A common issue after installing Exchange 2007 or 2010 users get certificate errors when connecting opening Outlook to access their mailboxes. There are a few possible reasons for this issue: 1) the certificate does not have the appropriate subject names; 2) missing DNS records; or 3) Exchange settings are not configured correctly.
The first step is to collect configuration information from your environment. You need to determine the subject names configured on your certificate and compare these values to the FQDN values assigned to your URLs.
Get the subject names configured on the certificate assigned to the Exchange server
Note: After each ExternalUrl and InternalUrl you need to include the appropriate URL value, use the format from your Get cmdlets as a guideline.
Next you need to verify your DNS records both internally and externally. There must be an A record on your internal DNS server for the FQDN value used in all of the InternalUrl values, the AutoDiscoverServiceInterna
lUri, and the ExternalHostname. You can use the nslookup utility to validate (nslookup autodiscover.contoso.com).
Your external DNS server records are dependent on your certificate domain names. Typically your certificate should include autodiscover.yourdomain.co
m and you should have an associated A record. If your certificate does not include autodiscover.yourdomain.co
m, then your DNS server must support SRV records. The SRV record should then be configured as follows:
Service = _autodiscoverProtocol = _tcpPort = 443Hostname = (a certificate domain name value = existing A record)
Once your configuration is complete you can test your system externally using
https://testexchangeconnectivity.com/ You can test your system internally by opening Outlook, then using the combination of Right Ctrl and Right-click on the Outlook icon in the taskbar, and select Test E-mail AutoConfiguration. Your e-mail address should auto-populate. Remove the Guessmart options and press Test.
Set-ClientAccessServer CasServerName | fl https://mail.domain.com/Autodisver/Autodiscover.xml
The only reason I ask is because this is a production server (though it is after-hours here), and I'm new to the organization, so I'm still famliarizing myself with the network layout, and I'm not sure if it's safe to assume that is the correct location.
Also, the issues I'm having related to free/busy information not being available via Outlook unless the OWA is used. I know this may be related to EWS, but I'm not sure if EWS specifically needs added to the SSL cert. Should I be seeing it in the list of Certificate Domains?
Thank you kindly for any assistance you may be able to provide. Your article was already quite helpful, so I very much appreciate the time you put into it.
Your comment shows a Set-* cmdlet which should be
Set-ClientAccessServer CasServerName -AutoDiscoverServiceIntern
the CasFqdn.domain.com can be an Fqdn as long as it either resolves to the Cas server or a load balanced IP