Windows Server

David Thielen · Guest

Hi;

I thought I had this working, but I don't. (And the one coffee shop I
thought it worked at, I went back to and it didn't.)

This is for my daughter's laptop. It is not a domain computer (home is
one domain, school another). Her username/password to log in to her
laptop is identical to her username/password on the domain.

I set up Outlook on her computer to always do RPC/HTTPS. At home it
works fine - no problems, and no prompt.

Trying at her school and 3 different coffee shops, I always get the
same thing. First it pops up the IE authentication dialog asking for
her username/password on the domain (it does not do that at home).

It then gives an error 8004011D.

From all 4 external locations I could go to https://server/remote and
https://server/exchange and both worked fine, no certificate prompt,
no authentication dialog.

What should I try next?

thanks - dave

david@at-at-at@windward.dot.dot.net
Windward Reports -- http://www.WindwardReports.com
me -- http://dave.thielen.com

Charles Yang [MSFT] · Guest

HI David,

Welcome to SBS newsgroup.

Issue description:
=============

I understand that you encountered problem when you use one of the remote
client computer to access the Exchange 2003 via RPC over HTTP.

Analyzing and suggestions:
==============

From your description, it should be pure client side issue, as you can
access it from home without any problem. Generally speaking, when you do it
on the intranet, the traffic will be configured as the internal traffic, so
you will be not be prompt for the user name and password. And the RPC over
HTTP connection will be available on an Internet connection:

In order to narrow down issue, please help gather more information, for
testing purpose, we suggest you connect that laptop to your SBS External
NIC then you can perform test on that laptop, please do not connect it
inside the SBS domain, the authentication is different while inside and
outside domain.

Please refer to the suggestion below for troubleshooting:

1. Have you installed ISA on your SBS 2003? Please kindly rerun CEICW to
make sure that connect outlook via internet is selected in the web services
selection page. You can refer to the KB article for more detailed
information:

825763 How to configure Internet access in Windows Small Business Server
2003
http://support.microsoft.com/?id=825763

2. On outlook side, please follow the steps below to configure it
correctly, just as I know if you connect the laptop inside domain, it will
use outlook 2003 to connect to your exchange with Lan connection, it will
not use RPC over HTTP. So please kindly refer to my suggestion below to
reconfigured to make sure that basic authentication is selected when
configure it on outlook 2003:

Access the RWW website from the laptop, you will see a instruction there:

Click "Configure Outlook via the Internet" and then the Web page "Using
Outlook via the Internet" will appear which has pretty much a step by step
list of instructions. If it tells you to use "server.domain.local", use
that. If it tells you to use "server.domain.com", use that. Follow the
steps exactly.

More info:

To do so: on the Tools menu, click E-mail Accounts. Leave the View or
change existing e-mail accounts option selected, click Next, click your
e-mail profile, and then click Change. On the Exchange Server Settings
page, click More Settings, and then click the Connection tab. Under
Exchange over the Internet, click Exchange Proxy Settings. In the Use this
authentication when connecting to my proxy server for Exchange list, click
Basic Authentication.

From the laptop, browse to https://FQDN/rpc. In order for RPC over HTTP to
work, you must be able to browse to this URL without getting a popup
warning about the certificate. You will receive the following error on the
page:

The page cannot be displayed
HTTP Error 403.2 - Forbidden: Read access is denied.
Internet Information Services (IIS)

This is normal. The idea is to be able to get to that page without getting
the popup warning about the certificate.

More info:

833401 How to configure RPC over HTTP on a single server in Exchange Server
2003
http://support.microsoft.com/?id=833401

Thanks for your effort on this issue, please feel free to let me know. I am
glad to be of further assistance.

