This blog has moved to its permanent URL – http://ilantz.com
To view this post, please visit – http://ilantz.com/2009/06/18/prevent-outlook-anywhere-aka-rpc-over-http-from-being-automaticly-configured-in-exchange-2007-with-autodiscover/
-
Archives
- June 2012
- May 2012
- April 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- July 2011
- June 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- July 2009
- June 2009
- March 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
-
Meta
Ilantz's Weblog 
Cool, dude!
This is very good, however, if I wanted it to reverse this after removing it, how would I do so?
one should note the EXPR setting when running the get-outlookprovider and could later run the add-outlookprovider command with the same parameters, backup is always a good strategy π
When the article says;
“Once this is done, recycle the application pool of AutoDiscover in IIS.”
What exactly does he mean? Just stop and start the autodiscovery iis pool?
Well I meant the recycle option from the context menu when right clicking the app pool.
Stop/Start will work just as good π
Hello Ilanzt,
Great weblog!!!
Is there a method to block outlook 2007 by omiting the EXPR provider settings that exchange 2007 autodiscover is sending to them?
I don’t want to remove EXPR provider, only block outlook clients from accepting this settings because I want to configure manually the proxy settings in outlook profile for static PC’s users and for the rest ( laptops ) is good the autoconfigure.
Thanks.
Hi Joan,
Thanks, glad you like my blog π !
This configuration – removing the EXPR is actually the only method to “block” the automatic proxy setting with outlook 2007/2010..
if you remove it, it does not mean you will lose the option to connect using RPC over HTTP ! just the auto configuration with autodiscover is stopped.
Hi Ilantz,
We are using outlook 2007 with exchange 2007.
Removing the EXPR provider works in Exchange 2010 also?
Best regards.
Yes! Flawless π
Is there a way to change to parameters in the autodiscover so the Authentication parameter in autodiscovery can be set to Basic?
Hi,
The authentication method is driven from the outlook anywhere configuration,
when you enable a CAS server for outlook anywhere, you select the authentication method.
If you wish to deploy the settings manually you can use the office customization tool to create a PRF file.
the tool is available for office 2003/2007 and 2010.
ilantz
Great post, solved my problem exactly! Thanks!!!
Hello,
I would like to make some observations (my case Exchange 2010).
To add back the provider: new-outlookprovider -name EXPR
Also removing this outlook provider will stop “to automatically propagate the settings for βOutlook Anywhereβ and retains the possibility for configuring it manually” but will have trouble (sync errors) downloading OAB. I think Outlook 2007 is using autodiscover to get OAB url.
Thank you.
Thanks for your comment Chip,
IMHO, OAB sync issues is not directly related to this method.
The autodiscover service will continue to provide with the relevant information, OAB,EWS and the rest http links respectively. This is based on numerous production environments I’ve configured with removing the EXPR.
Hi, great post
How do you add the EXPR back in?
It seems to have worked but I need to know how to add back in
Running Get-outlookprovider βidentity EXPR | add-outlookprovider is not a recognized command, please advise
Thanks in advance
Hello Ricky,
I’ve now included the method to restore the EXPR back in the article.
The line you ran failed because the provider is no longer exists, hence the “get” doesn’t return anything to pipeline the “new” command.
Anyways, use the following:
New-OutlookProvider -Name:EXPRWorked for me – many thanks!
hi,
Running this command: Get-outlookprovider βidentity EXPR | remove-outlookprovider
solved my issue. Thanks
Nice fix..thank you!!
is it possible to do it only for few users?, my goal is to give only few users the option to manually configure outlook anywhere on their outlook 2007, currently the checkbox is gray….
Well, you can control these settings using Group Policy as well, just grab the office ADM / ADMX files and configure this as you need.
The EXPR settings “push” themselves once Outlook Anywhere is enabled.
Following my post will disable the automatic configuration allowing you to manually configure this for your users, or deploy GPO for them.
But you must first Enable Outlook Anywhere on a CAS server.
Good Luck!
Seem to work graet for me.
Many thanks
Happy to hear that Asaf ! You’re welcome!
hi,
i have to 2 exchange server with client access role installed. sometimes users with mailbox on server1 gets automatically configured with the outlook anywhere settings of server2….
is there any way to restrict client access server to push outlook anywhere settings on specific mailboxes or databases ?
Double check that the users mailbox is indeed located and activated in the correct site.
a mailbox will always be configured automatically with the CAS server setting which serves it’s mailbox server where the mailbox is located.
If you have multiple sites, with multiple CAS servers with different external names enabled for Outlook Anywhere , this scenario might happen when a mailbox or a database will be activated or moved to a different site, and a “new” CAS will be serving the mailbox/database.
Hope this clears up your question.
ilantz
Dude, you are a life saver. I have been looking for the solution to this problem forever!!!
