0

we were assigned to deploy the Exchange 2016 mail server for our company. We are in testing phase with test environment. I set up the basic diagram with 1 AD 2012R2 + 1 Exchange 2016 mail server; everything seems fine, except that when I connect one PC (Win7 Pro - have not joined domain) to the same subnet of those 2 servers, I can access user's mailbox via Web browser (OWA) but cannot setup it via MS Outlook 2013. Does anyone have any idea? Did we configure something incorrectly in Exchange server?

PS: If the PC win7 joins domain, I can access user's mailbox via both WEB and Outlook.

SpiderlinK
  • 21
  • 1
  • 7
  • Which Authentication method are you using? (Client Server settings, security tab) Check what the domain machines are using, and match on the non domain machine. Also worth ensuring the time between the client and server is the same. – Stese Apr 12 '17 at 11:22
  • 1
    If would be great if you could past the result from the [Microsoft Remote connection analyzer here](https://testconnectivity.microsoft.com/) (remove any sensitive infos please) into your questions. The analyzer often shows what is wrong. Keep noted that the Exchange server must be accessible from extern here (via Outlook Anywhere). – BastianW Apr 12 '17 at 11:27
  • @BastianW Why shuold it need to be accessible from external, in this situation. OP does state the broken machine and the server are on the same IP Subnet. – Stese Apr 12 '17 at 11:39
  • 1
    @Steven Because of the reason that the remote connection test would give us additional info's about the environment which might be a good starting point. – BastianW Apr 12 '17 at 11:55
  • @Steven: If I understood you correctly, the SMTP settings have not configured, I checked in both on users' Option: Mail -> Accounts -> POP and IMAP, however when checked in Admin ECP, Mail Flow -> Receive connector, both of them have TLS, Basic Authentication, Integrated Win ticked. In terms of the time sync, yes they are both synchronize with each other. – SpiderlinK Apr 12 '17 at 16:38
  • @Steven Now I can access Exchange mailboxes via Outlook by manually settings Outlook anywhere. However, it keep asking credential when I open the Outlook even when I choose the option "Remember password". Do you have any suggestion? – SpiderlinK Apr 18 '17 at 09:04
  • It's possibly still using the wrong authentication method. Goto 'File > Info > Account settings (x2)> highlight account and click 'change' > More settings > security tab. Check that the tick box for Always prompt is not checked, and that either NTLM or Negotiate Authentication is selected. In regards to SMTP, POP & IMAP, if you are using exchange server, you don't need these set on the client. – Stese Apr 19 '17 at 05:49

2 Answers2

1

Based on the info you shared there are currently the following reasons possible:

1.) Make sure that AutoDiscovery is working and that the SCP is configured correctly (see here as starting point). If that isn´t the case you could try to use a local overwrite from that (see here as starting point), but I would prefer to fix autodiscovery. If you have Outlook 2010 (must be fully patched to connect to Exchange 2016 due to mapi over http) you could check the following howto.

There is an difference how autodiscovery works for Domain joined PCs and non Domain joined PCs. As a starting point check the following website.

We might find issues in the Microsoft Remote Connection Analyzer (but that depends on your setup & environment).

2.) If you use an internal PKI for the SSL certificates on your Exchange server the root certificates should be automatically pushed to every domain joined PC.

However if the PC isn´t domain joined then the ssl certificate used on Exchange aren´t trusted due to the reason that the root isn´t trusted. Depending on the OS configuration you should get a trust error message to bypass but we do not know the configuration here to say that for sure.

3.) If the client can be configured but has connection issues, post us the connection info's (see here for a howto) [remove sensitive infos here if needed]. If it stopped during a configuration step, then it would be usefull to get an screenshot from that.

4.) Make sure that Outlook and Exchange are fully patched.

BastianW
  • 2,848
  • 4
  • 19
  • 34
  • Thanks so much for your suggestions. It seems like we set up DNS incorrectly. When I check with Microsoft Remote Connection Analyzer, only Exchange Active Sync, Inbound/outbound SMTP Email pass, the rest were failed with DNS error. They are: 1- Attempting to resolve the host name autodiscover.bimvn.xyz in DNS - The host name couldn't be resolved, 2- Attempting to resolve the host name autodiscover.bimvn.xyz in DNS -> The host name couldn't be resolved, 3-Attempting to locate SRV record _autodiscover._tcp.bimvn.xyz in DNS -> The Autodiscover SRV record wasn't found in DNS. – SpiderlinK Apr 12 '17 at 16:59
  • am I wrong with the DNS records as below? mail_A_IP add of mail server, @_MX_mail.bimvn.xyz., @_TXT_v=spf1 a mx ip4:IPAddofMailServer -all PS: sorry but I am new here and I do not know how to insert images – SpiderlinK Apr 12 '17 at 17:02
  • Ok, so if the DNS Autodiscovery is not working, then this is causing the issue. An AD Joined PC can use the AD while an non AD Joined PC used DNS to find the needed Exchange servers. So if you fix the Autodiscovery issue will solve your problem. Update: It depends on your SSL certificates and structure for your Exchange Server, but pointing the AutoDiscovery to the IP used for ActiveSync DNS host sounds like the correct way in your setup with the infos you shared. – BastianW Apr 12 '17 at 17:03
  • Hi, I follow your instruction but still cannot login from outside of domain. if I configure POP and IMAP, do you think it will solve the problem? Besides, is the SSL cert really matter? PS: I configured SCP but when I browsed the autodiscover link, it returned: " 600 Invalid Request " – SpiderlinK Apr 13 '17 at 10:46
  • Exchange 2016 used "MAPI over HTTP" and no POP3 or IMAP. So only plain http/https is needed here. If you additional enable POP3 or IMAP this would be not the plain text authentication and getting an error 600 is expected here as you use a browser and no outlook client. Can you post the result from the Connection checked from MS please? – BastianW Apr 13 '17 at 12:01
  • Here are what I got from Outlook connectivity test: 1-Testing the SSL certificate to make sure it's valid. The SSL certificate failed one or more certificate validation checks. 2-Attempting to test potential Autodiscover URL: https://autodiscover.bimvn.xyz:443/Autodiscover/Autodiscover.xml   Testing of this potential Autodiscover URL failed.Attempting to resolve the host name autodiscover.bimvn.xyz in DNS.The host name couldn't be resolved. 3-Attempting to locate SRV record _autodiscover._tcp.bimvn.xyz in DNS.The Autodiscover SRV record wasn't found in DNS – SpiderlinK Apr 13 '17 at 14:37
  • ok, can you ping a autodiscover.bimvn.xyz, can you do a telnet with 443 for autodiscover.bimvn.xyz? – BastianW Apr 13 '17 at 14:58
  • I can ping and telnet from inside domain but not from outside. Am I right if setup that record point to AD server in our public DNS? – SpiderlinK Apr 13 '17 at 15:17
  • Now I can access Exchange mailboxes via Outlook by manually settings Outlook anywhere. However, it keep asking credential when I open the Outlook even when I choose the option "Remember password". Do you have any suggestion? – SpiderlinK Apr 18 '17 at 09:05
1

Problem solved after properly configured POP, IMAP, SMTP, Virtual Directory and assign a valid SSL cert for these services. Configure IMAP:https://technet.microsoft.com/en-us/library/bb124489(v=exchg.160).aspx

External and Internal URL: http://www.mustbegeek.com/configure-external-and-internal-url-in-exchange-2016/

PS: Sorry I could not post more than 2 links due to the lack of reputation.

SpiderlinK
  • 21
  • 1
  • 7