Best regards,

Charles Yang (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| From: David Thielen <david@windward.net>
| Subject: Can't use outlook from outside our network
| Date: Wed, 02 Nov 2005 17:14:49 -0700
| Reply-To: david@windward.net
| Message-ID: <l9lim1lhbvoelh6opgfa7hqq5ijj01gr8f@4ax.com>
| X-Newsreader: Forte Agent 2.0/32.652
| MIME-Version: 1.0
| Content-Type: text/plain; charset=us-ascii
| Content-Transfer-Encoding: 7bit
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: vc4-2-0-321a.dsl.netrack.net 199.45.247.98
| Lines: 1
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:167103
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hi;
|
| I thought I had this working, but I don't. (And the one coffee shop I
| thought it worked at, I went back to and it didn't.)
|
| This is for my daughter's laptop. It is not a domain computer (home is
| one domain, school another). Her username/password to log in to her
| laptop is identical to her username/password on the domain.
|
| I set up Outlook on her computer to always do RPC/HTTPS. At home it
| works fine - no problems, and no prompt.
|
| Trying at her school and 3 different coffee shops, I always get the
| same thing. First it pops up the IE authentication dialog asking for
| her username/password on the domain (it does not do that at home).
|
| It then gives an error 8004011D.
|
| From all 4 external locations I could go to https://server/remote and
| https://server/exchange and both worked fine, no certificate prompt,
| no authentication dialog.
|
| What should I try next?
|
| thanks - dave
|
| david@at-at-at@windward.dot.dot.net
| Windward Reports -- http://www.WindwardReports.com
| me -- http://dave.thielen.com
|

David Thielen · Guest

Hi;

Thanks for the suggestions. Here is what I found:

1) I did not do this because my SBS server is connected to a switch,
that switch is connected to a firewall, and that is connected to the
internet. So no ISA in my configuration.

2) Weird item 1 - when connecting to RWW, I had to log in as
administrator. It would not let me log in as me (a domain user) or as
my daughter (another domain user).

3) Weird item 2 - while https://intranet.windward.net/remote came up
with no certificate dialog box, https://intranet.windward.net/rpc
prompted me to create a .net passport. Is this required to use Outlook
over https? And if so, anything special that needs to be done creating
the passport?

4) All of the Outlook settings matched what RWW told me to set them
to. So that is not the issue.

??? - thanks - dave

On Thu, 03 Nov 2005 03:15:39 GMT, v-chayan@online.microsoft.com
("Charles Yang [MSFT]") wrote:

David Thielen · Guest

I had my daughter sign up for a .net passport. It now prompts twice
going in to rpc - both are a .net prompt asking for her email address
and password.

It then says it cannot verify her.

??? - thanks - dave

On Sat, 05 Nov 2005 17:12:14 -0700, David Thielen <david@windward.net>
wrote:

Charles Yang [MSFT] · Guest

HI,

Thanks for updates.

I am sorry for not clear the issue, no matter if you installed the ISA or
not, it is your best interest to follow the article I referred to rerun
CEICW to make sure that RWW is published correctly, from your description
your RWW websites is not published correctly.

Also, if you set the outlook 2003 correctly, the issue should be on RWW
side, as I know we will not have any .net passport for prompt. So the RPC
over HTTP is not configured correctly on your SBS2003 side.

The reason why we suggest you connect directly to SBS external NIC is that
we can identify if the problem is occur on SBS side. Please kindly rerun
CEICW to make sure that RPC over HTTP is published correctly. And also make
sure that the certificate is created successfully and you use the FQDN name
of your SBS domain as the certificate.

By the way, please temporally disable all the other pop3 accounts on your
outlook as a test, as I know the .net passport should not be related to
Exchange email account.

Thanks for understanding on this issue, please feel free to post back your
results. I am glad to be of further assistance.

