Prevent Outlook Anywhere (aka RPC over HTTP) from being automatically configured in Exchange 2007 with autodiscover


This blog has moved to its permanent URL – http://ilantz.com

To view this post, please visit – http://ilantz.com/2009/06/18/prevent-outlook-anywhere-aka-rpc-over-http-from-being-automaticly-configured-in-exchange-2007-with-autodiscover/

Advertisements

About ilantz

I am a technology enthusiastic, I've been working as an IT consultant since late 2007, I attained extensive experience with Microsoft's Exchange Server, Active Directory, Forefront products and the Windows server platform. I love designing solutions, handling security measures, architecture and advanced troubleshooting.
This entry was posted in Exchange 2007, Exchange 2010, Outlook / MAPI. Bookmark the permalink.

47 Responses to Prevent Outlook Anywhere (aka RPC over HTTP) from being automatically configured in Exchange 2007 with autodiscover

  1. Yoav says:

    Cool, dude!

  2. Alasdair Gow says:

    This is very good, however, if I wanted it to reverse this after removing it, how would I do so?

  3. ilantz says:

    one should note the EXPR setting when running the get-outlookprovider and could later run the add-outlookprovider command with the same parameters, backup is always a good strategy 🙂

  4. Peter Singer says:

    When the article says;

    “Once this is done, recycle the application pool of AutoDiscover in IIS.”

    What exactly does he mean? Just stop and start the autodiscovery iis pool?

    • ilantz says:

      Well I meant the recycle option from the context menu when right clicking the app pool.
      Stop/Start will work just as good 🙂

  5. Joan says:

    Hello Ilanzt,
    Great weblog!!!
    Is there a method to block outlook 2007 by omiting the EXPR provider settings that exchange 2007 autodiscover is sending to them?
    I don’t want to remove EXPR provider, only block outlook clients from accepting this settings because I want to configure manually the proxy settings in outlook profile for static PC’s users and for the rest ( laptops ) is good the autoconfigure.
    Thanks.

    • ilantz says:

      Hi Joan,
      Thanks, glad you like my blog 🙂 !

      This configuration – removing the EXPR is actually the only method to “block” the automatic proxy setting with outlook 2007/2010..
      if you remove it, it does not mean you will lose the option to connect using RPC over HTTP ! just the auto configuration with autodiscover is stopped.

  6. Tarquin says:

    Is there a way to change to parameters in the autodiscover so the Authentication parameter in autodiscovery can be set to Basic?

    • ilantz says:

      Hi,

      The authentication method is driven from the outlook anywhere configuration,
      when you enable a CAS server for outlook anywhere, you select the authentication method.

      If you wish to deploy the settings manually you can use the office customization tool to create a PRF file.
      the tool is available for office 2003/2007 and 2010.

      ilantz

  7. mailbob5 says:

    Great post, solved my problem exactly! Thanks!!!

  8. Chip says:

    Hello,
    I would like to make some observations (my case Exchange 2010).
    To add back the provider: new-outlookprovider -name EXPR
    Also removing this outlook provider will stop “to automatically propagate the settings for “Outlook Anywhere” and retains the possibility for configuring it manually” but will have trouble (sync errors) downloading OAB. I think Outlook 2007 is using autodiscover to get OAB url.
    Thank you.

    • ilantz says:

      Thanks for your comment Chip,
      IMHO, OAB sync issues is not directly related to this method.

      The autodiscover service will continue to provide with the relevant information, OAB,EWS and the rest http links respectively. This is based on numerous production environments I’ve configured with removing the EXPR.

  9. Ricky Meechan says:

    Hi, great post

    How do you add the EXPR back in?
    It seems to have worked but I need to know how to add back in
    Running Get-outlookprovider –identity EXPR | add-outlookprovider is not a recognized command, please advise

    Thanks in advance

    • ilantz says:

      Hello Ricky,
      I’ve now included the method to restore the EXPR back in the article.
      The line you ran failed because the provider is no longer exists, hence the “get” doesn’t return anything to pipeline the “new” command.

      Anyways, use the following:
      New-OutlookProvider -Name:EXPR

  10. PeteW says:

    Worked for me – many thanks!

  11. AD says:

    hi,
    Running this command: Get-outlookprovider –identity EXPR | remove-outlookprovider
    solved my issue. Thanks

  12. mani says:

    Nice fix..thank you!!

  13. test says:

    is it possible to do it only for few users?, my goal is to give only few users the option to manually configure outlook anywhere on their outlook 2007, currently the checkbox is gray….

    • ilantz says:

      Well, you can control these settings using Group Policy as well, just grab the office ADM / ADMX files and configure this as you need.
      The EXPR settings “push” themselves once Outlook Anywhere is enabled.
      Following my post will disable the automatic configuration allowing you to manually configure this for your users, or deploy GPO for them.

      But you must first Enable Outlook Anywhere on a CAS server.

      Good Luck!

  14. Asaf says:

    Seem to work graet for me.
    Many thanks

  15. tilo says:

    hi,

    i have to 2 exchange server with client access role installed. sometimes users with mailbox on server1 gets automatically configured with the outlook anywhere settings of server2….

    is there any way to restrict client access server to push outlook anywhere settings on specific mailboxes or databases ?

    • ilantz says:

      Double check that the users mailbox is indeed located and activated in the correct site.
      a mailbox will always be configured automatically with the CAS server setting which serves it’s mailbox server where the mailbox is located.

      If you have multiple sites, with multiple CAS servers with different external names enabled for Outlook Anywhere , this scenario might happen when a mailbox or a database will be activated or moved to a different site, and a “new” CAS will be serving the mailbox/database.

