I'm troubleshooting an Outlook Anywhere issue with a new Exchange 2010 server. The server in question, MS2010, is behind a SonicWALL NSA 2400 device and works wonderfully except for Outlook Anywhere. Outlook Anywhere works internally and I've verified (through Ctrl+Right-Click -> Connection Status) that I'm able to connect to MS2010 over HTTPS.
When trying to connect to the server using HTTPS from outside the firewall, I'm unable to do so. A Wireshark trace shows 30 or so successful HTTPS packet transmissions, and then it fails with 3 straight transmissions to a destination port of 135. I have no idea why my computer is attempting to access anything on port 135 since I've setup my profile to use HTTPS on both slow and fast connections.
I'm 99% certain that the firewall is configured correctly. I run Outlook Web Access (also HTTPS) on the same server and there are no issues with access.
EDIT: AutoDiscover correct
EDIT: My Autodiscover settings are correct (as far as I can tell). My server passes the Outlook Anywhere and Autodiscover tests at https://www.testexchangeconnectivity.com/.
I've been using the RPCPing utility to troubleshoot and have come across the following results:
Internally
>rpcping -t ncacn_http -s mail.mydomain.com -o RpcProxy=mail.mydomain.com -P "pk,mydomain,*" -I "pk,mydomain,*" -H 1 -u 10 -a connect -F 3 -v 3 -E -R none
RPCPing v2.12. Copyright (C) Microsoft Corporation, 2002
OS Version is: 6.1, Service Pack 1
RPCPinging proxy server mail.mydomain.com with Echo Request Packet
Sending ping to server
Response from server received: 200
Pinging successfully completed in 93 ms
Externally
>rpcping -t ncacn_http -s mail.mydomain.com -o RpcProxy=mail.mydomain.com -P "pk,mydomain,*" -I "pk,mydomain,*" -H 1 -u 10 -a connect -F 3 -v 3 -E -R none
RPCPing v6.0. Copyright (C) Microsoft Corporation, 2002-2006
Enter password for RPC/HTTP proxy:
RPCPing set Activity ID: {fc8411ba-2987-4175-b37b-801dc69d5ff9}
RPCPinging proxy server mail.mydomain.com with Echo Request Packet
Setting autologon policy to high
WinHttpSetCredentials for target server called
Error 87 : The parameter is incorrect.
returned in WinHttpSetCredentials
Ping failed
What should I be checking in order to troubleshoot my Outlook Anywhere issues? I'm using Windows 7 SP1 for internal and external access.
EDIT: Autodiscover.xml content
<?xml version="1.0"?>
<Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>John Doe</DisplayName>
<LegacyDN>/o=MYDOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=pk</LegacyDN>
<DeploymentId>d35170cc-f3a7-42c5-9427-1f554a469126</DeploymentId>
</User>
<Account>
<AccountType>email</AccountType>
<Action>settings</Action>
<Protocol>
<Type>EXCH</Type>
<Server>MS2010.MYDOMAIN.local</Server>
<ServerDN>/o=MYDOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=MS2010</ServerDN>
<ServerVersion>738180DA</ServerVersion>
<MdbDN>/o=MYDOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=MS2010/cn=Microsoft Private MDB</MdbDN>
<ASUrl>https://MS2010.MYDOMAIN.local/EWS/Exchange.asmx</ASUrl>
<OOFUrl>https://MS2010.MYDOMAIN.local/EWS/Exchange.asmx</OOFUrl>
<OABUrl>http://MS2010.MYDOMAIN.local/OAB/2c34c9f5-5521-4c8c-b684-538df815052a/</OABUrl>
<UMUrl>https://MS2010.MYDOMAIN.local/EWS/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<PublicFolderServer>MS2007.MYDOMAIN.local</PublicFolderServer>
<AD>dc1.MYDOMAIN.local</AD>
<EwsUrl>https://MS2010.MYDOMAIN.local/EWS/Exchange.asmx</EwsUrl>
<EcpUrl>https://MS2010.MYDOMAIN.local/ecp/</EcpUrl>
<EcpUrl-um>?p=customize/voicemail.aspx&exsvurl=1</EcpUrl-um>
<EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&exsvurl=1</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx></EcpUrl-mt>
<EcpUrl-ret>?p=organize/retentionpolicytags.slab&exsvurl=1</EcpUrl-ret>
<EcpUrl-sms>?p=sms/textmessaging.slab&exsvurl=1</EcpUrl-sms>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>mail.mycompany.com</Server>
<ASUrl>https://mail.mycompany.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://mail.mycompany.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://mail.mycompany.com/OAB/2c34c9f5-5521-4c8c-b684-538df815052a/</OABUrl>
<UMUrl>https://mail.mycompany.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<SSL>On</SSL>
<AuthPackage>Basic</AuthPackage>
<CertPrincipalName>msstd:mail.mycompany.com</CertPrincipalName>
<EwsUrl>https://mail.mycompany.com/ews/exchange.asmx</EwsUrl>
<EcpUrl>https://mail.mycompany.com/owa/</EcpUrl>
<EcpUrl-um>?p=customize/voicemail.aspx&exsvurl=1</EcpUrl-um>
<EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&exsvurl=1</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx></EcpUrl-mt>
<EcpUrl-ret>?p=organize/retentionpolicytags.slab&exsvurl=1</EcpUrl-ret>
<EcpUrl-sms>?p=sms/textmessaging.slab&exsvurl=1</EcpUrl-sms>
</Protocol>
<Protocol>
<Type>WEB</Type>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<Internal>
<OWAUrl AuthenticationMethod="Basic, Fba">https://MS2010.MYDOMAIN.local/owa/</OWAUrl>
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://MS2010.MYDOMAIN.local/EWS/Exchange.asmx</ASUrl>
</Protocol>
</Internal>
<External>
<OWAUrl AuthenticationMethod="Fba">https://mail.mycompany.com/owa/</OWAUrl>
<Protocol>
<Type>EXPR</Type>
<ASUrl>https://mail.mycompany.com/ews/exchange.asmx</ASUrl>
</Protocol>
</External>
</Protocol>
</Account>
</Response>
</Autodiscover>
Best Answer
is the "https://MS2010.MYDOMAIN.local" the URL you're trying to connect to externally? I could be reading your autodiscover wrong, but that's what I'm seeing. If so, that's probably your issue. You need to set your external domain in the outlook anywhere to match what your actual external OWA address is.
http://technet.microsoft.com/en-us/library/aa996902.aspx
See this command as an example: set-OutlookAnywhere -Identity:'CAS01' -ExternalHostName:'site.contoso.com'
Actually, it might be helpful if you could share the following results of: Get-outlookanywhere
Secondly, how is DNS setup? Can we get view of "mydomain.com"?
Do you have port 443 and 80 open on your firewall and pointing to your CAS server?
Does your firewall have a log that you can share?
Basically, if it's not working externally, I'm incline to think its one of the following:
DNS, your firewall or your external outlook anywhere configuration.