This one's for Jamie :-) There seems to be a lot of confusion with customers on how Outlook Anywhere works, especially when using a multiple AD-Site's setup.

Imagine the following scenario in the image below: 

And let us further assume that the users mailbox is located in "Site B" and the combined CAS/HT/MBX in "Site B" isn't accessible from the internet. The user tries to access his mailbox via RPC/HTTPS (Outlook Anywhere) on the CAS in "Site A". Oulook Anwhere is not enabled in "Site B"

So how does this work?

Well, actually, as a best practice, the user should be using a CAS-Server in Site B because it would be closer to the mailboxserver of the user - but in this scenario the CAS in Site B isn't reachable from Internet. So what Exchange, or better said, the RPC Proxy in "Site A" is doing here, is to break up the HTTP(S)-Packets that receives from the client in usual RPC packets and sends it directly to the mailbox-server in "Site B" using ports 6001, 6002 and 6004 (see screenshot below). Contrary to Oulook Web Access, we do not use CAS to CAS proxying here, so there are no InternalUrl and ExternalUrl attributes.

So how do you troubleshoot this?

Given the rather complex scenario, you should start with the basics first. Lets check on the Site A CAS if the allowed RPC ports are correclty set in the registry - go to the registry key as seen below: 

Check the ValidPorts key, so that it contains all the NetBios-Names and FQDN's with all the ports you require. All mailbox-servers should be listed, one time their NetBios-Name and Ports 6001,6002 and 6004, and one time with their FQDN's.

When you checked that, it's time to grab a copy of RPCPing. Its's included in the Windows 2003 Ressource Kit.

Copy RPCPing to your Outlook Client, and start with checking/pinging the RPCProxy itself (see Screenshot below):

All the parameters are in this excellent article. The Command here is "rpcping -t ncacn_http -s ExchServer -o RpcProxy=RPCProxyServer -P "user,domain,*" -I "user,domain,*" -H 1 -u 10 -a connect -F 3 -v 3 -E -R none", so you will have to substitue ExchServer for your Exchange Backend Servername, RPC Proxy for the external name of your CAS, and P and I with valid user credentials. -H 1 stands for basic authentication, if you are using NTLM substitute it for -H 2.

You can go even further checking if you are able to proxy to the ports on the Exchange Backend - use the following command: 

What we are trying here is to contact the port 6001 directly on the backend server - "RpcPing –t ncacn_http –s ExchangeMBXServer -o RpcProxy=RpcProxyServer -P "user,domain,password" -I "user,domain,password" -H 1 –F 3 –a connect –u 10 –v 3 –e 6001" - again, substitute the parameters to suite your enviroment. You can try this test with all 3 required ports - 6001 and 6002, 6004. Just change the last part of the command.

Once all of these tests are working, Outlook should be able to talk to your backend without any issues. If it gives you a "failed" in one of the tests, it probably means that you are experiencing either a RPC proxy failure (unlikely) or some kind of firewall issue.

Hope you find this usefull,

Regards,

Georg