locked
Exchange connection error on external clients RRS feed

  • Question

  • Hi all,

    I keep getting this error (Exchange Connection Error) on my external Communicator clients. Communicator is able to download autodiscover.xml from the autodiscover site and even starts to make RPC calls to the Exchange web services site, but from IIS logging on the mailca I see it never makes the soap call all the internal clients do.

    - The sip domain I'm using is identical to the mail address used in Outlook
    - Outlook on the external clients has been configured using autodiscovery
    - Internal and external oof urls are the same. Internal resolves to internal private IP, externally resolves to virtual public IP.

    What could be the problem here?

    - Erwin
    Thursday, December 11, 2008 4:16 PM

Answers

  • Ian, I finally solved it by opening port 443 for our autodiscoverredirect ip on our firewall. You can leave https access disabled on IIS for this site (remove 443 in website properties and make sure no certificate is installed).

    Communicator apparently needs a tcp refuse (webserver refuses connection) instead of a tcp drop (firewall refuses connection) for this site on https for it to try http after that. This is different from Outlook's autodiscovery mechanism, which works either way.

    Don't know if this situation applies to you, let me know!
    • Marked as answer by ®win Tuesday, January 6, 2009 1:43 PM
    Thursday, December 25, 2008 3:18 AM

All replies

  • I checked the IIS logs on the Exchange CA server to see what happens when internal communicator clients connect to Exchange and are successful:

    2008-12-17 10:41:40 W3SVC1 10.254.240.8 RPC_IN_DATA /rpc/rpcproxy.dll labmailmbx01.lab.local:6004 443 testuser@lab.domain.nl 10.220.255.36 MSRPC 200 0 64
    2008-12-17 10:41:40 W3SVC1 10.254.240.8 RPC_OUT_DATA /rpc/rpcproxy.dll labmailmbx01.lab.local:6004 443 testuser@lab.domain.nl 10.220.255.36 MSRPC 200 0 64
    2008-12-17 10:42:06 W3SVC1 10.254.240.8 POST /EWS/Exchange.asmx - 443 - 10.220.255.36 Microsoft+Office+Communicator/2.0 401 1 0
    2008-12-17 10:42:10 W3SVC1 10.254.240.8 POST /EWS/Exchange.asmx SoapAction=GetUserAvailability;AddressCount=1;local=1;x-site=0;x-forest=0;PF=0;LocalLongPoleRPCLatency=15;LocalLongPoleRPCCount=11;LocalLongPoleServer=labmailmbx01.lab.local;ADMainThreadRequests=2;ADMainThreadLatency=2516;TimeInAS=2530; 443 LAB\testuser_la 10.220.255.36 Microsoft+Office+Communicator/2.0 200 0 0
    2008-12-17 10:42:10 W3SVC1 10.254.240.8 POST /EWS/Exchange.asmx - 443 - 10.220.255.36 Microsoft+Office+Communicator/2.0 401 1 0
    2008-12-17 10:42:10 W3SVC1 10.254.240.8 POST /EWS/Exchange.asmx SoapAction=GetUserOofSettingsResponse;MailboxRPCRequests=10;MailboxRPCLatency=15;ADRequests=2;ADLatency=0;TimeInGetUserOOFSettings=19; 443 LAB\testuser_la 10.220.255.36 Microsoft+Office+Communicator/2.0 200 0 0


    The same POST's are being made from Outlook to get the OOF settings and availability from Exchange. Strange thing is, this works fine both internal and external:

