Exchange Remote Connectivity Analyzer 1.4 is released – a wonderful tool

It’s difficult to quantify just how useful the Exchange Remote Connectivity Analyzer (ExRCA) has been in its short existence, but let me hazard a guess – a heck of a lot.


For those who don’t know about ExRCA, let me explain that it’s a utility engineered by Microsoft to help Exchange administrators understand when their deployments are configured correctly to allow external network connectivity for clients such as Outlook Anywhere, Outlook Web App, or ActiveSync. Autodiscover validation is also supported as is testing inbound and outbound SMTP connections. Making changes on Client Access Servers or front-end servers and hoping that those changes had the required effect of exposing secure access to email to properly authorized clients used to be a long drawn-out process. Make the change. Test using a client of the desired type outside the firewall. Observe the response. Drink more Jolt Cola or another noxious liquid while contemplating failed results. Iterate until successful. In other words, a royal pain in the rear end.

In a nutshell, ExRCA provides you with a tool to test various methods to connect to your Exchange deployment using the mechanisms employed by different clients. Go to, select the client type you want to test for either on-premises Exchange or Office 365, provide credentials for a test account that’s otherwise locked down, and off you go. You’ll soon find out whether your configuration works (which it obviously does in the example shown below) or if it doesn’t, and if so, why not. All-in-all, ExRCA makes this phase of an Exchange deployment much easier than it has ever been before.


ExRCA was created and is maintained by engineers who support Exchange. As such, these folk are well aware of the customer pain encountered when configuring remote connections to Exchange. Much of that wisdom and experience is encapsulated in ExRCA, which is one of the reasons why it’s so useful. And because its creators are well linked into Microsoft’s support channels, they understand the pain points reported by customers and can incorporate this data into new versions, which is the case in the release of Version 1.4, now available since July 3 and live for your testing pleasure.

According to its developers, amongst the changes in ExRCA 1.4 are:

  • A new CAPTCHA service is used to address problems reported in previous releases.
  • The challenge is NOT case sensitive, so it doesn't matter if you type upper or lower case letters.  We also note this on the web page.
  • The CAPTCHA challenges will not include hard-to-distinguish letters/numbers. For example 2 and Z or O and 0.
  • If you get the challenge wrong, the password entries will not be removed.
  • Once you enter a correct response to the challenge, you will be verified for a set amount of time.  This means you will not see additional CAPTCHA challenges until the timeout period expires.
  • The inbound SMTP test now inserts the IP address of the user performing the test into the test email message. The IP is also inserted into an SMTP Header (X-Originating-IP).
  • Fixed an issue in the Sender-ID test where certain DNS responses while evaluating the "exists" mechanism were incorrectly being treated as a TempError
  • The outbound SMTP Sender-ID tests now conform to the RFC specified limit of ten DNS-based mechanisms that can be used during the evaluation of the SPF record.
  • Fixed an issue where host names with all numbers in the top-level domain were not considered valid input
  • Fixed user interface issues that can cause the "helper bubble" to stick around when navigating in the wizard
  • Added a note to the EWS service account access test indicating that the mailbox must be empty
  • The Windows Mobile Certificate test now warns instead of failing when certificates aren't trusted by Windows Mobile since many other devices also use ActiveSync and may trust the certificate
  • The Outlook Anywhere mutual authentication test now reports a warning instead of an error when the mutual authentication (msstd: string) only matches a Subject Alternative Name on the certificate. Windows Vista SP1 and later can handle this configuration.
  • The Outlook Anywhere Proxy Ping and HTTP Authentication Method Tests now use the full query string; this is necessary to support certain UAG configurations.

In summary and my recommendation is that ExRCA should be in every Exchange administrator’s toolkit!

Follow Tony @12Knocksinna

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.