• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1057
  • Last Modified:

Outlook 2007 prompts for certiifcate on exchange 2007 2 times

I have deployed a sbs2008 server. Originally, I purchased 1 single ssl certificate so that users could access owa remotely. That worked fine. What doesn't work fine is internal outlook 2007 clients get prompted 2 times for certificates when they connect. So researching I determined that we needed a ucc certifficate due to the changes on 2007 and use of web services...ok.So I get the certificate requested ..procured and imported and still we get prompted 2 times for certifcate issue.The error in both prompts inidcates the name is not valid or does not match the name on the certifcate. So a little more research is telling me that I may need to enable and configure an SCP in AD for Autodiscover service???? When I created ucc certificate I left autodiscover.domain.com out because i did not understand it. Is this my problem? How do I solve this issue with the certificate prompts?? My code for cert req is below. Im thinking it may be wrong AND I need to configure this autodiscover business but the light bulb just isn't lit to understand why and how, and whether this is my problem. So I put this to my colleauges and thanks for feedback in advance.

In my case my I have a .local domain and a .org external FQDN
mx record points to exchange.domain.org
sbs remote workplace is remote.domain.org
both are same ip...single static available.

My client will only use OWA and internal outlook 2007.
New-ExchangeCertificate -generaterequest -subjectname "c=us,l=Mytown, s=Mystate,
 o=My Organization Name, cn=remote.domain.org" -domainname server,server.domain.local, remote.domain.org,exchange.domain.org -PrivateKeyExportable
 $true -path c:\certrequest.txt

Open in new window

  • 5
  • 2
1 Solution
Hi, Since you changed the certificate on the Exchange Server, you need to update the Internal/external URL's (SCP) for Autodiscover, OAB, EWS etc.

Check out the KB article http://support.microsoft.com/kb/940726 to fix the Certificate prompt issue.

PS: You need to modify the URL's to the name you have registered on the Certificate (remote.domain.org).

I am also modifying the certificate request command, so that it can be used to request a SAN (UCC) certificate.

New-ExchangeCertificate -generaterequest -path c:\certrequest.txt -subjectname "c=us,l=Mytown, s=Mystate, o=My Organization Name, cn=remote.domain.org" -domainname remote.domain.org, Autodiscover.domain.org, server,server.domain.local -PrivateKeyExportable

And yes, a SAN (UCC) certificate is definitely required for Autodiscover to work smoothly, however you have other options as well. Check out the Autodiscover Whitepaper (http://technet.microsoft.com/en-us/library/bb332063.aspx)

Let us know if you are still having issues...
smartsystemsincAuthor Commented:
Ok, Im starting to understand. I don't know why I didn't come across the ms article in my research. In any case, what about my existing certificate? Do I need to remove, and then modify per the syntax you provided with Autodiscover and then re-import? Thanks very much.
smartsystemsincAuthor Commented:
Per the MS article I modifed as indicted but I received syntax errors on the second and third item.

When I put in

Set-WebServicesVirtualDirectory -Identity "CAS_Server_Name\EWS (Default Web Site)" -InternalUrl https://mail.contoso.com/ews/exchange.asmx

AS My syntax : Set-WebServicesVirtualDirectory -Identity "server.domain.local\EWS (Default Web Site)" -InternalUrl https://remote.domain.org/ews/exchange.asmx

Set-OabVirtualDirectory : The operation could not be performed because object '
server.domain.local\oab' could not be found on domain controller 'SERVER.domain.l
At line:1 char:24
+ Set-OABVirtualDirectory  <<<< -Identity server.domain.local\oab -InternalUrl h

Is this because the site doesn't exist or is my syntax incorrect . I wasn't sure about taking or leaving the quotes.

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

smartsystemsincAuthor Commented:
Could I pelase get an update this post. I appreciate your time.
smartsystemsincAuthor Commented:
I still have a problem with certificates. I ran the second script into the shell and i recieved teh atatched code.
Any help woudl be appreciated.
Set-WebServicesVirtualDirectory : The operation could not be performed because
object 'server.domain.local\EWS (Default Web Site)' could not be found on domain
 controller 'SERVER.ngcsd.local'.

Open in new window

smartsystemsincAuthor Commented:
I know  that the expert has the right solution but after repeated attempts to get help on the second script I didnt hear anything back. Just trying ot keep it real. I will post it as a seperaet question
Oopsss..I was on vacation, so couldn't respond. Anyways the command you are using for Set-WebServicesVirtualDirectory is incorrect. You need use the NetBIOS name of the Exchange Server instead of the FQDN, so the correct command is,

Set-WebServicesVirtualDirectory -Identity "server\EWS (Default Web Site)" -InternalUrl https://remote.domain.org/ews/exchange.asmx

PS: To confirm the same, run "Get-WebServicesVirtualDirectory | fl" and look out for the parameter "-Identity"
I just want to point out that the "Get-WebServicesVirtualDirectory | fl" cmdlet was very useful. Everything I had looked at previously referenced -Identity "server\EWS (Default Web Site)", but I got an error when I did that saying the object could not be found. Running the above cmdlet, I found the current identity was actually "server\EWS (SBS Web Applications)". Once I found that out, the rest of the process went smoothly. Thanks!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now