Best regards,

Charles Yang (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| From: David Thielen <david@windward.net>
| Subject: Re: Can't use outlook from outside our network
| Date: Sun, 06 Nov 2005 12:39:51 -0700
| Reply-To: david@windward.net
| Message-ID: <cumsm11ok1a34f0rvsdc8ilaa959mfh29c@4ax.com>
| References: <l9lim1lhbvoelh6opgfa7hqq5ijj01gr8f@4ax.com>
<yIHFfTC4FHA.1144@TK2MSFTNGXA01.phx.gbl>
<0ciqm1pncffuoirgofhve10mb9kgqh7o1f@4ax.com>
| X-Newsreader: Forte Agent 2.0/32.652
| MIME-Version: 1.0
| Content-Type: text/plain; charset=us-ascii
| Content-Transfer-Encoding: 7bit
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: vc4-2-0-321a.dsl.netrack.net 199.45.247.98
| Lines: 1
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:168051
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| I had my daughter sign up for a .net passport. It now prompts twice
| going in to rpc - both are a .net prompt asking for her email address
| and password.
|
| It then says it cannot verify her.
|
| ??? - thanks - dave
|
|
| On Sat, 05 Nov 2005 17:12:14 -0700, David Thielen <david@windward.net>
| wrote:
|
| >Hi;
| >
| >Thanks for the suggestions. Here is what I found:
| >
| >1) I did not do this because my SBS server is connected to a switch,
| >that switch is connected to a firewall, and that is connected to the
| >internet. So no ISA in my configuration.
| >
| >2) Weird item 1 - when connecting to RWW, I had to log in as
| >administrator. It would not let me log in as me (a domain user) or as
| >my daughter (another domain user).
| >
| >3) Weird item 2 - while https://intranet.windward.net/remote came up
| >with no certificate dialog box, https://intranet.windward.net/rpc
| >prompted me to create a .net passport. Is this required to use Outlook
| >over https? And if so, anything special that needs to be done creating
| >the passport?
| >
| >4) All of the Outlook settings matched what RWW told me to set them
| >to. So that is not the issue.
| >
| >??? - thanks - dave
| >
| >
| >On Thu, 03 Nov 2005 03:15:39 GMT, v-chayan@online.microsoft.com
| >("Charles Yang [MSFT]") wrote:
| >
| >>HI David,
| >>
| >>Welcome to SBS newsgroup.
| >>
| >>Issue description:
| >>=============
| >>
| >>I understand that you encountered problem when you use one of the
remote
| >>client computer to access the Exchange 2003 via RPC over HTTP.
| >>
| >>Analyzing and suggestions:
| >>==============
| >>
| >>From your description, it should be pure client side issue, as you can
| >>access it from home without any problem. Generally speaking, when you
do it
| >>on the intranet, the traffic will be configured as the internal
traffic, so
| >>you will be not be prompt for the user name and password. And the RPC
over
| >>HTTP connection will be available on an Internet connection:
| >>
| >>In order to narrow down issue, please help gather more information, for
| >>testing purpose, we suggest you connect that laptop to your SBS
External
| >>NIC then you can perform test on that laptop, please do not connect it
| >>inside the SBS domain, the authentication is different while inside and
| >>outside domain.
| >>
| >>Please refer to the suggestion below for troubleshooting:
| >>
| >>1. Have you installed ISA on your SBS 2003? Please kindly rerun CEICW
to
| >>make sure that connect outlook via internet is selected in the web
services
| >>selection page. You can refer to the KB article for more detailed
| >>information:
| >>
| >>825763 How to configure Internet access in Windows Small Business
Server
| >>2003
| >>http://support.microsoft.com/?id=825763
| >>
| >>2. On outlook side, please follow the steps below to configure it
| >>correctly, just as I know if you connect the laptop inside domain, it
will
| >>use outlook 2003 to connect to your exchange with Lan connection, it
will
| >>not use RPC over HTTP. So please kindly refer to my suggestion below to
| >>reconfigured to make sure that basic authentication is selected when
| >>configure it on outlook 2003:
| >>
| >>Access the RWW website from the laptop, you will see a instruction
there:
| >>
| >>Click "Configure Outlook via the Internet" and then the Web page "Using
| >>Outlook via the Internet" will appear which has pretty much a step by
step
| >>list of instructions. If it tells you to use "server.domain.local", use
| >>that. If it tells you to use "server.domain.com", use that. Follow the
| >>steps exactly.
| >>
| >>More info:
| >>
| >>To do so: on the Tools menu, click E-mail Accounts. Leave the View or
| >>change existing e-mail accounts option selected, click Next, click your
| >>e-mail profile, and then click Change. On the Exchange Server Settings
| >>page, click More Settings, and then click the Connection tab. Under
| >>Exchange over the Internet, click Exchange Proxy Settings. In the Use
this
| >>authentication when connecting to my proxy server for Exchange list,
click