    2008-12-17 10:12:20 W3SVC1 10.254.240.8 RPC_IN_DATA /rpc/rpcproxy.dll labmailmbx01.lab.local:6001 443 testuser2@lab.domain.nl [external ip] MSRPC 200 0 64
    2008-12-17 10:12:20 W3SVC1 10.254.240.8 RPC_OUT_DATA /rpc/rpcproxy.dll labmailmbx01.lab.local:6001 443 testuser2@lab.domain.nl
    [external ip] MSRPC 200 0 64
    2008-12-17 10:12:32 W3SVC1 10.254.240.8 POST /EWS/Exchange.asmx - 443 - [external IP] Microsoft+Office/12.0+(Windows+NT+6.0;+Microsoft+Office+Outlook+12.0.6320;+Pro) 401 1 0
    2008-12-17 10:12:32 W3SVC1 10.254.240.8 POST /EWS/Exchange.asmx SoapAction=GetUserOofSettingsResponse;MailboxRPCRequests=10;MailboxRPCLatency=15;ADRequests=2;ADLatency=0;TimeInGetUserOOFSettings=25; 443 LAB\testuser2_la
    [external IP] Microsoft+Office/12.0+(Windows+NT+6.0;+Microsoft+Office+Outlook+12.0.6320;+Pro) 200 0 0
    2008-12-17 10:12:33 W3SVC1 10.254.240.8 POST /EWS/Exchange.asmx - 443 -
    [external IP] Microsoft+Office/12.0+(Windows+NT+6.0;+Microsoft+Office+Outlook+12.0.6320;+Pro) 401 1 0
    2008-12-17 10:12:33 W3SVC1 10.254.240.8 POST /EWS/Exchange.asmx SoapAction=GetUserOofSettingsResponse;MailboxRPCRequests=10;MailboxRPCLatency=15;ADRequests=2;ADLatency=0;TimeInGetUserOOFSettings=19; 443 LAB\testuser2_la
    [external IP] Microsoft+Office/12.0+(Windows+NT+6.0;+Microsoft+Office+Outlook+12.0.6320;+Pro) 200 0 0

    And finally when an external Communicator tries to get OOF and Availability, I only see the RPC call in the IIS logs, never followed by a HTTP POST:

    2008-12-17 11:00:18 W3SVC1 10.254.240.8 RPC_IN_DATA /rpc/rpcproxy.dll labmailmbx01.lab.local:6004 443 testuser2@lab.domain.nl [external ip] MSRPC 200 0 64
    2008-12-17 11:00:18 W3SVC1 10.254.240.8 RPC_OUT_DATA /rpc/rpcproxy.dll labmailmbx01.lab.local:6004 443 testuser2@lab.domain.nl [external ip] MSRPC 200 0 64




    This makes no sense to me. Outlook works fine and Communicator doesn't, but they both employ the same method for getting OOF and Availabilty info...

    I hope someone has a clue what might be wrong here. I've been staring myself blind on this...
    • Edited by ®win Thursday, December 18, 2008 6:27 PM
    Wednesday, December 17, 2008 11:02 AM
  • I am having the same issue. This is really annoying, hopefully someone can shed light on this.
    Thursday, December 18, 2008 4:59 PM
  • Ian, I finally solved it by opening port 443 for our autodiscoverredirect ip on our firewall. You can leave https access disabled on IIS for this site (remove 443 in website properties and make sure no certificate is installed).

    Communicator apparently needs a tcp refuse (webserver refuses connection) instead of a tcp drop (firewall refuses connection) for this site on https for it to try http after that. This is different from Outlook's autodiscovery mechanism, which works either way.

    Don't know if this situation applies to you, let me know!
    • Marked as answer by ®win Tuesday, January 6, 2009 1:43 PM
    Thursday, December 25, 2008 3:18 AM
  • Thanks hapklaar, but can you elaborate. You opened port 443 to the OCS edge? I am trying to figure this out as well.
    Thanks!
    Wednesday, February 18, 2009 4:14 PM
  • Also seeing the same thing through ISA in one setup.

    Not quite sure what you did to fix it based on that description either. This is for a single rule on ISA 2006 for Outlook Anywhere. Clients authenticate to ISA via NTLM which turns around for Kerberos Constrained Delegation to Exchange. I'm seeing the same RPC failures.
    Thursday, February 19, 2009 12:39 AM
  • All I did was open port 443 on our external firewall to the autodiscoverredirect site, which is part of MS Exchange and also used by Communicator so it knows where to get OOF.

    Tuesday, February 24, 2009 9:24 AM
  •  I have the same problem. My setup is as follows:

    ISA 2006 with Kerberos constrained Listener for Outlook Anywhere. FBA for OWA/EAS.
    OCS ABS is also published with the same ISA. Listener configured to authenticate directly.

    Outlook is working perfectly with "pass-trough authentication" and autodiscover is working perfectly as well. EWS, OAB, yeah everything..

    But i also get the "Communicator could not retrieve calendar or Out of Office information from Exchange Web Services". This shows both internal and external.

    I don't understand what you mean about open in the firewall? Port 443 is already open in the firewall against the ISA server (ISA is in DMZ) and from the ISA to the internal network there are no denies.

    Thanks in advance

    //Henrik
    Wednesday, March 11, 2009 6:53 PM
  • I'll be trying this in my lab when I get a chance, but this may be the solution: http://blogs.technet.com/isablog/archive/2009/04/01/ocs.aspx

    It lines up with what I saw in my logging.
    Wednesday, April 1, 2009 4:30 AM