[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4354
  • Last Modified:

Outlook Certificate Errors sbs 2008

I recently installed an SBS 2008 server. Migrated from SBS 2003. When configuring rww I purchased an Thawte certificate for mail.mydomainname.com and applied it throug the wizard. RWW is working properly with this certificate. However, now the local outlook clients are getting a certificate error message when they log into outlook that states the name on the cert is invalid. remote.mydomainname.com. I have searched through all the settings I can find in exhcange manager and changed any value for remote. to mail. Still having the same problems.
0
bob13031
Asked:
bob13031
  • 5
1 Solution
 
esmith69Commented:
When you created the certificate, did you choose a SAN/UCC certificate?  Or did you just specify a common name for it?

Most likely the error you're getting is because the Outlook clients are trying to connect to the autodiscover service, but your certificate does not list that host name.
0
 
esmith69Commented:
Are the local clients all running Outlook 2007?  That would be another indicator that it's the cert/autodiscover thing I'm talking about, because previous versions of Outlook didn't use the autodiscover feature.
0
 
pgerardCommented:
This article is great for walking you through installing a cert on a SBS 2008 server.  I'm not sure, but you might be having issues if you didn't use the SBS wizard to install the certificate.

http://sbs.seandaniel.com/2009/02/installing-godaddy-standard-ssl.html
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
esmith69Commented:
Just a little more info on the autodiscover thing:  Outlook 2007 when running with Exchange 2007 always tries to contact the Exchange server each time you open Outlook at the following address:  autodiscover.domainname.com.

Usually this host record gets created on the local DNS server automatically as a CNAME record that points to the Exchange server.  The problem lies in the fact that if the SSL certificate runnning in IIS does not list "autodiscover.domainname.com" as one of the valid addresses, any client (be it Internet Explorer or Outlook) will give you a warning that the name that you're accessing does not match the name on the certificate.

There are two possible solutions:

1.  create a separate site in IIS that just runs the autodiscover service, then create an additional SSL certificate with "autodiscover.domainname.com" as the common name and apply it to this additional site.

2.  Recreate your main SSL certificate, but this time make sure it is a UCC/SAN certificate.  This will allow you to specify additional host names in the certificate.  Then re-apply the cert to IIS and it will be valid for any URL that the client uses to connect to it (autodiscover.domainname.com, webmail.domainname.com, etc.).

0
 
esmith69Commented:
Sorry, one more clarification:  I strongly recommend going the route of #2 above.  It is a much easier solution to implement.
0
 
bob13031Author Commented:
I specified a common name for it. All clients are outlook 2007. I did use the wizard to install.
0
 
esmith69Commented:
I would check with the company that issued your certificate and see if you can exchange the one you currently have for a UCC/SAN certificate.

This site is helpful in generating the powershell command that you'll need to run on your server to create the CSR (certificate signing request) that your cert provider will need in order to in turn create the actual certificate:

https://www.digicert.com/easy-csr/exchange2007.htm

0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now