You’re welcome Kyle!
stop by more often for more π
Thanks looks like it fixes me up. Did this start after a service pack. This seems like a new problem for me.
Thanks this has been helpful – however I find the setting keeps coming back, has anyone experienced this?
Have you performed the article steps?
Remove-OutlookProvider ?
Yes and it works great, however it keeps coming back. I ran the command again yesterday and this morning when I checked with the get-outlookprovider command, it is back.
Hi Christina,
I believe you should double check for any AD Replication issues you might have.
The setting should not “come back”, defiantly if no one created it back… π
It seems someone was creating it back – thanks for your reply!
ilantz,
I am having this issue now. My users all of a sudden gets the ‘Connect to Microsoft Exchange over HTTP’ setting enabled. This setting breaks Symantec Enterprise Vault. My Exchange admin swears to me that Autodiscover is not enabling this setting. If we create a new Outlook Profile, The setting is not enabled by default. So somehow, users are getting this setting enabled. The users we fixed have not have the setting automatically re-enabled yet. What do you think caused this setting to be enabled out of no where?
What does the output of get-outlookprovider looks like ?
perhaps you have installed a new Exchange CAS server lately ?
My Exchange Admin said the CAS servers are clean. Is the output of get-outlookprovider can only be done from the Exchange server?
If you have external URLs set on your CAS server, this is what is pushed to the Outlook profiles when the EXPR provider is enabled. If it is removed as above, the URL will not be pushed to user profiles, however once it has been set, they would need to manually remove the setting.
I have not touched MS Exchange since version 5.5. So I will need to ask my Exchange admin about EXPR and what URLs are set.
If the output of the get-outlookprovider will include an EXPR entry, follow this post method.
As Christina noted, if it was already pushed to clients, you will need to manually remove the outlook anywhere settings.
ilantz
ilantz,
Thanks for the post. the solution you have provided seems to have worked for the users inside our network as the Outlook Anywhere no longer automatically applies. After running the “remove-outlookprovider” command, recycle pool, and then manually unchecking the “Outlook Anywhere”, all is well. The problem I am having now is with the remote users. After manually configuring Outlook Anywhere for our remote clients, the setting does not stay in place after some period of time. Any suggestions? I really appreciate your time. Thank!
Hi Edward,
Sorry for the late response, when you wrote “the setting does not stay in place” what exactly do you mean ?
what is exactly being changed ?
ilantz
Hello ilantz,
Sorry for not specifying that. What I meant is that Outlook Anywhere does not remain enabled. First the issue was with users inside our network where Outlook Anywhere automatically enables itself. After applying your solution, it worked for our internal users. Afterwards, our remote users were experiencing the exact opposite. Outlook Anywhere would now disable automatically. When I would remote into their pc , I noticed all settings associated with Outlook Anywhere was removed. I went ahead and ran the command New-Outlookprovider -Name:EXPR which solved that issue. But now I am at square one with the problem I originally had with internal users. Thank you for your reply!
Hi Edward,
After running the Remove-OutlookProvider cmdlet, you should manually configure the outlook anywhere settings, that’s the only it will stick.
note your “correct” settings and fill them manually to the users’ profile.
That should stick.
ilantz
My output actually came back with blank fields however we are experiencing exactly what you’ve described. Even if we unchecked Outlook Anywhere it’s automatically rechecked just moments after an Outlook restart. My question is even though both of my servers output is blank should I still run the command above?
Name Server CertPrincipalName TTL
—- —— —————– —
EXCH 1
EXPR 1
WEB 1
The “blank” output is the default setting, the post suggests a method to disable the check-box from being automatically re-checked,
you need to run the commands Get-outlookprovider βidentity EXPR | remove-outlookprovider and then recycle the application pool of AutoDiscover in IIS on your cas server/s.
You should be set from that point forward. the check-box won’t come back π
Thanks for the article.
I have a question about the msstd. my SSL will not allow me to have “msstd:server.domain.com” I have a multi name cert with domain.com, mail.domain.com, autodiscover.domain.com, server.domain.com but it will not let me use msstd:server.doman.com or anything with the msstd:
I ran the following command from the Exchange Shell
Set-OutlookProvider -id EXPR -Server [server] -CertPrincipalName “mail.domain.com” and
Get-OutlookProvdier returns an EXPR CertPrincipleName of mail.domain.com (minus the msstd)
But my external clients cannot connect, they get a prompt to input the username and password but it does not go through.
PS Exchange 2007 Outlook 2010
Thanks
Hello Danny,
The “msstd:” does not needs to be included within the certificate,
it is a reference to the certificate “Subject Name” or “Common Name”.
You need to view your issued certificate details and just add the “msstd:” as a prefix.
Hope this answers your question,
ilantz