[isalist] Re: Problem Connecting to Outlook Anywhere
- From: Rob Moore <RMoore@xxxxxxxx>
- To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 5 Feb 2009 15:49:10 -0500
Hello all-
Obviously, it's taken me a while to work some more on this. But I have. The
first thing I tried was connecting Outlook over RPC internally (that is, not
through the firewall, just on the LAN). I configured the Outlook client and
then looked at its connection status. What I found is that I'm getting RPC
connection to the Exchange server, but the connection to the DC is over TCP/IP.
Is that the root of why I can't connect over RPC externally? And what would
cause the DC communication to be over TCP/IP? Is there something I need to
configure on my DCs?
Thanks,
Rob
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Harrison
Sent: Tuesday, January 13, 2009 10:23 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Problem Connecting to Outlook Anywhere
Those log entries are pretty much normal for successful OA connections, so they
won't help anyway.
Have a read in my blog series on troubleshooting RPC/HTTP - this isn't as
simple as browser-based email.
http://blogs.technet.com/isablog/archive/2007/08/13/testing-rpc-over-http-through-isa-server-2006-part-1-protocols-authentication-and-processing.aspx
http://blogs.technet.com/isablog/archive/2007/08/13/testing-rpc-over-http-through-isa-server-2006-part-2-test-tools-and-strategies.aspx
http://blogs.technet.com/isablog/archive/2007/08/13/testing-rpc-over-http-through-isa-server-2006-part-3-common-failures-and-resolutions.aspx
Make sure you install the CA cert in the local coputer trusted roots store;
just dbl-clicking and following the import ewirdzard will NOT accomplish that
requirement.
Jim
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On Behalf Of
Rob Moore [RMoore@xxxxxxxx]
Sent: Tuesday, January 13, 2009 7:13 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Problem Connecting to Outlook Anywhere
Thanks for your input, Jim. Sorry for the delay.
I just went through the procedure to install the cert on the client machine.
(For what it's worth, the cert is commercial.) Unfortunately it didn't make any
difference. I'm still not getting through with Outlook Anywhere, and I'm still
getting the same error messages on ISA.
Any other thoughts anyone?
Thanks,
Rob
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Harrison
Sent: Monday, January 12, 2009 1:45 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Problem Connecting to Outlook Anywhere
The OA client MUST trust the CA that issued the certificate you apply to the
ISA web listener that services Exch webmail.
It doesn't matter if you got the cert from Bob's House of Cheep Certs or FSM
himself.
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Rob Moore
Sent: Monday, January 12, 2009 8:33 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Problem Connecting to Outlook Anywhere
Hello all-
Using ISA 2006 SP1 Standard.
I've been slowly implementing Exchange 2007. For all the ISA-related stuff I've
been following Dr. Tom's series of articles. Everything is good so far except I
haven't been able to get Outlook Anywhere to go.
I followed Part 6 of the series to publish the RPC/HTTP site.
Following Part 7 of the series, Tom says "if the machine connecting to the
RPC/HTTP site is not a domain member, or if you have not installed an
enterprise CA, then you will have to add the certificate manually." The machine
I'm testing with is NOT a domain member, but we DO have an enterprise CA. So I
did not install the CA certificate on the client. (If that's the root of the
problem, let me know.) I'm testing from a Windows XP machine that is outside
our network (though it is connected to the same router).
Since I didn't export and install a certificate, I skipped up to the section on
editing the HOSTS file. I didn't modify the HOSTS file, because our mail server
has a public IP address (209.120.230.100) that the client knows about through
public DNS. Our Client Access Server has a different public address
(209.120.230.118) that the client also knows about through public DNS.
When I get to the "Microsoft Exchange Settings" page, in the Microsoft Exchange
server field I put in "mail.afsc.org" (the public name of our mail server), and
in the User Name field I put in my user name (rmoore). When I click the "More
Settings" button, it thinks for a second, then fills in underlines the private
name of our Exch2007 server (Delta2.afsc.local) and fills in and underlines my
name. I then go through the rest of the configuration and all seems OK.
But, when I try to open Outlook, it prompts me repeatedly for my password,
which never works. When I look at my ISA server to see what errors I'm getting,
I first get an Action of "Initiated Connection" with the Result Code of "0x0
ERROR_SUCCESS". That's followed immediately by an Action of "Closed Connection"
with the Result Code of "0x80074e21 FWX_E_ABORTIVE_SHUTDOWN". For both of those
log entries, the Destination IP is 209.120.230.118 (our Client Access Server).
Googling that second Result Code didn't help much, and I've searched through
the forums at isaserver.org, not finding what I need.
Where have I gone wrong?
Thanks,
Rob
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Rob Moore
Network Manager
215-241-7870
Help Desk: 800-500-AFSC
Other related posts:
