Announcing the release of Exchange Server Remote Connectivity Analyzer

Have you ever installed an Exchange server and wanted to verify your Internet facing services were setup and configured properly? Things like Exchange ActiveSync, AutoDiscover, Outlook Anywhere (RPC/HTTP), and inbound email. Sure there are cmdlets included in Exchange 2007 like test-ActivesyncConnectivity and test-OWAConnectivity, but these tests can only be run inside your network and effectively only test your internal network connectivity. Or what if you get a call or an escalation regarding one of these services not working? How do you verify if just this user or everyone has a problem? And if there is a problem, where do you start troubleshooting? Is it a DNS problem? Is it a certificate problem? Is a port not open on the firewall?

Believe it or not, these client connectivity and inbound email scenarios make up a significant portion of the support calls we see at Microsoft. And I'm sure this is the same for our partners and customers. One of my responsibilities is to analyze the top support scenarios in Exchange and to work with the Product Group to develop solutions that mitigate these issues. Instead of looking at these issues individually, I took a step back and thought of a way to address all of these scenarios with a single tool. A couple of years ago, I shared this tool idea with several product group folks, but ultimately they didn't have the time or resources to make my idea a reality. Last year, I asked Brad Hughes (an Escalation Engineer in North Carolina) if he could build a prototype of my idea. Not only did he build a prototype... he built the tool I'm sharing with you today.

I'd like to introduce you to the Exchange Remote Connectivity Analyzer (ExRCA) tool which can be accessed at

In this version, the tool will allow you to remotely test the following client types and services:

Exchange ActiveSync

  • Windows Mobile 5, 3rd party devices
  • Windows Mobile 6.1+ with AutoDiscover

Outlook Anywhere (aka RPC/HTTP)

  • Outlook 2003
  • Outlook 2007 with AutoDiscover

Inbound SMTP

The tool will simulate the protocol logic used by the specific client and not only tell you if the scenario was successful, but if it fails, it will tell you exactly where in the process it failed as well as try to guide you to the problem resolution.

Here is a screenshot of the tool after it completes a successful Exchange ActiveSync connection:

There are a lot of technical details captured in each one of these steps and you can see this detail by expanding the "Additional Details" node.

The following screenshot shows a failed inbound SMTP test. In this scenario, an MX record is not found for the domain.

Notice in the screenshot above the "Tell me more about this issue and how to resolve it" link. For many of the failure points, we have links to troubleshooting tips on resolving the issues. This content portion of the tool is a work in progress and is being built by a few Support Engineers. Within these articles, you'll notice a "Community Content" section. (This is the area at the bottom of every topic where you can post a response) Please use this area to suggest other helpful tips for troubleshooting specific failure points. Assistance requests should be posted to the TechNet forums instead.

A few additional notes about the tool:

  • Our UI is a work in progress. Neither one of us are UI design experts... but we think you'll be able to navigate around.
  • A couple of the tests allow you to "Ignore trusts for SSL". Checking this option only tells the tool to not fail if the certificate you are using is not in the list of Trusted Root Certificates... for example if you were using a certificate from your own Windows CA. This option does not allow the test to be completed over a non-SSL connection. That is, if you do not have a certificate and want to test whether Exchange ActiveSync works over port 80 - this tool cannot perform this validation. (Note: We will not be able to add this feature in the future).
    Note: Due to limitations in the RPC API, we are currently unable to ignore the trust requirement for SSL for the RPC over HTTP / Outlook Anywhere tests. We are looking into alternatives for future releases.
  • We know that the CAPTCHA is often (overly) difficult to read. (CAPTCHA is the challenge/response test in the "Verification" section) We have plans to implement a different flavor in the coming months. We don't think the replacement will be perfect either, but it will be black & white and will also have an audio option.
  • We know there are currently navigation issues with the wizard when using the forward and back buttons in the browser; we hope to address these in an upcoming release. For now, avoid using the browser's forward and back buttons while using the tool. If you receive an error when navigating the pages, simply browsing to the URL again, should reset your session and allow you to continue using the tool.

We're not finished yet. We have plans to add additional tests. For example:

  • Outlook Web Access
  • IMAP
  • POP
  • Exchange Web Services

These will hopefully be available in the next few months.

We would love your feedback on this tool. Feel free to leave a comment here or send an email to Brad and me via the "Feedback" link located on the footer of every page of the web site. Also, please send us your 'success stories' after using this tool... we'd love to hear about them.

By the way, you can follow ExRCA on Twitter and also join our ExRCA Facebook group.

Here is a short 6 minute video that describes the Exchange Server Remote Connectivity Analyzer web site with visual images and also gives you a demo of how it works:

- Shawn McGrath, Brad Hughes

Comments (30)
  1. Mike Crowley says:

    Is this new?  I thought this has been around for a year now…

    But its a neat tool – thanks!

  2. MattShadbolt says:

    This tool saved me a lot of time when I was first configuring active-sync. It would be nice to add a feature that will allow mis-matched certificates.

  3. AndrewStarling says:

    Used this alot during our testing to ensure everything was working OK – Great tool!

  4. Stefan Cink says:

    This tool is excellent for my work. It’ll reduce the time spent for testing a lot. Thank you!.

  5. Sascha Herbst says:

    great Tool – we are using this for about 10 moth for troubleshooting EAS and RPC problems at customers. Thanks!

    P.S.: You’re right – the capture is often difficult to read.

  6. Graeme says:


    It tells me my active Sync doesnt work when it does and has done for over 1 year.

