Hi,
I posted a similar question relating to home users and authentication here, but this question is different
I am in co-existence with Ex2010 and about to start moving mailboxes onto Ex2013. I already have a few test mailboxes on Ex2013. I am running through a final check list of items to test but before I point my internal and external DNS to Ex2013 I am simulating this from a laptop by changing the hosts file. Everything is working fine with the exception of users outside my network who use Outlook Anywhere.
This is what I know...
- Internally Outlook works fine for mailboxes on both Ex2010 and Ex2013, as does access to public folders, etc
- If I create a new mail profile for a mailbox user already on Ex2013, Outlook connects fine.
- If I create a new mail profile for a mailbox user on Ex2010, autodiscover works and fills in the fields, but Outlook cannot logon. I get "The action cannot be completed. The connection to Microsoft Exchange is unavailable. Outlook must be online or
connected to complete this action."
If I edit my hosts file and point back to Ex2010 CAS then the mail profile will be created successfully and Outlook opens. Changing the hosts file back again breaks Outlook.
Here are my settings:
Ex2010
ExternalHostname: webmail.company.co.uk
InternalHostname: {empty}
ExternalClientAuthenticationMethod: Ntlm
InternalClientAuthenticationMethod: Ntlm
IISAuthenticationMethods: {Basic, Ntlm}
ExternalClientsRequireSSL: True
<mark>InternalClientsRequireSSL: False</mark>
Ex2013
ExternalHostname: webmail.company.co.uk
InternalHostname: webmail.company.co.uk
ExternalClientAuthenticationMethod: Ntlm
InternalClientAuthenticationMethod: Ntlm
IISAuthenticationMethods: {Basic, Ntlm, Negotiate}
ExternalClientsRequireSSL: True
InternalClientsRequireSSL: True
Get-OutlookProvider
EXCH: CertPrincipalName: msstd:webmail.company.co.uk
EXPR: CertPrincipalName: msstd:webmail.company.co.uk
In IIS...
Ex2010
RPC (Default Web Site) - Authentication
Basic Authentication = enabled
Windows Authentication = enabled
<mark>Authentication Providers order:
1. NTLM
2. Negotiate</mark>
Ex2013
RPC (Default Web Site) - Authentication
Basic Authentication = enabled
Windows Authentication = enabled
<mark>Authentication Providers order:
1. Negotiate
2. NTLM</mark>
So, Ex2013 appears to not be proxying connections to Ex2010 mailboxes when outside my network. As mentioned, internally this setup works fine. And connecting to mailboxes on Ex2013 (so no proxying) also works fine.
Some settings, such as Ex2010 InternalHostname and the order of authentication providers in IIS are different between the two servers. Would this make a difference?
Q. Should I have an explicit entry in 'InternalHostName' on Ex2010?
Q. On Ex2013 I have tried putting NTLM above Negotiate, which did not make a difference, and also reverted back automatically after a few minutes.
Many thanks for any comments and suggestions