Exchange 2007 Migration Outlook Anywhere Issues

So we're in the midst of migrating from a single server 2003 to single server 2007. I'm having problems with Outlook Anywhere working properly with the Exchange 2007 server. All services have been moved over to the new server, though all mailboxes have not moved over yet. CAS agrees to proxy mailboxes that are on the 2003 server, but refuses for anything on the 2007 server. Rpcping is returning exception 1722 when I test ports 6001, 6002 and 6004 on the new server. Oddly enough it returns exception 5 on the old server for those ports, which is supposed to be access denied according to this article How to use the RPC Ping utility to troubleshoot connectivity issues with the Exchange over the Internet feature in Outlook 2007 and in Outlook 2003 but Outlook Anywhere works for mailboxes on that server. I checked ValidPorts according to this article You Had Me At EHLO... : How does Outlook Anywhere work (and not work)? which looks correct. Even went through the steps for taking dsproxy out of the equation. Users are able to login through owa and I do have a proper 3rd party cert assigned to the site. Any help and ideas would be appreciated as I feel like I'm hitting a wall right now. Thanks.
Jumping on the IT blogging band wagon -- http://www.jefferyland.com/

Comments

  • ClaymooreClaymoore Member Posts: 1,637
    This website is about to be your new best friend:

    https://testexchangeconnectivity.com/

    Just to be sure, is Outlook Anywhere enabled for the users on your 2007 server?
  • undomielundomiel Member Posts: 2,818
    Nice site, I definitely could have used that earlier this week. :) Yes, Outlook Anywhere is enabled. Site did throw an error on pinging rpc endpoint 6001. The "fix it" link took me to an article I've already browsed for verifying the ValidPorts key and testing via telnet (which works internally). Just verified again and yes they are responding to telnet.
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    Only thing I can think of... Check whether Basic or NTLM is set on the server side for Outlook Anywhere and verify that the client is using the same.
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • undomielundomiel Member Posts: 2,818
    That was my initial thought as well but I had verified the settings several thousand times with no success. Project's on hold now as things went from bad to worse with the mail database getting corrupted. Had to fix that then migrate those accounts off back to the old server. It was pie on the face of the IT department that day I tell you.
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    We've all had days like that.

    Can you tell us a little more about your setup? Is it a single 2003 server and a single 2007 server with HT/CAS/Mailbox?
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • undomielundomiel Member Posts: 2,818
    Bingo, single 2003 server to single 2007 server MB/CAS/HT. 2003 is a MS virtual server hosted on top of a DC. Note, I had nothing whatsoever to do with setting up that environment. :) And one SonicWall that doesn't do port redirection so I've had to get tricky to have coexistence for access to both boxes since apparently webmail doesn't proxy but redirects when you have the CAS on the MB server. So it has been a bit of a pain from day one.
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
  • ClaymooreClaymoore Member Posts: 1,637
    Corrupted mailbox stores are no fun.

    Either by expanding the test results from the testexchangeconnectivity site or from the Test E-mail Autoconfiguration option in Outlook 2007, you can examine the XML data that is returned from the autodiscover service. There should be two sections that list the web services urls, one is EXCH and one is EXPR. The EXPR records should be the same as the ExternalURL property of the web services virtual directory when you do a get-webservicesvirtualdirectory | fl .

    You want to make sure the URLs that are being returned are the same and are correct. Check for typos, http instead of https, resolvable/routable web address, correct authentication methods, SSL enabled, etc.

    There seems to be some confusion about the difference between the InternalURL and ExternalURL settings. I was confused, MS support was confused, and the documentation was confused so there is some confusion. It turns out the ExternalURL site setting on the webservicesvirtualdirectory is ONLY advertised if Outlook Anywhere is enabled and is ONLY used by Outlook Anywhere. Documentation that tells you to set this for cross-forest availability is wrong (but should be fixed soon) - in every other case the InternalURL will be returned. When ISA is used to publish Autodiscover, the link translation settings will re-write the XML data and change https://autodiscover.domain.local to https://autodiscover.domain.com. The internal and external URL settings for OWA operated differently, and AFAIK the use/disuse of these settings for OWA CAS redirection works as documented.
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    I assumed he was trying to set up the clients manually... are you using autodiscover?
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • undomielundomiel Member Posts: 2,818
    Clients are all set up manually. Unfortunately I won't be able to poke at this for a couple of weeks since people so freaked out on the Friday Failure. Still dealing with some fallout from that with some clients unable to redirect back to the old server. Fixing those manually one by one as they come in.
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    You may be having a GC problem then... either that or exchange 2003 is configured manually to point to a DC that isn't a GC or something
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • royalroyal Member Posts: 3,352 ■■■■□□□□□□
    “For success, attitude is equally as important as ability.” - Harry F. Banks
  • undomielundomiel Member Posts: 2,818
    Yes, Server 2008. I'd already caught the IPv6 documentation and had that disabled. Made sure it was listening on those ports as well which it was. The buggy NTLM could apply though. Thanks for the list!
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
  • undomielundomiel Member Posts: 2,818
    Ok, finally have a resolution on this one. Answer? None of the above.

    The OAB had to be recreated. Once that was done, replicated and assigned, everything else just fell into place. Time to start migrating users once again!
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
Sign In or Register to comment.