    Attempting initial sync (no data) for Inbox folder

    An Error ocurred when testing the Sync Command

    Additional Details

    An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body is:


  7. David S. says:

    Thanks for creating this tool!! Testing with a e-mail address for the SMTP diagnostic test it fails due to what looks sender reputation, spam reports, etc. The URL provided is:

    Just a heads up!

  8. Michaël Bolhuis says:

    Great tool!

    Maybe you can extend it with virus and spam filter tests?

  9. Paulo Oliveira says:

    I remeber to see this tool back ago. Anyway, it is a great tool.

    Maybe you can add the IP of who started the test together with the e-mail report.


    Paulo Oliveira.

  10. Brad Hughes [MSFT] says:

    Hey Graeme,

    If your Activesync test is failing with a 403 error, I guess it could be some sort of firewall or something that realizes our diagnostic tool isn’t a real Mobile device.  What do you have in front of Exchange? (ISA, IAG, etc)? Are you using Exchange 2003 or Exchange 2007?  If you are using 2007, you could try using Test-ActivesyncConnectivity internally to see if you pass those tests.  If you want, send mail to our feedback alias and maybe we can figure out what’s going on.  Thanks!


  11. Brad Hughes [MSFT] says:

    David S,

    Yeah, we realized that some of our outbound IP’s aren’t being able to be resolved via reverse DNS lookup.  It’s causing some of the SMTP tests to fail to certain places.  We’re working to correct it – Thanks!


  12. Maurice McMullin says:

    There is also a standalone ActiveSync diagnostic tool available from Can prove useful for testing behind the firewall as well as from the internet. An iPhone version will be available within a week or so.


  13. tom says:

    Great tool. One small issue, doesn’t work with domains.

    Thanks for that hard work!

  14. Artie N. says:

    This tool is great!  We have been running into some issues around AutoDiscover as we migrate, and this tool is helping us to pinpoint and resolve those problems.  Other comments said it had been around for a year.  if only I had foound it before now.  If you guys are accepting any type of feature requests, including a testing mechanism for Entourage 2008 or the new Entourage for Exchange Web Services beta would be a very valuable feature, at least for the site I am currently at.

  15. Brad Hughes [MSFT] says:

    Hi Tom,

    I just tried the SMTP test with a domain and it seemed to work.  What test are you using that’s having trouble?  I’m sure one of my regular expressions are just busted.



  16. Brad Hughes [MSFT] says:


    Exchange Web Services tests are in the works! – thanks for the feedback.


  17. fgeyer says:


    Only one thing: can’t you offer a download-Version? We host Exchange-Services for customers, who are in there own private LANs, and only this LANs are allowed to connec throuhg the firewall. Meaning: i can’t use the Exchange-Test-Cmdlets (since the clients are on an external network), but I also can’t use this new tool (since the System is not accessible via Internet). So, Troubleshooting sometimes is very difficult.


  18. John Stimmel says:

    How soon can I find this in the Exchange Management Pack for Operations Manager?  Or how soon can I leverage it?  Following best practices of not allowing unrestricted outbound access to the internet breaks the test-cmdlets that SCOM leverages, but this could fix all that… if only I could get my grubby hands on it :)

  19. davism says:

    The inbound SMTP diagnostic will fail when no MX record is present, yet and A record exists for the domain (and this server is accepting e-mail for the intended domain). Clearly, having a MX record is best practice, but some mailers including Exchange will fall back to an A record query when no MX exists. All too often the server for which this A record points to is accepting inbound connections on port 25, but does not accept e-mail for the domain (another problem altogether). Will the diagnostic tool follow up an MX lookup with a Host(A) lookup for the same domain in the future?

  20. Brad Hughes [MSFT] says:

    davism:  You’re totally right on both counts and this is on our radar.  We’re going to update the SMTP test to fallback to a host lookup on the domain per the RFC.  Additionally even if we successfully deliver to the MX records, we should test the host lookup method to ensure that it doesn’t reject mail for the domain.

    Thanks for the feedback!

  21. says:

    Hello MSExchangeTeam!

    How about to add an Open-relay check and RBL check?

    I think this would some useful addition to this good troubleshooting tool.

  22. Histrionic says:

    What about testing connectivity for Entourage clients — both the WebDAV and upcoming EWS variety? Are there cmdlets for that, or is that coming for ExRCA tool? Seems to be an important gap there.

  23. Brad Hughes [MSFT] says:


    There are cmdlets for EWS (Test-WebServicesConnectivity).  There are currently not cmdlets available for WebDAV.  However, we hope to support tests for both protocols in a future release of the Exchange Remote Connectivity Analyzer.


  24. Brad Hughes [MSFT] says:

    There is already an Open relay check built-in to the inbound SMTP test.  RBL is more of an "outbound" connectivity check, so we don’t have a way to test outbound mailflow at the moment.  We may in the future have some other SMTP diagnostics tests that could include RBL’s, Sender-ID, Reverse-DNS, and other "outbound" technologies.


  25. looking good.

    um, it seems not to work, at the moment, with Firefox and that copy to clipboard doesn’t work.

  26. Doug says:

    Nice tool, but it does not seem to like GoDaddy intermediate certificates.  They fail even though they are valid/

  27. Brad Hughes [MSFT] says:

    Rino, copy to clipboard doesn’t work in firefox by default.  You should check out to see how to enable it.

  28. Brad Hughes [MSFT] says:

    Thanks for reporting this.  We’ve had other reports of this too.  It seems that the tool is failing to build the chain back to the roots if the intermediates are not sent down from the server.  This was unintended for everything except for Windows Mobile tests.
     You might try installing the Godaddy Intermediates on your IIS.  See


Comments are closed.

Skip to main content