Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

SSL Certificate configuration

Posted on 2009-05-05
16
Medium Priority
?
702 Views
Last Modified: 2012-05-06
I have set up a certificate for exchange and outlook anywhere, but it does not appear to work.
I have tested it on the testing website and it reported the following error (see attached)

Setup:
My Exchange server sits behind a router.  HTTPS port open
external connection - gateway.pyramid-products.com
internal connection - svr2.pyramid.local
Certificate by - godaddy.com

Laptop connected on internal network - works ok + Outlook anywhere proxy settings set to external address.

The connection to OWA works fine.  Active sync devices work OK (ipaq + iphone)
When I try to connect from an external source on the laptops using the outlook anywhere settings it does not work. It request a username and password and advises will not work.

Can someone please advise what exactly is wrong and what i can do to fix it.

sync-errors.pdf
0
Comment
Question by:dexterhome
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 8
16 Comments
 
LVL 6

Expert Comment

by:ilantz
ID: 24304431
is the server you installed exchange 2007 on is 2008 ?
have you configured properly the outlook anywhere settings , that is entering external name & choosing BASIC/NTLM ?
you sure you configured the outlook client properly ?
0
 
LVL 6

Expert Comment

by:ilantz
ID: 24304443
humm and.. did you try to configure the profile manually , not using the autodiscover with outlook 2007 ?
that is outlook 2003 "style" ..
0
 
LVL 5

Author Comment

by:dexterhome
ID: 24304622
Outlook configured on machine while connected internally - works fine.
Outlook anywhere set to the httpS address and does not work

But owa works all ok.
The other test on the test site appear to work, but more investigation reveals some still have cert warnings but work.

Any ideas.

PS: I will check my server settings
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 6

Expert Comment

by:ilantz
ID: 24304706
your certificate is fine , it has the correct SAN entries inside, and i saw it works.
while testing inside the lan , did you checked to connect on FAST and SLOW networks ? and verified that outlook is connected with https ?
i'll wait for more server info , but  if its a server 2008 , and it's an all-in-one server (all roles) you need to do the following:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\
add 32bit Dword , DisabledComponents with value 0xffffffff

then, edit the server HOSTS file , add the server ip and map it to its nbt + fqdn name:

1.1.1.1   NETBIOSNAME
1.1.1.1   FQDNNAME.DOMAIN.CORP

restart server after this change.
0
 
LVL 5

Author Comment

by:dexterhome
ID: 24306192
Server info.
Windows server 2003 STD edition SP2
Exchange server 2007 STD editions SP1

Server is a domain controller with FSMO roles.
Exchange is front and back in one - transport and edge configured.
New to Exchange 2007 so wording may wrong.
0
 
LVL 6

Expert Comment

by:ilantz
ID: 24306889
i'll need some output ..

from the exchange shell paste me outputs of :

get-outlookanywhere

get-clientaccessserver | fl

Get-AutodiscoverVirtualDirectory | fl
0
 
LVL 5

Author Comment

by:dexterhome
ID: 24309324
Here are the outputs.  All in one file.
svr2-report.txt
0
 
LVL 6

Accepted Solution

by:
ilantz earned 2000 total points
ID: 24309544
i see you configured NTLM for client authentication. for that to work you must use configure the certificate principle name (Issued To:) in outlook anywhere settings within your outlook profile. i've attached the sample for you.

if it still fails , run the following to make sure it is configured.

Set-OutlookProvider EXPR -Server SRV2 -CertPrincipalName msstd:gateway.pyramid-products.com

hope this solved it.
msstd.PNG
0
 
LVL 5

Author Comment

by:dexterhome
ID: 24311766
I only set the system with NTLM after you advised me to check it earlier.
I originally just had it set with normal authentication - It just asked for a password and failed.

I will now change the settings as above and re-advise afterwards.
0
 
LVL 5

Author Comment

by:dexterhome
ID: 24317453
I have now changed those settings and it appears to work OK.

Now the interesting bit - my boss (in China at moment) has the issue.
Should I (how do I) get it outlook to talk to the exchange server through external gateway link when not already configured with internal connection.

0
 
LVL 6

Expert Comment

by:ilantz
ID: 24317486
great !
well, autodiscover profile is only when creating a new one , i dont think you want that for your boss ....
just send him directions and the screenshot of the settings and he'll be fine.
0
 
LVL 5

Author Comment

by:dexterhome
ID: 24318088
Have just tried from home and appears to work OK.  few!

He is in China and I leave for Egypt before he gets back so could have been nasty.
0
 
LVL 6

Expert Comment

by:ilantz
ID: 24320132
great job.
0
 
LVL 5

Author Comment

by:dexterhome
ID: 24320229
The laptop is not actually part of my business domain - so it will keep asking for the password every time outlook is opened.  Is there any way around this.

I know I could just ask him to make his local password the same as the domain/exchange password, or just add the machine to the domain (preferred), but is there another way.
0
 
LVL 6

Expert Comment

by:ilantz
ID: 24323593
just add him to the domain , much better for everyone :)
0
 
LVL 5

Author Closing Comment

by:dexterhome
ID: 31578005
Thanks.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question