|
There is a known issue about Outlook 2007 and wildcard certificates.
Looking back over this... lets try changing the rpc proxy registry key a bit
based on your description of:
internal name: exchange.company.local
external name: owa.company.com
I would set the ValidPorts registry value to:
exchange:6001-6002;exchange:6004;exchange.company.local:6001-6002;exchange.company.local:6004;owa.company.com:6001-6002;owa.company.com:6004
"evans leung" <evans_leung@hotmail.com> wrote in message
news:ub9SckaNJHA.3684@TK2MSFTNGP04.phx.gbl...
Looking back over this... lets try changing the rpc proxy registry key a bit
based on your description of:
internal name: exchange.company.local
external name: owa.company.com
I would set the ValidPorts registry value to:
exchange:6001-6002;exchange:6004;exchange.company.local:6001-6002;exchange.company.local:6004;owa.company.com:6001-6002;owa.company.com:6004
"evans leung" <evans_leung@hotmail.com> wrote in message
news:ub9SckaNJHA.3684@TK2MSFTNGP04.phx.gbl...
> same... is this a known issue?
>
> "neo [mvp outlook]" <neo@discussions.microsoft.com> wrote in message
> news:uJf$HrVNJHA.4600@TK2MSFTNGP06.phx.gbl...
>
>
> "neo [mvp outlook]" <neo@discussions.microsoft.com> wrote in message
> news:uJf$HrVNJHA.4600@TK2MSFTNGP06.phx.gbl...
>> safe to assume the result is the same if you remove the msstd setting?
>>
>> "Evans Leung" <evans_leung@hotmail.com> wrote in message
>> news:OmwAB8KNJHA.1304@TK2MSFTNGP02.phx.gbl...
>>
>>>
>> "Evans Leung" <evans_leung@hotmail.com> wrote in message
>> news:OmwAB8KNJHA.1304@TK2MSFTNGP02.phx.gbl...
>>>i use the same settings in all fields in OL2007 just like in OL2003...
>>>
>>> msstd:owa.company.com
>>>
>>> "neo [mvp outlook]" <neo@discussions.microsoft.com> wrote in message
>>> news:utSBqjKNJHA.5564@TK2MSFTNGP03.phx.gbl...
>>>
>>>>>
>>> msstd:owa.company.com
>>>
>>> "neo [mvp outlook]" <neo@discussions.microsoft.com> wrote in message
>>> news:utSBqjKNJHA.5564@TK2MSFTNGP03.phx.gbl...
>>>> hmm... so much for the hunch of OL2007 and a wild card cert...........
>>>>
>>>> When you configure OL2007 for RPC/HTTP, are you setting the principal
>>>> name for the proxy field (its the place where you put
>>>> msstd:some.server.name)?
>>>>
>>>> "Evans Leung" <evans_leung@hotmail.com> wrote in message
>>>> news:ebucv%23JNJHA.5232@TK2MSFTNGP05.phx.gbl...
>>>>
>>>>>>>
>>>> When you configure OL2007 for RPC/HTTP, are you setting the principal
>>>> name for the proxy field (its the place where you put
>>>> msstd:some.server.name)?
>>>>
>>>> "Evans Leung" <evans_leung@hotmail.com> wrote in message
>>>> news:ebucv%23JNJHA.5232@TK2MSFTNGP05.phx.gbl...
>>>>> not a wild card one, just one, owa."company.com"
>>>>>
>>>>> "neo [mvp outlook]" <neo@discussions.microsoft.com> wrote in message
>>>>> news:OEYVwdDNJHA.3764@TK2MSFTNGP04.phx.gbl...
>>>>>
>>>>>>>>>
>>>>> "neo [mvp outlook]" <neo@discussions.microsoft.com> wrote in message
>>>>> news:OEYVwdDNJHA.3764@TK2MSFTNGP04.phx.gbl...
>>>>>> Not quite what I'm asking. A wildcard certificate shows that the
>>>>>> name the certificate was issued to is *.some.domain. A subject
>>>>>> alternatitive name (SAN) is where the certificate is multiple fqdn
>>>>>> server names. For example, you can have a certificate that can be
>>>>>> used for owa.some.domain, autodiscovery.some.domain,
>>>>>> smtp.some.domain, pop3.some.domain, .etc.
>>>>>>
>>>>>> "Evans Leung" <evans_leung@hotmail.com> wrote in message
>>>>>> news:eWMHP89MJHA.1308@TK2MSFTNGP02.phx.gbl...