| >>Basic Authentication.
| >>
| >>From the laptop, browse to https://FQDN/rpc. In order for RPC over HTTP
to
| >>work, you must be able to browse to this URL without getting a popup
| >>warning about the certificate. You will receive the following error on
the
| >>page:
| >>
| >>The page cannot be displayed
| >>HTTP Error 403.2 - Forbidden: Read access is denied.
| >>Internet Information Services (IIS)
| >>
| >>This is normal. The idea is to be able to get to that page without
getting
| >>the popup warning about the certificate.
| >>
| >>More info:
| >>
| >>833401 How to configure RPC over HTTP on a single server in Exchange
Server
| >>2003
| >>http://support.microsoft.com/?id=833401
| >>
| >>Thanks for your effort on this issue, please feel free to let me know.
I am
| >>glad to be of further assistance.
| >>
| >>
| >>
| >>Best regards,
| >>
| >>Charles Yang (MSFT)
| >>
| >>Microsoft CSS Online Newsgroup Support
| >>
| >>Get Secure! - www.microsoft.com/security
| >>
| >>======================================================
| >>This newsgroup only focuses on SBS technical issues. If you have issues
| >>regarding other Microsoft products, you'd better post in the
corresponding
| >>newsgroups so that they can be resolved in an efficient and timely
manner.
| >>You can locate the newsgroup here:
| >>http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >>
| >>When opening a new thread via the web interface, we recommend you check
the
| >>"Notify me of replies" box to receive e-mail notifications when there
are
| >>any updates in your thread. When responding to posts via your
newsreader,
| >>please "Reply to Group" so that others may learn and benefit from your
| >>issue.
| >>
| >>Microsoft engineers can only focus on one issue per thread. Although we
| >>provide other information for your reference, we recommend you post
| >>different incidents in different threads to keep the thread clean. In
doing
| >>so, it will ensure your issues are resolved in a timely manner.
| >>
| >>For urgent issues, you may want to contact Microsoft CSS directly.
Please
| >>check http://support.microsoft.com for regional support phone numbers.
| >>
| >>Any input or comments in this thread are highly appreciated.
| >>======================================================
| >>This posting is provided "AS IS" with no warranties, and confers no
rights.
| >>
| >>
| >>=====================================================
| >>When responding to posts, please "Reply to Group" via your newsreader
so
| >>that others may learn and benefit from your issue.
| >>=====================================================
| >>
| >>This posting is provided "AS IS" with no warranties, and confers no
rights.
| >>
| >>--------------------
| >>| From: David Thielen <david@windward.net>
| >>| Subject: Can't use outlook from outside our network
| >>| Date: Wed, 02 Nov 2005 17:14:49 -0700
| >>| Reply-To: david@windward.net
| >>| Message-ID: <l9lim1lhbvoelh6opgfa7hqq5ijj01gr8f@4ax.com>
| >>| X-Newsreader: Forte Agent 2.0/32.652
| >>| MIME-Version: 1.0
| >>| Content-Type: text/plain; charset=us-ascii
| >>| Content-Transfer-Encoding: 7bit
| >>| Newsgroups: microsoft.public.windows.server.sbs
| >>| NNTP-Posting-Host: vc4-2-0-321a.dsl.netrack.net 199.45.247.98
| >>| Lines: 1
| >>| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| >>| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:167103
| >>| X-Tomcat-NG: microsoft.public.windows.server.sbs
| >>|
| >>| Hi;
| >>|
| >>| I thought I had this working, but I don't. (And the one coffee shop I
| >>| thought it worked at, I went back to and it didn't.)
| >>|
| >>| This is for my daughter's laptop. It is not a domain computer (home is
| >>| one domain, school another). Her username/password to log in to her
| >>| laptop is identical to her username/password on the domain.
| >>|
| >>| I set up Outlook on her computer to always do RPC/HTTPS. At home it
| >>| works fine - no problems, and no prompt.
| >>|
| >>| Trying at her school and 3 different coffee shops, I always get the
| >>| same thing. First it pops up the IE authentication dialog asking for
| >>| her username/password on the domain (it does not do that at home).
| >>|
| >>| It then gives an error 8004011D.
| >>|
| >>| From all 4 external locations I could go to https://server/remote and
| >>| https://server/exchange and both worked fine, no certificate prompt,
| >>| no authentication dialog.
| >>|
| >>| What should I try next?
| >>|
| >>| thanks - dave
| >>|
| >>| david@at-at-at@windward.dot.dot.net
| >>| Windward Reports -- http://www.WindwardReports.com
| >>| me -- http://dave.thielen.com
| >>|
| >
| >
| >david@at-at-at@windward.dot.dot.net
| >Windward Reports -- http://www.WindwardReports.com
| >me -- http://dave.thielen.com
|
|
| david@at-at-at@windward.dot.dot.net
| Windward Reports -- http://www.WindwardReports.com
| me -- http://dave.thielen.com
|

