Outlook Anywhere - Message: The underlying connection was closed: The connection was closed unexpectedly.

I ran into this problem a while back and thought I’d share my troubleshooting steps with the other professionals out there.

When trying to configure Outlook Anywhere at Some Company and using the https://www.testexchangeconnectivity.com/ to test, I kept getting the following error:

	Testing Http Authentication Methods for URL https://mail.domain.ca/rpc/rpcproxy.dll
	Http Authentication Test failed
	Additional Details Exception Details: Message: The underlying connection was closed: The connection was closed unexpectedly. Type: System.Net.WebException Stack Trace: at System.Net.HttpWebRequest.GetResponse() at Microsoft.Exchange.Tools.ExRca.Tests.HttpAuthMethodsTest.GetSupportedHttpAuthMethods() at Microsoft.Exchange.Tools.ExRca.Tests.HttpAuthMethodsTest.PerformTestReally()

Here’s the detailed test results:

Connectivity Test Failed

Test Details Testing RPC/HTTP connectivity RPC/HTTP test failed Test Steps Attempting to test Autodiscover for mailto:tluk@domain.ca Successfully tested Autodiscover Test Steps Attempting each method of contacting the AutoDiscover Service The AutoDiscover Service was successfully tested. Test Steps Attempting to test potential AutoDiscover URL https://domain.ca/AutoDiscover/AutoDiscover.xml Failed testing this potential AutoDiscover URL Test Steps Attempting to resolve the host name domain.ca in DNS. Host successfully resolved Additional Details IP(s) returned: 99.999.999.99 Testing TCP Port 443 on host domain.ca to ensure it is listening and open. The port was opened successfully. Testing SSL Certificate for validity. The SSL Certificate failed one or more certificate validation checks. Test Steps Validating certificate name Certificate name validation failed Tell me more about this issue and how to resolve it Additional Details Host name domain.ca does not match any name found on the server certificate CN=webmail.domain.ca, OU=Domain Control Validated, O=webmail.domain.ca Attempting to test potential AutoDiscover URL https://autodiscover.domain.ca/AutoDiscover/AutoDiscover.xml Testing AutoDiscover URL succeeded Test Steps Attempting to resolve the host name autodiscover.domain.ca in DNS. Host successfully resolved Additional Details IP(s) returned: 99.999.999.99 Testing TCP Port 443 on host autodiscover.domain.ca to ensure it is listening and open. The port was opened successfully. Testing SSL Certificate for validity. The certificate passed all validation requirements. Test Steps Validating certificate name Successfully validated the certificate name Additional Details Found hostname autodiscover.domain.ca in Certificate Subject Alternative Name entry Validating certificate trust The test passed with some warnings encountered. Please expand additional details. Additional Details Only able to build certificate chain when using the Root Certificate Update functionality from Windows Update. Your server may not be properly configured to send down the required intermediate certificates to complete the chain. Consult the certificate installation instructions or FAQ's from your Certificate Authority for more information. Testing certificate date to ensure validity Date Validation passed. The certificate is not expired. Additional Details Certificate is valid: NotBefore = 5/6/2010 3:34:15 PM, NotAfter = 5/6/2013 3:34:15 PM" Attempting to send AutoDiscover POST request to potential autodiscover URLs. Successfully Retrieved AutoDiscover Settings by sending AutoDiscover POST. Test Steps Attempting to Retrieve XML AutoDiscover Response from url https://autodiscover.domain.ca/AutoDiscover/AutoDiscover.xml for user mailto:tluk@domain.ca Successfully Retrieved AutoDiscover XML Response Additional Details AutoDiscover Account Settings XML Response: <?xml version="1.0"?