>>>>>>
>>>>>>>>>>> name the certificate was issued to is *.some.domain. A subject
>>>>>> alternatitive name (SAN) is where the certificate is multiple fqdn
>>>>>> server names. For example, you can have a certificate that can be
>>>>>> used for owa.some.domain, autodiscovery.some.domain,
>>>>>> smtp.some.domain, pop3.some.domain, .etc.
>>>>>>
>>>>>> "Evans Leung" <evans_leung@hotmail.com> wrote in message
>>>>>> news:eWMHP89MJHA.1308@TK2MSFTNGP02.phx.gbl...
>>>>>>> Verisign
>>>>>>>
>>>>>>> "neo [mvp outlook]" <neo@discussions.microsoft.com> wrote in message
>>>>>>> news:e0Gmgo9MJHA.4248@TK2MSFTNGP03.phx.gbl...
>>>>>>>
>>>>>>>>>>>>>
>>>>>>> "neo [mvp outlook]" <neo@discussions.microsoft.com> wrote in message
>>>>>>> news:e0Gmgo9MJHA.4248@TK2MSFTNGP03.phx.gbl...
>>>>>>>> Interesting. What kind of certificate are you using on the ISA
>>>>>>>> box? (wildcard, san, .etc)
>>>>>>>>
>>>>>>>> "Evans Leung" <evans_leung@hotmail.com> wrote in message
>>>>>>>> news:e7%23Eq$uMJHA.4900@TK2MSFTNGP04.phx.gbl...
>>>>>>>>
>>>>>>>>>>>>>>> box? (wildcard, san, .etc)
>>>>>>>>
>>>>>>>> "Evans Leung" <evans_leung@hotmail.com> wrote in message
>>>>>>>> news:e7%23Eq$uMJHA.4900@TK2MSFTNGP04.phx.gbl...
>>>>>>>>> thanks for your reply, it puzzeles me that the current setup has
>>>>>>>>> been working well with Outlook 2003 but not Outlook 2007...
>>>>>>>>>
>>>>>>>>> Evans
>>>>>>>>>
>>>>>>>>> "neo [mvp outlook]" <neo@discussions.microsoft.com> wrote in
>>>>>>>>> message news:OrFpO4uMJHA.5060@TK2MSFTNGP02.phx.gbl...
>>>>>>>>>
>>>>>>>>>>>>>>>>> been working well with Outlook 2003 but not Outlook 2007...
>>>>>>>>>
>>>>>>>>> Evans
>>>>>>>>>
>>>>>>>>> "neo [mvp outlook]" <neo@discussions.microsoft.com> wrote in
>>>>>>>>> message news:OrFpO4uMJHA.5060@TK2MSFTNGP02.phx.gbl...
>>>>>>>>>> ISA2004 adds a layer of complexity, but
>>>>>>>>>> http://www.isaserver.org/tutorials/2004pubowamobile.html might be
>>>>>>>>>> helpful to you.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> "Evans Leung" <evans_leung@hotmail.com> wrote in message
>>>>>>>>>> news:ekMYbfuMJHA.5564@TK2MSFTNGP03.phx.gbl...
>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> http://www.isaserver.org/tutorials/2004pubowamobile.html might be
>>>>>>>>>> helpful to you.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> "Evans Leung" <evans_leung@hotmail.com> wrote in message
>>>>>>>>>> news:ekMYbfuMJHA.5564@TK2MSFTNGP03.phx.gbl...
>>>>>>>>>>> Neo,
>>>>>>>>>>>
>>>>>>>>>>> I have a similar situation, my domain is company.local, server
>>>>>>>>>>> name is exchange
>>>>>>>>>>>
>>>>>>>>>>> with respect to your suggestion to change ValidPorts entry:
>>>>>>>>>>>
>>>>>>>>>>> at the moment I have:
>>>>>>>>>>>
>>>>>>>>>>> exchange:6001-6002;exchange.company.local:6001-6002;exchange:6004;exchange.company.local:6004
>>>>>>>>>>>
>>>>>>>>>>> do I need to change the above entry?
>>>>>>>>>>>
>>>>>>>>>>> the outlook 2007 (installed in Windows XP SP2) rpc-over-http
>>>>>>>>>>> only works outside the network only if it VPN in (we use ISA2004
>>>>>>>>>>> here)
>>>>>>>>>>>
>>>>>>>>>>> thanks,
>>>>>>>>>>> Evans
>>>>>>>>>>>
>>>>>>>>>>> "neo [mvp outlook]" <neo@discussions.microsoft.com> wrote in
>>>>>>>>>>> message news:%23YcxBRiIJHA.468@TK2MSFTNGP06.phx.gbl...
