remote session.

Dave Shackelford
Shackelford Consulting
 
Upvote 0 Downvote
The login issue was the users not importing the certificate correctly. ugh...

Thanks Dave, that would probably be really helpful. I've contacted a Microsoft contact and waiting for them to get back to me.



- Jon
 
Upvote 0 Downvote
ok...on Friday users with Outlook 2007 on Vista were all getting log on issues.

I'm wondering if it's the OAB not configured correctly.
When a user connects to the OAB website ( what should they see? I get a login prompt then after 3 times, I get a failed login page.

Also EventID 12014 was occuring, I'm hoping I have it fixed now.
- Jon
 
Upvote 0 Downvote
I created a case with Microsoft on the login issue and everything was resolved (login issue and Outlook Anywhere). I'll post the steps later. There were a few steps that were made that didn't seem to be a requirement from the documentation and research I did online.
One of which was the Exchange Server being set as a Global Catalog server. This is why autodiscover wasn't able to do a name lookup outside of the network. (I've seen screen shots and steps where it was not a requirement, the MS tech couldn't figure it out).

Anyway, it's all gravy now. thanks for your help again!

I'll post the steps once I receive the case notes from MS.

- Jon
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

microsGuy16
  • Locked
  • Question
Global Address List Names not showing in Outlook OWA 365
Replies
0
Views
2K
microsGuy16
microsGuy16
david jackson
  • Locked
  • Question
Extract only the subject and recipients from a mailbox
Replies
0
Views
1K
david jackson
david jackson
Rohit Bareja
  • Locked
  • Question
View and access only own records, and not the records by others on SharePoint.
Replies
3
Views
1K
garysm
garysm
dajohnso
  • Locked
  • Question
Outlook POP3 cant connect to exchange 2007
Replies
3
Views
126
BN75
BN75
watsson7278
  • Locked
  • Question
USB Error
Replies
1
Views
90
strongm
strongm

Part and Inventory Search

Sponsor

Back
Top