Outlook Certificate Errors sbs 2008

I recently installed an SBS 2008 server. Migrated from SBS 2003. When configuring rww I purchased an Thawte certificate for mail.mydomainname.com and applied it throug the wizard. RWW is working properly with this certificate. However, now the local outlook clients are getting a certificate error message when they log into outlook that states the name on the cert is invalid. remote.mydomainname.com. I have searched through all the settings I can find in exhcange manager and changed any value for remote. to mail. Still having the same problems.
bob13031Asked:
Who is Participating?
 
esmith69Commented:
Just a little more info on the autodiscover thing:  Outlook 2007 when running with Exchange 2007 always tries to contact the Exchange server each time you open Outlook at the following address:  autodiscover.domainname.com.

Usually this host record gets created on the local DNS server automatically as a CNAME record that points to the Exchange server.  The problem lies in the fact that if the SSL certificate runnning in IIS does not list "autodiscover.domainname.com" as one of the valid addresses, any client (be it Internet Explorer or Outlook) will give you a warning that the name that you're accessing does not match the name on the certificate.

There are two possible solutions:

1.  create a separate site in IIS that just runs the autodiscover service, then create an additional SSL certificate with "autodiscover.domainname.com" as the common name and apply it to this additional site.

2.  Recreate your main SSL certificate, but this time make sure it is a UCC/SAN certificate.  This will allow you to specify additional host names in the certificate.  Then re-apply the cert to IIS and it will be valid for any URL that the client uses to connect to it (autodiscover.domainname.com, webmail.domainname.com, etc.).

0
 
esmith69Commented:
When you created the certificate, did you choose a SAN/UCC certificate?  Or did you just specify a common name for it?

Most likely the error you're getting is because the Outlook clients are trying to connect to the autodiscover service, but your certificate does not list that host name.
0
 
esmith69Commented:
Are the local clients all running Outlook 2007?  That would be another indicator that it's the cert/autodiscover thing I'm talking about, because previous versions of Outlook didn't use the autodiscover feature.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
pgerardCommented:
This article is great for walking you through installing a cert on a SBS 2008 server.  I'm not sure, but you might be having issues if you didn't use the SBS wizard to install the certificate.

http://sbs.seandaniel.com/2009/02/installing-godaddy-standard-ssl.html
0
 
esmith69Commented:
Sorry, one more clarification:  I strongly recommend going the route of #2 above.  It is a much easier solution to implement.
0
 
bob13031Author Commented:
I specified a common name for it. All clients are outlook 2007. I did use the wizard to install.
0
 
esmith69Commented:
I would check with the company that issued your certificate and see if you can exchange the one you currently have for a UCC/SAN certificate.

This site is helpful in generating the powershell command that you'll need to run on your server to create the CSR (certificate signing request) that your cert provider will need in order to in turn create the actual certificate:

https://www.digicert.com/easy-csr/exchange2007.htm

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.