>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>> I have a similar situation, my domain is company.local, server
>>>>>>>>>>> name is exchange
>>>>>>>>>>>
>>>>>>>>>>> with respect to your suggestion to change ValidPorts entry:
>>>>>>>>>>>
>>>>>>>>>>> at the moment I have:
>>>>>>>>>>>
>>>>>>>>>>> exchange:6001-6002;exchange.company.local:6001-6002;exchange:6004;exchange.company.local:6004
>>>>>>>>>>>
>>>>>>>>>>> do I need to change the above entry?
>>>>>>>>>>>
>>>>>>>>>>> the outlook 2007 (installed in Windows XP SP2) rpc-over-http
>>>>>>>>>>> only works outside the network only if it VPN in (we use ISA2004
>>>>>>>>>>> here)
>>>>>>>>>>>
>>>>>>>>>>> thanks,
>>>>>>>>>>> Evans
>>>>>>>>>>>
>>>>>>>>>>> "neo [mvp outlook]" <neo@discussions.microsoft.com> wrote in
>>>>>>>>>>> message news:%23YcxBRiIJHA.468@TK2MSFTNGP06.phx.gbl...
>>>>>>>>>>>> You should be asking this question over in one of the
>>>>>>>>>>>> microsoft.public.exchange support groups. Also, you will need
>>>>>>>>>>>> to clarify your post a bit. Based on the below, I would assume
>>>>>>>>>>>> that you have a single Exchange server setup. If my
>>>>>>>>>>>> understanding is right, you high level checks would be...
>>>>>>>>>>>>
>>>>>>>>>>>> 1) Ensure that the RPC proxy component is installed on your
>>>>>>>>>>>> Windows 2003 (SP1/SP2)/Exchange 2003 SP2 server
>>>>>>>>>>>>
>>>>>>>>>>>> 2) Enable the Exchange server as an RPC/HTTPS backend server.
>>>>>>>>>>>> (Exchange System Manager > Right click on server object >
>>>>>>>>>>>> Properties > RPC-HTTP tab) You may have to add the necessary
>>>>>>>>>>>> registry keys to get this working. Location in registry is:
>>>>>>>>>>>>
>>>>>>>>>>>> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy
>>>>>>>>>>>>
>>>>>>>>>>>> The DWORD value Enabled should be set to 1
>>>>>>>>>>>> The REG_SZ value ValidPorts would be set to
>>>>>>>>>>>> ServerNETBIOSName:6001-6002;ServerNETBIOSName:6004;ServerFQDNName:6001-6002;ServerFQDNName:6004
>>>>>>>>>>>>
>>>>>>>>>>>> To explain the ValidPort line better, assume that the name of
>>>>>>>>>>>> the Exchange server is EXCH01 and the domain name I'm working
>>>>>>>>>>>> with is contoso.com. The ValidPorts entry would be:
>>>>>>>>>>>>
>>>>>>>>>>>> exch01:6001-6002;exch01:6004;exch01.contoso.com:6001-6002;exch01.contoso.com:6004
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> 3) I would test the connection on the internal network before
>>>>>>>>>>>> testing from the internet.
>>>>>>>>>>>>
>>>>>>>>>>>> Other than that, test with SSL enabled and if you are using a
>>>>>>>>>>>> private (internal) certificates to secure the web/rpc proxy
>>>>>>>>>>>> services, make sure that a copy of the signing certificate
>>>>>>>>>>>> authority is installed on the workstations. The client
>>>>>>>>>>>> operating system (assuming Windows XP SP2 or newer) will verify
>>>>>>>>>>>> the SSL certificate back to the issuing certificate authority.
>>>>>>>>>>>>
>>>>>>>>>>>> "Daniel Mazur" <news@compits.net> wrote in message
>>>>>>>>>>>> news:%23CNE8XYIJHA.4896@TK2MSFTNGP04.phx.gbl...
>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> microsoft.public.exchange support groups. Also, you will need
>>>>>>>>>>>> to clarify your post a bit. Based on the below, I would assume
>>>>>>>>>>>> that you have a single Exchange server setup. If my
>>>>>>>>>>>> understanding is right, you high level checks would be...
>>>>>>>>>>>>
>>>>>>>>>>>> 1) Ensure that the RPC proxy component is installed on your
>>>>>>>>>>>> Windows 2003 (SP1/SP2)/Exchange 2003 SP2 server
>>>>>>>>>>>>
>>>>>>>>>>>> 2) Enable the Exchange server as an RPC/HTTPS backend server.
