lundi 16 septembre 2013

[DirectAccess] No Outlook 2010 connection to Exchange through DirectAccess


As described on the Outlook MAPI connection to Exchange 2010 CAS fails through UAG 2010 direct access tunnel article, maybe the Outlook connectivity to the Exchange 2010 server could have some troubles through a DirectAccess gateway located on Forefront UAG.

In this article the problem come from Forefront TMG which denies the RPC traffic. However on a deployment I got a similar behavior but something else made this.

1/ Description of the scenario

Customer needs:
  1. The branch office should connect to the head office through DirectAccess
  2. The branch office must use DirectAccess to access to the mail infrastructure 
Informations:
  1. Outlook use the MAPI protocol in order to connect to the Exchange servers
  2. The client doesn't use RPC over HTTP

2/ Behaviour

But we could see that Outlook can't connect to the Exchange 2010 CAS server.

3/ Why this behaviour

In order to found what's happen I use my favourite netsh command (netsh trace start scenario=directaccess capture=yes report=yes), reproduce the problem and then analyse the network traces generated with the Microsoft support team.

As expected Outlook use RPC call through the MAPI protocol, the yellow lines stand for the DirectAccess client IP, the green ones for the NAT64/DNS64 of the Exchange server the client try to reach.

Here we could see that the 3-ways handshake fails.

 On another way the Outlook client got the information of the autodiscover without any problems.

4/ Solution

A way to make the connection working is to enable the RPC over HTTP through the feature Outlook AnyWhere. Indeed with this functionality activated all working fine.

Aucun commentaire:

Enregistrer un commentaire