David Thielen · Guest

Hello;

Ok, I ran it and "Outlook via the Internet" was not enabled so I
enabled it. I will find out tomorrow if it works.

When running the wizard I was not certain what to put for the
following (this is why I hate this wizard - you have to reset
everything):

1) Do I need to enable "Outlook Mobile Access" also?

2) What do I put for the E-mail domain name? I have 20 domains that
Exchange is servicing (and MX records for all pointing to my Exchange
server).

thanks - dave

On Mon, 07 Nov 2005 01:46:06 GMT, v-chayan@online.microsoft.com
("Charles Yang [MSFT]") wrote:

Charles Yang [MSFT] · Guest

HI Dave,

Thanks for updates.

It seems you host many email domains on one Exchange server, so we are not
sure which one you use for your RPC over HTTP connection. You have to put
that one on the CEICW wizard.

You do not need to enable OMA, as you did not use mobile device for
Exchange server.

Another question about your configuration, we want to know how you
configure your SMTP server to send and receive internet emails, what I
means is the outbound emails, did you use more than one SMTP virtual server
on your SBS server? If you just only use smarthost on ISP for sending and
receiving outbound emails, you can leave that place blank.

If possible, could you clarify how you host 20 domains on your SBS server?
This might help us understand your issue more clearly.

Thanks for your effort; I will be here waiting for your updates.