>>>>>>>>>>>> (Exchange System Manager > Right click on server object >
>>>>>>>>>>>> Properties > RPC-HTTP tab) You may have to add the necessary
>>>>>>>>>>>> registry keys to get this working. Location in registry is:
>>>>>>>>>>>>
>>>>>>>>>>>> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy
>>>>>>>>>>>>
>>>>>>>>>>>> The DWORD value Enabled should be set to 1
>>>>>>>>>>>> The REG_SZ value ValidPorts would be set to
>>>>>>>>>>>> ServerNETBIOSName:6001-6002;ServerNETBIOSName:6004;ServerFQDNName:6001-6002;ServerFQDNName:6004
>>>>>>>>>>>>
>>>>>>>>>>>> To explain the ValidPort line better, assume that the name of
>>>>>>>>>>>> the Exchange server is EXCH01 and the domain name I'm working
>>>>>>>>>>>> with is contoso.com. The ValidPorts entry would be:
>>>>>>>>>>>>
>>>>>>>>>>>> exch01:6001-6002;exch01:6004;exch01.contoso.com:6001-6002;exch01.contoso.com:6004
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> 3) I would test the connection on the internal network before
>>>>>>>>>>>> testing from the internet.
>>>>>>>>>>>>
>>>>>>>>>>>> Other than that, test with SSL enabled and if you are using a
>>>>>>>>>>>> private (internal) certificates to secure the web/rpc proxy
>>>>>>>>>>>> services, make sure that a copy of the signing certificate
>>>>>>>>>>>> authority is installed on the workstations. The client
>>>>>>>>>>>> operating system (assuming Windows XP SP2 or newer) will verify
>>>>>>>>>>>> the SSL certificate back to the issuing certificate authority.
>>>>>>>>>>>>
>>>>>>>>>>>> "Daniel Mazur" <news@compits.net> wrote in message
>>>>>>>>>>>> news:%23CNE8XYIJHA.4896@TK2MSFTNGP04.phx.gbl...
>>>>>>>>>>>>> having trouble seeing my exchange server via outlook 2007 over
>>>>>>>>>>>>> the internet
>>>>>>>>>>>>> connecting to my Exchange Enterprise Server 2003. Have
>>>>>>>>>>>>> followed Microsoft
>>>>>>>>>>>>> instructions, testing first without use of of SSL
>>>>>>>>>>>>> certificates. I may be a
>>>>>>>>>>>>> bit confused about front end and backend servers. I have one
>>>>>>>>>>>>> PC, a domain
>>>>>>>>>>>>> controller at our office, a seperate PC with Exchange Only on
>>>>>>>>>>>>> it, connecting
>>>>>>>>>>>>> to the Domain Controller, and another PC with Blackberry
>>>>>>>>>>>>> Enterprise
>>>>>>>>>>>>> installed. The purpose of this is to get away from use of the
>>>>>>>>>>>>> VPN
>>>>>>>>>>>>> connection required to be part of the local network for
>>>>>>>>>>>>> Exchange User access
>>>>>>>>>>>>> off property. Sounds good configuring settings into the
>>>>>>>>>>>>> Outlook only and
>>>>>>>>>>>>> preventing other local access this way. Any ideas? Again,
>>>>>>>>>>>>> cannot get the
>>>>>>>>>>>>> Outlook to see the Exchange Server during the logon name and
>>>>>>>>>>>>> password to
>>>>>>>>>>>>> server process.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>> the internet
>>>>>>>>>>>>> connecting to my Exchange Enterprise Server 2003. Have
>>>>>>>>>>>>> followed Microsoft
>>>>>>>>>>>>> instructions, testing first without use of of SSL
>>>>>>>>>>>>> certificates. I may be a
>>>>>>>>>>>>> bit confused about front end and backend servers. I have one
>>>>>>>>>>>>> PC, a domain
>>>>>>>>>>>>> controller at our office, a seperate PC with Exchange Only on
>>>>>>>>>>>>> it, connecting
>>>>>>>>>>>>> to the Domain Controller, and another PC with Blackberry
>>>>>>>>>>>>> Enterprise
>>>>>>>>>>>>> installed. The purpose of this is to get away from use of the
>>>>>>>>>>>>> VPN
>>>>>>>>>>>>> connection required to be part of the local network for
>>>>>>>>>>>>> Exchange User access
>>>>>>>>>>>>> off property. Sounds good configuring settings into the
>>>>>>>>>>>>> Outlook only and
>>>>>>>>>>>>> preventing other local access this way. Any ideas? Again,
>>>>>>>>>>>>> cannot get the
>>>>>>>>>>>>> Outlook to see the Exchange Server during the logon name and
>>>>>>>>>>>>> password to
>>>>>>>>>>>>> server process.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
All times are in (US) Eastern Daylight Time (GMT -4:00)