Connect exchange mailbox using http "Outlook 2003"

[Guest]

Hi,

I am running Exchange Server 2003 and am trying to connect via http using
rpc over http from my laptop using Outlook 2003.

I have set up the connection to my mailbox from outlook inside our lan but I
am trying to create an http connection from outlook to exchange for when I am
not in the office.

I can connect, externally to "Remote Web Workplace" on our server using
https://servername.domain.com/remote so the https passthrough seems to be
fine.

I have set all the setting up for connecting via http correctly and the rpc
over https service is running. I get as far as opening outlook and entering
my password and outlook say "trying to connect" but after a few seconds I am
once again prompted to enter my password.....and so on..... The username and
password are definately correct but I can't make the connection.

I am running Windows XP SP2 from the laptop running windows firewall. I am
also running AVG anti virus on the laptop and the server. The server has no
firewall running on it but I am running a hardware firewall on the router.

Please help.

Steve

 

[neo [mvp outlook]]

If you are using a self signed certificate (or internal certificate
authority) to ensure that the https protocol works, two things must be
insured...

1) You should not receive any type of security alert dialog if you open your
web browser and type:
https://servname.domain.com/rpc

2) Outlook will verify the certificate back to the Certificate Authority
that signed it. Therefore this CA certificate must exist in the Trusted
Root store of the workstation.

3) Last but not least, some firewall based devices munge NTLM
authentication. Make sure that the /rpc folder in IIS only accepts Basic
Auth.

 

[Guest]

Hi Neo,

I have tested all that and everything appears to be set up perfectly. Basic
Autentication only is selected in the RPC folder of Default Web Site in IIS.

I browsed to https://servernam.domain.com/rpc and I was presented with the
username and password box again but this did the same thing - it would not
accept my details and kept displaying the username and password box.

I don't receive a security alert when browsing to
https://servername.domain.com - I did originally but I have now installed the
certificate on my laptop and the connection just goes straight in now.

I am not sure how to find if the certificate exists in the trusted root of
my laptop but I went into internet explorer tools>internet
options>content>trusted root certificate and the certificate for the
connection was there and installed properly.

Do you have any other suggestions?

Kindest thanks,

Steve

 

[neo [mvp outlook]]

I'm still leaning that the cert didn't get stored in the right place. Try
this to make sure that it is in the computers trusted root store.

start > run > mmc.exe > ok button. File > Add/remove snapin > add button >
select certificates > add button > computer account > next > local computer

finish button > close button > ok button > ok button. Expand Certificates
Expand Trusted Root > Certificates. This is where a copy of the

self-signed or internal certificate authority cert needs to be.

 

[Guest]

Hi Neo,

I looked at the trusted root certificate node in the certificate snap-in on
my laptop and the certificate was not there. I copied the certificate from
the SBS 2003 server to my laptop and imported it in to the trusted root
certificate node but still no joy!!

All I did was copy the certificate from the c:\ClientAppds\SBScerts folder
on the SBS 2003 server to the desktop on my laptop. I then opened the
certificate snap-in and imported the certificate from the desktop into the
trusted root certificate node.

Is there anything else I should have or need to do?

Kindest Regards

Steve

 

[neo [mvp outlook]]

Assuming that you are using the same certificate to secure OWA and RPC.
Access OWA and then click on the gold lock. What does the Issued To and
Issued By read? The reason that I ask is 2 fold.

1) You already know that the Issued To will be the FQDN of customers will
access https://servername.domain.com. The Issued By is the certificate
authority that issued it. Since you have put a copy of the "Issued By"
certificate in the trusted root store the next likely step might be...

2) Where you are trying to access the server by a different name from the
outside. By this I mean, if the certificate was issued to
servername.domain.com, then you can't access from the outside by
www.domain.com. Outlook fails this silently. (By the way, we are talking
about the servername that is listed in the Exchange proxy settings in
Outlook.)