Best regards,

Charles Yang (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| From: David Thielen <david@windward.net>
| Subject: Re: Can't use outlook from outside our network
| Date: Tue, 08 Nov 2005 20:00:00 -0700
| Reply-To: david@windward.net
| Message-ID: <r9p2n1d72v67r3ens30he5rlulklq6rvh3@4ax.com>
| References: <l9lim1lhbvoelh6opgfa7hqq5ijj01gr8f@4ax.com>
<yIHFfTC4FHA.1144@TK2MSFTNGXA01.phx.gbl>
<0ciqm1pncffuoirgofhve10mb9kgqh7o1f@4ax.com>
<cumsm11ok1a34f0rvsdc8ilaa959mfh29c@4ax.com>
<xgSLJ0z4FHA.2124@TK2MSFTNGXA01.phx.gbl>
| X-Newsreader: Forte Agent 2.0/32.652
| MIME-Version: 1.0
| Content-Type: text/plain; charset=us-ascii
| Content-Transfer-Encoding: 7bit
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: vc4-2-0-321a.dsl.netrack.net 199.45.247.98
| Lines: 1
| Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
| Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:220268
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hello;
|
| Ok, I ran it and "Outlook via the Internet" was not enabled so I
| enabled it. I will find out tomorrow if it works.
|
| When running the wizard I was not certain what to put for the
| following (this is why I hate this wizard - you have to reset
| everything):
|
| 1) Do I need to enable "Outlook Mobile Access" also?
|
| 2) What do I put for the E-mail domain name? I have 20 domains that
| Exchange is servicing (and MX records for all pointing to my Exchange
| server).
|
| thanks - dave
|
|
|
| On Mon, 07 Nov 2005 01:46:06 GMT, v-chayan@online.microsoft.com
| ("Charles Yang [MSFT]") wrote:
|
| >HI,
| >
| >Thanks for updates.
| >
| >I am sorry for not clear the issue, no matter if you installed the ISA
or
| >not, it is your best interest to follow the article I referred to rerun
| >CEICW to make sure that RWW is published correctly, from your
description
| >your RWW websites is not published correctly.
| >
| >Also, if you set the outlook 2003 correctly, the issue should be on RWW
| >side, as I know we will not have any .net passport for prompt. So the
RPC
| >over HTTP is not configured correctly on your SBS2003 side.
| >
| >The reason why we suggest you connect directly to SBS external NIC is
that
| >we can identify if the problem is occur on SBS side. Please kindly rerun
| >CEICW to make sure that RPC over HTTP is published correctly. And also
make
| >sure that the certificate is created successfully and you use the FQDN
name
| >of your SBS domain as the certificate.
| >
| >By the way, please temporally disable all the other pop3 accounts on
your
| >outlook as a test, as I know the .net passport should not be related to
| >Exchange email account.
| >
| >Thanks for understanding on this issue, please feel free to post back
your
| >results. I am glad to be of further assistance.
| >
| >
| >
| >Best regards,
| >
| >Charles Yang (MSFT)
| >
| >Microsoft CSS Online Newsgroup Support
| >
| >Get Secure! - www.microsoft.com/security
| >
| >======================================================
| >This newsgroup only focuses on SBS technical issues. If you have issues
| >regarding other Microsoft products, you'd better post in the
corresponding
| >newsgroups so that they can be resolved in an efficient and timely
manner.
| >You can locate the newsgroup here:
| >http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| >When opening a new thread via the web interface, we recommend you check
the
| >"Notify me of replies" box to receive e-mail notifications when there
are
| >any updates in your thread. When responding to posts via your
newsreader,
| >please "Reply to Group" so that others may learn and benefit from your
| >issue.
| >
| >Microsoft engineers can only focus on one issue per thread. Although we
| >provide other information for your reference, we recommend you post
| >different incidents in different threads to keep the thread clean. In
doing
| >so, it will ensure your issues are resolved in a timely manner.
| >
| >For urgent issues, you may want to contact Microsoft CSS directly.
Please
| >check http://support.microsoft.com for regional support phone numbers.
| >
| >Any input or comments in this thread are highly appreciated.
| >======================================================
| >This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| >
| >=====================================================
| >When responding to posts, please "Reply to Group" via your newsreader so
| >that others may learn and benefit from your issue.
| >=====================================================
| >
| >This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| >--------------------
| >| From: David Thielen <david@windward.net>
| >| Subject: Re: Can't use outlook from outside our network
| >| Date: Sun, 06 Nov 2005 12:39:51 -0700
| >| Reply-To: david@windward.net
| >| Message-ID: <cumsm11ok1a34f0rvsdc8ilaa959mfh29c@4ax.com>
| >| References: <l9lim1lhbvoelh6opgfa7hqq5ijj01gr8f@4ax.com>
| ><yIHFfTC4FHA.1144@TK2MSFTNGXA01.phx.gbl>
| ><0ciqm1pncffuoirgofhve10mb9kgqh7o1f@4ax.com>
| >| X-Newsreader: Forte Agent 2.0/32.652
| >| MIME-Version: 1.0
| >| Content-Type: text/plain; charset=us-ascii
| >| Content-Transfer-Encoding: 7bit
