SSL Certificate for Exchange 2007 Outlook Anywhere

I have Exchange 2007 configured for Outlook Anywhere. I have installed a single CN certificate owa.mydomain.com. Outlook web access works fine from the outside.

From inside Outlokk 2003 and 2007 client connect no problem, Test the autodiscovery from inside works fine.

From Outside Outlook 2007 does not connect, I sometimes get a certificate warning for autodiscover.mydomain.com. Sometime it does apear to connect but the login prompt will continue to pop up.

My internal domain is the same as my external, so do I need to get a Multiple name SSL Certificate with autodiscover.mydomain.com and owa.mydomain.com to fix my issues?

Thanks

Harold

hpeetAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MesthaCommented:
Ideally you need to have a SAN/UC certificate so that the certificate is accepted and ensure the names resolve.
Does autodiscover.example.com resolve to your Exchange server or elsewhere?

It is possible to use a single name SSL certificate but autodiscover must not resolve anywhere and the domain name provider on the internet must support SRV records - many do not.

I have outlined what needs to be done for a SAN/UC certificate on my blog here:
http://blog.sembee.co.uk/archive/2008/05/30/78.aspx

If you insist on using a single name certificate then I have the instructions here:
http://www.amset.info/exchange/singlenamessl.asp

Simon.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
hpeetAuthor Commented:
Thanks Mestha:

autodiscover.mydomain.com and owa.mydomain.com go to the exchange server.

I will look at your postings.

Harold
0
Rajith EnchiparambilOffice 365 & Exchange ArchitectCommented:
Ideally you would need a SAN/UCC cert to take full functionality of your Exchange 2007 / Outlook 2007 environment.

You can get a cheap one from https://domainsforexchange.net/
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

hpeetAuthor Commented:
is the Standard SSL Certificate Multiple Domain (UCC) suitable for Exchagne 2007?
0
MesthaCommented:
The standard five name certificate at US$60/year are all that you need.

Simon.
0
Rajith EnchiparambilOffice 365 & Exchange ArchitectCommented:
Yes, the std one is fine in your case. Do add additional names if you have something else to protect, like a public sharepoint site etc.
0
hpeetAuthor Commented:
I go the UC certificate and have it installed, OWA works fine, Outlook ANywhere Passes from the Test site.

Outlook 2007 connects but after a little askes for the username/password and continues to do this.

This is running on Windows 2008 server, I have disabled ipv6.

Harold
0
MesthaCommented:
Do the autodiscover tests work as well?
The authentication prompt should say what it is that is asking for authentication.

Simon.
0
hpeetAuthor Commented:
Yes the autodiscover tests seem to pass. The log shows it fails on autodiscovery https://mydomain.com/autodiscover/autodiscover.xml but passes the https://owa.mydomain.com/autodiscover/autodiscover.xml.

When I look at the connection status when the Authentication prompt comes up it is trying to connect to the directory.

Harold
0
MesthaCommented:
Does autodiscover.example.com actually resolve anywhere?

Simon.
0
hpeetAuthor Commented:
Yes from the outside it resolves to the same as owa.mydomain.com.

Harold
0
MesthaCommented:
If autodiscover is configuring Outlook correctly and you are still getting prompts then that would tend to point to Outlook Anywhere not working correctly. I have seen this a few times it requires resetting Outlook Anywhere.

Basically...

Disable Outlook Anywhere in Exchange.
Remove the RPC Proxy component from Windows Components
Delete the two RPC virtual directories from IIS manager
Run IISRESET from a command prompt.

Then
Install the RPC Proxy component again
Enable Outlook Anywhere
Wait 15 minutes then run IISRESET again and test again.

Simon.
0
hpeetAuthor Commented:
I tried what you suggested, it connects fine when then after a couple minutes the authentication box pops up asking to authenticate to autodiscover.mydomain.com, put in the password sometimes up to 5 times then it will go away then comes back couple minutes later?

Harold
0
hpeetAuthor Commented:
I reapplied the url https://owa.mydoman.com to the external Webservice

Set-WebServicesVirtualDirectory -identity "EXCH\EWS (Default Web Site)" -externalurl https://mail.example.com/EWS/Exchange.asmx -WindowsAuthentication:$True

That seems to have fixed the Authentication box poping up for autodiscover.mydomain.com.

Know if I do a send Recevie it does the send part then authentication popup for owa.mydomain.com put in the password and it finishes, it also does this authentication popup to owa.mydomain.com when I download the Offline Address Book. After I put in the password it appears to work.

Harold
0
hpeetAuthor Commented:
If I remove the download offline address book from send/receive it looks like it works fine.

It appears I have an authentication issue downloading the Offline address book, works fine from an inside connection only a problem when connecting through Outlook Anywhere.

Harold
0
hpeetAuthor Commented:
Thanks Simon,

I will post any other issues in a new question.

Harold
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.