      Hope this clears up your question.
      ilantz

  16. Kyle Coldren says:

    Dude, you are a life saver. I have been looking for the solution to this problem forever!!!

  17. Brad says:

    Thanks looks like it fixes me up. Did this start after a service pack. This seems like a new problem for me.

  18. Christina Guidry says:

    Thanks this has been helpful – however I find the setting keeps coming back, has anyone experienced this?

    • ilantz says:

      Have you performed the article steps?
      Remove-OutlookProvider ?

      • Christina Guidry says:

        Yes and it works great, however it keeps coming back. I ran the command again yesterday and this morning when I checked with the get-outlookprovider command, it is back.

      • ilantz says:

        Hi Christina,
        I believe you should double check for any AD Replication issues you might have.
        The setting should not “come back”, defiantly if no one created it back… 🙂

      • Christina Guidry says:

        It seems someone was creating it back – thanks for your reply!

  19. Binh N says:

    ilantz,
    I am having this issue now. My users all of a sudden gets the ‘Connect to Microsoft Exchange over HTTP’ setting enabled. This setting breaks Symantec Enterprise Vault. My Exchange admin swears to me that Autodiscover is not enabling this setting. If we create a new Outlook Profile, The setting is not enabled by default. So somehow, users are getting this setting enabled. The users we fixed have not have the setting automatically re-enabled yet. What do you think caused this setting to be enabled out of no where?

    • ilantz says:

      What does the output of get-outlookprovider looks like ?
      perhaps you have installed a new Exchange CAS server lately ?

      • Binh N says:

        My Exchange Admin said the CAS servers are clean. Is the output of get-outlookprovider can only be done from the Exchange server?

    • Christina Guidry says:

      If you have external URLs set on your CAS server, this is what is pushed to the Outlook profiles when the EXPR provider is enabled. If it is removed as above, the URL will not be pushed to user profiles, however once it has been set, they would need to manually remove the setting.

      • Binh N says:

        I have not touched MS Exchange since version 5.5. So I will need to ask my Exchange admin about EXPR and what URLs are set.

      • ilantz says:

        If the output of the get-outlookprovider will include an EXPR entry, follow this post method.

        As Christina noted, if it was already pushed to clients, you will need to manually remove the outlook anywhere settings.
        ilantz

  20. ilantz,

    Thanks for the post. the solution you have provided seems to have worked for the users inside our network as the Outlook Anywhere no longer automatically applies. After running the “remove-outlookprovider” command, recycle pool, and then manually unchecking the “Outlook Anywhere”, all is well. The problem I am having now is with the remote users. After manually configuring Outlook Anywhere for our remote clients, the setting does not stay in place after some period of time. Any suggestions? I really appreciate your time. Thank!

    • ilantz says:

      Hi Edward,
      Sorry for the late response, when you wrote “the setting does not stay in place” what exactly do you mean ?
      what is exactly being changed ?

      ilantz

      • Hello ilantz,

        Sorry for not specifying that. What I meant is that Outlook Anywhere does not remain enabled. First the issue was with users inside our network where Outlook Anywhere automatically enables itself. After applying your solution, it worked for our internal users. Afterwards, our remote users were experiencing the exact opposite. Outlook Anywhere would now disable automatically. When I would remote into their pc , I noticed all settings associated with Outlook Anywhere was removed. I went ahead and ran the command New-Outlookprovider -Name:EXPR which solved that issue. But now I am at square one with the problem I originally had with internal users. Thank you for your reply!

      • ilantz says:

        Hi Edward,
        After running the Remove-OutlookProvider cmdlet, you should manually configure the outlook anywhere settings, that’s the only it will stick.
        note your “correct” settings and fill them manually to the users’ profile.

        That should stick.

        ilantz

  21. Brandon says:

    My output actually came back with blank fields however we are experiencing exactly what you’ve described. Even if we unchecked Outlook Anywhere it’s automatically rechecked just moments after an Outlook restart. My question is even though both of my servers output is blank should I still run the command above?

    Name Server CertPrincipalName TTL
    —- —— —————– —
    EXCH 1
    EXPR 1
    WEB 1

    • ilantz says:

      The “blank” output is the default setting, the post suggests a method to disable the check-box from being automatically re-checked,
      you need to run the commands Get-outlookprovider –identity EXPR | remove-outlookprovider and then recycle the application pool of AutoDiscover in IIS on your cas server/s.

      You should be set from that point forward. the check-box won’t come back 🙂

  22. Danny says:

    Thanks for the article.

    I have a question about the msstd. my SSL will not allow me to have “msstd:server.domain.com” I have a multi name cert with domain.com, mail.domain.com, autodiscover.domain.com, server.domain.com but it will not let me use msstd:server.doman.com or anything with the msstd:

    I ran the following command from the Exchange Shell
    Set-OutlookProvider -id EXPR -Server [server] -CertPrincipalName “mail.domain.com” and
    Get-OutlookProvdier returns an EXPR CertPrincipleName of mail.domain.com (minus the msstd)

    But my external clients cannot connect, they get a prompt to input the username and password but it does not go through.

    PS Exchange 2007 Outlook 2010

    Thanks

    • ilantz says:

      Hello Danny,
      The “msstd:” does not needs to be included within the certificate,
      it is a reference to the certificate “Subject Name” or “Common Name”.

      You need to view your issued certificate details and just add the “msstd:” as a prefix.

      Hope this answers your question,
      ilantz

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s