| >| Newsgroups: microsoft.public.windows.server.sbs
| >| NNTP-Posting-Host: vc4-2-0-321a.dsl.netrack.net 199.45.247.98
| >| Lines: 1
| >| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
| >| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:168051
| >| X-Tomcat-NG: microsoft.public.windows.server.sbs
| >|
| >| I had my daughter sign up for a .net passport. It now prompts twice
| >| going in to rpc - both are a .net prompt asking for her email address
| >| and password.
| >|
| >| It then says it cannot verify her.
| >|
| >| ??? - thanks - dave
| >|
| >|
| >| On Sat, 05 Nov 2005 17:12:14 -0700, David Thielen <david@windward.net>
| >| wrote:
| >|
| >| >Hi;
| >| >
| >| >Thanks for the suggestions. Here is what I found:
| >| >
| >| >1) I did not do this because my SBS server is connected to a switch,
| >| >that switch is connected to a firewall, and that is connected to the
| >| >internet. So no ISA in my configuration.
| >| >
| >| >2) Weird item 1 - when connecting to RWW, I had to log in as
| >| >administrator. It would not let me log in as me (a domain user) or as
| >| >my daughter (another domain user).
| >| >
| >| >3) Weird item 2 - while https://intranet.windward.net/remote came up
| >| >with no certificate dialog box, https://intranet.windward.net/rpc
| >| >prompted me to create a .net passport. Is this required to use Outlook
| >| >over https? And if so, anything special that needs to be done creating
| >| >the passport?
| >| >
| >| >4) All of the Outlook settings matched what RWW told me to set them
| >| >to. So that is not the issue.
| >| >
| >| >??? - thanks - dave
| >| >
| >| >
| >| >On Thu, 03 Nov 2005 03:15:39 GMT, v-chayan@online.microsoft.com
| >| >("Charles Yang [MSFT]") wrote:
| >| >
| >| >>HI David,
| >| >>
| >| >>Welcome to SBS newsgroup.
| >| >>
| >| >>Issue description:
| >| >>=============
| >| >>
| >| >>I understand that you encountered problem when you use one of the
| >remote
| >| >>client computer to access the Exchange 2003 via RPC over HTTP.
| >| >>
| >| >>Analyzing and suggestions:
| >| >>==============
| >| >>
| >| >>From your description, it should be pure client side issue, as you
can
| >| >>access it from home without any problem. Generally speaking, when
you
| >do it
| >| >>on the intranet, the traffic will be configured as the internal
| >traffic, so
| >| >>you will be not be prompt for the user name and password. And the
RPC
| >over
| >| >>HTTP connection will be available on an Internet connection:
| >| >>
| >| >>In order to narrow down issue, please help gather more information,
for
| >| >>testing purpose, we suggest you connect that laptop to your SBS
| >External
| >| >>NIC then you can perform test on that laptop, please do not connect
it
| >| >>inside the SBS domain, the authentication is different while inside
and
| >| >>outside domain.
| >| >>
| >| >>Please refer to the suggestion below for troubleshooting:
| >| >>
| >| >>1. Have you installed ISA on your SBS 2003? Please kindly rerun
CEICW
| >to
| >| >>make sure that connect outlook via internet is selected in the web
| >services
| >| >>selection page. You can refer to the KB article for more detailed
| >| >>information:
| >| >>
| >| >>825763 How to configure Internet access in Windows Small Business
| >Server
| >| >>2003
| >| >>http://support.microsoft.com/?id=825763
| >| >>
| >| >>2. On outlook side, please follow the steps below to configure it
| >| >>correctly, just as I know if you connect the laptop inside domain,
it
| >will
| >| >>use outlook 2003 to connect to your exchange with Lan connection, it
| >will
| >| >>not use RPC over HTTP. So please kindly refer to my suggestion below
to
| >| >>reconfigured to make sure that basic authentication is selected when
| >| >>configure it on outlook 2003:
| >| >>
| >| >>Access the RWW website from the laptop, you will see a instruction
| >there:
| >| >>
| >| >>Click "Configure Outlook via the Internet" and then the Web page
"Using
| >| >>Outlook via the Internet" will appear which has pretty much a step
by
| >step
| >| >>list of instructions. If it tells you to use "server.domain.local",
use
| >| >>that. If it tells you to use "server.domain.com", use that. Follow
the
| >| >>steps exactly.
| >| >>
| >| >>More info:
| >| >>
| >| >>To do so: on the Tools menu, click E-mail Accounts. Leave the View
or
| >| >>change existing e-mail accounts option selected, click Next, click
your
| >| >>e-mail profile, and then click Change. On the Exchange Server
Settings
| >| >>page, click More Settings, and then click the Connection tab. Under
| >| >>Exchange over the Internet, click Exchange Proxy Settings. In the
Use
| >this
| >| >>authentication when connecting to my proxy server for Exchange list,
| >click
| >| >>Basic Authentication.
| >| >>
| >| >>From the laptop, browse to https://FQDN/rpc. In order for RPC over
HTTP
| >to
| >| >>work, you must be able to browse to this URL without getting a popup
| >| >>warning about the certificate. You will receive the following error
on
| >the
| >| >>page:
| >| >>
| >| >>The page cannot be displayed
| >| >>HTTP Error 403.2 - Forbidden: Read access is denied.