> <Autodiscover xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006"> <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a"> <User> <DisplayName>Terence Luk</DisplayName> <LegacyDN>/o=domain/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=TLuk</LegacyDN> <DeploymentId>86ca6927-bc9f-43d0-8d7a-2b694bd93d75</DeploymentId> </User> <Account> <AccountType>email</AccountType> <Action>settings</Action> <Protocol> <Type>EXCH</Type> <Server>hq-exch1.domain.local</Server> <ServerDN>/o=Domain/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=HQ-EXCH1</ServerDN> <ServerVersion>720280B0</ServerVersion> <MdbDN>/o=Domain/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=HQ-EXCH1/cn=Microsoft Private MDB</MdbDN> <ASUrl>https://hq-exch1.domain.local/EWS/Exchange.asmx%3c/ASUrl> <OOFUrl>https://hq-exch1.domain.local/EWS/Exchange.asmx%3c/OOFUrl> <OABUrl>http://hq-exch1.domain.local/OAB/0fa5be65-3c78-4ad4-826d-0775ea7cbc91/%3c/OABUrl> <UMUrl>https://hq-exch1.domain.local/UnifiedMessaging/Service.asmx%3c/UMUrl> <Port>0</Port> <DirectoryPort>0</DirectoryPort> <ReferralPort>0</ReferralPort> <PublicFolderServer>hq-exch1.domain.local</PublicFolderServer> <AD>hq-dc2.domain.local</AD> <EwsUrl>https://hq-exch1.domain.local/EWS/Exchange.asmx%3c/EwsUrl> </Protocol> <Protocol> <Type>EXPR</Type> <Server>mail.domain.ca</Server> <OABUrl>https://mail.domain.ca/OAB/0fa5be65-3c78-4ad4-826d-0775ea7cbc91/%3c/OABUrl> <Port>0</Port> <DirectoryPort>0</DirectoryPort> <ReferralPort>0</ReferralPort> <SSL>On</SSL> <AuthPackage>Basic</AuthPackage> </Protocol> <Protocol> <Type>WEB</Type> <Port>0</Port> <DirectoryPort>0</DirectoryPort> <ReferralPort>0</ReferralPort> <External> <OWAUrl AuthenticationMethod="Fba">https://webmail.domain.com/owa%3c/OWAUrl> <OWAUrl AuthenticationMethod="Fba">https://webmail.domain.ca/owa%3c/OWAUrl> </External> <Internal> <OWAUrl AuthenticationMethod="Basic, Fba">https://hq-exch1.domain.local/owa%3c/OWAUrl> <OWAUrl AuthenticationMethod="Basic, Fba">https://hq-exchange1.domain.local/owa%3c/OWAUrl> <Protocol> <Type>EXCH</Type> <ASUrl>https://hq-exch1.domain.local/EWS/Exchange.asmx%3c/ASUrl> </Protocol> </Internal> </Protocol> </Account> </Response> </Autodiscover> Validating Autodiscover Settings for Outlook Anywhere Outlook Anywhere Autodiscover Settings validated Attempting to resolve the host name mail.domain.ca in DNS. Host successfully resolved Additional Details IP(s) returned: 99.999.999.99 Testing TCP Port 443 on host mail.domain.ca to ensure it is listening and open. The port was opened successfully. Testing SSL Certificate for validity. The certificate passed all validation requirements. Test Steps Validating certificate name Successfully validated the certificate name Additional Details Found hostname mail.domain.ca in Certificate Subject Alternative Name entry Validating certificate trust The test passed with some warnings encountered. Please expand additional details. Additional Details Only able to build certificate chain when using the Root Certificate Update functionality from Windows Update. Your server may not be properly configured to send down the required intermediate certificates to complete the chain. Consult the certificate installation instructions or FAQ's from your Certificate Authority for more information. Testing certificate date to ensure validity Date Validation passed. The certificate is not expired. Additional Details Certificate is valid: NotBefore = 5/6/2010 3:34:15 PM, NotAfter = 5/6/2013 3:34:15 PM" Testing Http Authentication Methods for URL https://mail.domain.ca/rpc/rpcproxy.dll Http Authentication Test failed Additional Details Exception Details: Message: The underlying connection was closed: The connection was closed unexpectedly. Type: System.Net.WebException Stack Trace: at System.Net.HttpWebRequest.GetResponse() at Microsoft.Exchange.Tools.ExRca.Tests.HttpAuthMethodsTest.GetSupportedHttpAuthMethods() at Microsoft.Exchange.Tools.ExRca.Tests.HttpAuthMethodsTest.PerformTestReally()

As it turns out, when the RPC Windows component is installed, “Enable anonymous access” is enabled. The correct setting should be “Integrated Windows authentication” and “Basic authentication”.

Once the proper settings were checked and iisreset was ran, the test ran correctly with:

	Testing Http Authentication Methods for URL https://mail.domain.ca/rpc/rpcproxy.dll
	Http Authentication Methods are correct
	Additional Details Found all expected authentication methods and no disallowed methods. Methods Found: Basic, Negotiate, NTLM