dexterhome
asked on
SSL Certificate configuration
I have set up a certificate for exchange and outlook anywhere, but it does not appear to work.
I have tested it on the testing website and it reported the following error (see attached)
Setup:
My Exchange server sits behind a router. HTTPS port open
external connection - gateway.pyramid-products.c om
internal connection - svr2.pyramid.local
Certificate by - godaddy.com
Laptop connected on internal network - works ok + Outlook anywhere proxy settings set to external address.
The connection to OWA works fine. Active sync devices work OK (ipaq + iphone)
When I try to connect from an external source on the laptops using the outlook anywhere settings it does not work. It request a username and password and advises will not work.
Can someone please advise what exactly is wrong and what i can do to fix it.
sync-errors.pdf
I have tested it on the testing website and it reported the following error (see attached)
Setup:
My Exchange server sits behind a router. HTTPS port open
external connection - gateway.pyramid-products.c
internal connection - svr2.pyramid.local
Certificate by - godaddy.com
Laptop connected on internal network - works ok + Outlook anywhere proxy settings set to external address.
The connection to OWA works fine. Active sync devices work OK (ipaq + iphone)
When I try to connect from an external source on the laptops using the outlook anywhere settings it does not work. It request a username and password and advises will not work.
Can someone please advise what exactly is wrong and what i can do to fix it.
sync-errors.pdf
humm and.. did you try to configure the profile manually , not using the autodiscover with outlook 2007 ?
that is outlook 2003 "style" ..
that is outlook 2003 "style" ..
ASKER
Outlook configured on machine while connected internally - works fine.
Outlook anywhere set to the httpS address and does not work
But owa works all ok.
The other test on the test site appear to work, but more investigation reveals some still have cert warnings but work.
Any ideas.
PS: I will check my server settings
Outlook anywhere set to the httpS address and does not work
But owa works all ok.
The other test on the test site appear to work, but more investigation reveals some still have cert warnings but work.
Any ideas.
PS: I will check my server settings
your certificate is fine , it has the correct SAN entries inside, and i saw it works.
while testing inside the lan , did you checked to connect on FAST and SLOW networks ? and verified that outlook is connected with https ?
i'll wait for more server info , but if its a server 2008 , and it's an all-in-one server (all roles) you need to do the following:
HKEY_LOCAL_MACHINE\SYSTEM\ CurrentCon trolSet\Se rvices\Tcp ip6\Parame ters\
add 32bit Dword , DisabledComponents with value 0xffffffff
then, edit the server HOSTS file , add the server ip and map it to its nbt + fqdn name:
1.1.1.1 NETBIOSNAME
1.1.1.1 FQDNNAME.DOMAIN.CORP
restart server after this change.
while testing inside the lan , did you checked to connect on FAST and SLOW networks ? and verified that outlook is connected with https ?
i'll wait for more server info , but if its a server 2008 , and it's an all-in-one server (all roles) you need to do the following:
HKEY_LOCAL_MACHINE\SYSTEM\
add 32bit Dword , DisabledComponents with value 0xffffffff
then, edit the server HOSTS file , add the server ip and map it to its nbt + fqdn name:
1.1.1.1 NETBIOSNAME
1.1.1.1 FQDNNAME.DOMAIN.CORP
restart server after this change.
ASKER
Server info.
Windows server 2003 STD edition SP2
Exchange server 2007 STD editions SP1
Server is a domain controller with FSMO roles.
Exchange is front and back in one - transport and edge configured.
New to Exchange 2007 so wording may wrong.
Windows server 2003 STD edition SP2
Exchange server 2007 STD editions SP1
Server is a domain controller with FSMO roles.
Exchange is front and back in one - transport and edge configured.
New to Exchange 2007 so wording may wrong.
i'll need some output ..
from the exchange shell paste me outputs of :
get-outlookanywhere
get-clientaccessserver | fl
Get-AutodiscoverVirtualDir ectory | fl
from the exchange shell paste me outputs of :
get-outlookanywhere
get-clientaccessserver | fl
Get-AutodiscoverVirtualDir
ASKER
Here are the outputs. All in one file.
svr2-report.txt
svr2-report.txt
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I only set the system with NTLM after you advised me to check it earlier.
I originally just had it set with normal authentication - It just asked for a password and failed.
I will now change the settings as above and re-advise afterwards.
I originally just had it set with normal authentication - It just asked for a password and failed.
I will now change the settings as above and re-advise afterwards.
ASKER
I have now changed those settings and it appears to work OK.
Now the interesting bit - my boss (in China at moment) has the issue.
Should I (how do I) get it outlook to talk to the exchange server through external gateway link when not already configured with internal connection.
Now the interesting bit - my boss (in China at moment) has the issue.
Should I (how do I) get it outlook to talk to the exchange server through external gateway link when not already configured with internal connection.
great !
well, autodiscover profile is only when creating a new one , i dont think you want that for your boss ....
just send him directions and the screenshot of the settings and he'll be fine.
well, autodiscover profile is only when creating a new one , i dont think you want that for your boss ....
just send him directions and the screenshot of the settings and he'll be fine.
ASKER
Have just tried from home and appears to work OK. few!
He is in China and I leave for Egypt before he gets back so could have been nasty.
He is in China and I leave for Egypt before he gets back so could have been nasty.
great job.
ASKER
The laptop is not actually part of my business domain - so it will keep asking for the password every time outlook is opened. Is there any way around this.
I know I could just ask him to make his local password the same as the domain/exchange password, or just add the machine to the domain (preferred), but is there another way.
I know I could just ask him to make his local password the same as the domain/exchange password, or just add the machine to the domain (preferred), but is there another way.
just add him to the domain , much better for everyone :)
ASKER
Thanks.
have you configured properly the outlook anywhere settings , that is entering external name & choosing BASIC/NTLM ?
you sure you configured the outlook client properly ?