| >| >>Internet Information Services (IIS)
| >| >>
| >| >>This is normal. The idea is to be able to get to that page without
| >getting
| >| >>the popup warning about the certificate.
| >| >>
| >| >>More info:
| >| >>
| >| >>833401 How to configure RPC over HTTP on a single server in Exchange
| >Server
| >| >>2003
| >| >>http://support.microsoft.com/?id=833401
| >| >>
| >| >>Thanks for your effort on this issue, please feel free to let me
know.
| >I am
| >| >>glad to be of further assistance.
| >| >>
| >| >>
| >| >>
| >| >>Best regards,
| >| >>
| >| >>Charles Yang (MSFT)
| >| >>
| >| >>Microsoft CSS Online Newsgroup Support
| >| >>
| >| >>Get Secure! - www.microsoft.com/security
| >| >>
| >| >>======================================================
| >| >>This newsgroup only focuses on SBS technical issues. If you have
issues
| >| >>regarding other Microsoft products, you'd better post in the
| >corresponding
| >| >>newsgroups so that they can be resolved in an efficient and timely
| >manner.
| >| >>You can locate the newsgroup here:
| >| >>http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >| >>
| >| >>When opening a new thread via the web interface, we recommend you
check
| >the
| >| >>"Notify me of replies" box to receive e-mail notifications when
there
| >are
| >| >>any updates in your thread. When responding to posts via your
| >newsreader,
| >| >>please "Reply to Group" so that others may learn and benefit from
your
| >| >>issue.
| >| >>
| >| >>Microsoft engineers can only focus on one issue per thread. Although
we
| >| >>provide other information for your reference, we recommend you post
| >| >>different incidents in different threads to keep the thread clean.
In
| >doing
| >| >>so, it will ensure your issues are resolved in a timely manner.
| >| >>
| >| >>For urgent issues, you may want to contact Microsoft CSS directly.
| >Please
| >| >>check http://support.microsoft.com for regional support phone
numbers.
| >| >>
| >| >>Any input or comments in this thread are highly appreciated.
| >| >>======================================================
| >| >>This posting is provided "AS IS" with no warranties, and confers no
| >rights.
| >| >>
| >| >>
| >| >>=====================================================
| >| >>When responding to posts, please "Reply to Group" via your
newsreader
| >so
| >| >>that others may learn and benefit from your issue.
| >| >>=====================================================
| >| >>
| >| >>This posting is provided "AS IS" with no warranties, and confers no
| >rights.
| >| >>
| >| >>--------------------
| >| >>| From: David Thielen <david@windward.net>
| >| >>| Subject: Can't use outlook from outside our network
| >| >>| Date: Wed, 02 Nov 2005 17:14:49 -0700
| >| >>| Reply-To: david@windward.net
| >| >>| Message-ID: <l9lim1lhbvoelh6opgfa7hqq5ijj01gr8f@4ax.com>
| >| >>| X-Newsreader: Forte Agent 2.0/32.652
| >| >>| MIME-Version: 1.0
| >| >>| Content-Type: text/plain; charset=us-ascii
| >| >>| Content-Transfer-Encoding: 7bit
| >| >>| Newsgroups: microsoft.public.windows.server.sbs
| >| >>| NNTP-Posting-Host: vc4-2-0-321a.dsl.netrack.net 199.45.247.98
| >| >>| Lines: 1
| >| >>| Path:
TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| >| >>| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.sbs:167103
| >| >>| X-Tomcat-NG: microsoft.public.windows.server.sbs
| >| >>|
| >| >>| Hi;
| >| >>|
| >| >>| I thought I had this working, but I don't. (And the one coffee
shop I
| >| >>| thought it worked at, I went back to and it didn't.)
| >| >>|
| >| >>| This is for my daughter's laptop. It is not a domain computer
(home is
| >| >>| one domain, school another). Her username/password to log in to her
| >| >>| laptop is identical to her username/password on the domain.
| >| >>|
| >| >>| I set up Outlook on her computer to always do RPC/HTTPS. At home it
| >| >>| works fine - no problems, and no prompt.
| >| >>|
| >| >>| Trying at her school and 3 different coffee shops, I always get the
| >| >>| same thing. First it pops up the IE authentication dialog asking
for
| >| >>| her username/password on the domain (it does not do that at home).
| >| >>|
| >| >>| It then gives an error 8004011D.
| >| >>|
| >| >>| From all 4 external locations I could go to https://server/remote
and
| >| >>| https://server/exchange and both worked fine, no certificate
prompt,
| >| >>| no authentication dialog.
| >| >>|
| >| >>| What should I try next?
| >| >>|
| >| >>| thanks - dave
| >| >>|
| >| >>| david@at-at-at@windward.dot.dot.net
| >| >>| Windward Reports -- http://www.WindwardReports.com
| >| >>| me -- http://dave.thielen.com
| >| >>|
| >| >
| >| >
| >| >david@at-at-at@windward.dot.dot.net
| >| >Windward Reports -- http://www.WindwardReports.com
| >| >me -- http://dave.thielen.com
| >|
| >|
| >| david@at-at-at@windward.dot.dot.net
| >| Windward Reports -- http://www.WindwardReports.com
| >| me -- http://dave.thielen.com
| >|
|
|
| david@at-at-at@windward.dot.dot.net
| Windward Reports -- http://www.WindwardReports.com
| me -- http://dave.thielen.com
|

David Thielen · Guest

On Wed, 09 Nov 2005 08:04:58 GMT, v-chayan@online.microsoft.com
("Charles Yang [MSFT]") wrote: