?
Solved

Outlook Anywhere setup where local domain is same as company domain

Posted on 2009-06-30
9
Medium Priority
?
269 Views
Last Modified: 2012-05-07
I have just migrated a SBS 2003 domain to SBS 2008. The previous IT guy set up the network so the local domain is the same as the company domain (so company.com.au not company.local). Everything works except Outlook Anywhere. When I run Exchange BPA it reports that there is a certificate mismatch. Now I am using a 3rd party certificate linked to the external FQDN of the SBS Server. RWW and OWA work fine. But the detail of the Exchange BPA says that the principal name is set to domain.com.au not office.domain.com.au. I have used the Exchange Management Shell to update the principal name as suggested by the BPA but this has made no difference.

So any suggestions on how to fix this situation?

Regards,
Ben
0
Comment
Question by:muaddib32
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 10

Expert Comment

by:PlusIT
ID: 24754785
yes the behaviour of outlook anywhere changed in 2008.  The mismatch error on the SSL certificate is because teh client first tries to connect to autodiscover.domain before connecting to the outlook anywhere FQDN.

There are different solutions to this:
- use a self signed certificate that you trust on your domain (all pc's using outlook any should be in the domain!)
- use a 600$ ssl certificate which supports multiple cn's
- use one host to connect and change DNS settings according to KB940881 (this is what i do) this makes sure it works with a single cn ssl cert.

If you need further assistance just let me know but i'm sure with the information i just gave you you'll find it out.  Make sure you write this so you understand how the new behaviour is: http://technet.microsoft.com/en-us/library/bb232838.aspx
0
 

Author Comment

by:muaddib32
ID: 24759059
This is the third SBS2008 server I have configured. I have not configured autodiscover on the other two and yet Outlook Anywhere works fine on them.  If your theory is correct, shouldn't it fail on the other two also?

And the Outlook 2003 RPC/HTTP test at https://www.testexchangeconnectivity.com/ fails and that is not using Autodiscover.

Are you sure that Autodiscover is the problem?
0
 
LVL 10

Expert Comment

by:PlusIT
ID: 24776794
yes and no, it shoudn't fail if you are using self signed ceritifcates and those computers are domain joined, if the cert is domain wide trusted you dont get ssl errors.

You said it yourself you are using a third party ssl cert, can you check how many CN fields it has?  If it only has one CN field then you will have to go around this problem with the info provided on KB940881
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:muaddib32
ID: 24776842
After further tests is has become apparent that the error message I am getting about the mismatched principal name is a red herring.  The step that is failing is the authentication at the TS Gateway.  RWW and TS services are failing as well as Outlook Anywhere.  Apparently this is commonly caused by the authentication settings for the RCP website being modified. But not this time! I have Microsoft PSS on the case but they are puzzled too.
0
 
LVL 10

Expert Comment

by:PlusIT
ID: 24784539
my english is not that good, what do you mean with a red herring?

btw is their an ISA server between it or any other web proxy?
0
 

Author Comment

by:muaddib32
ID: 24784640
Red herring just means a clue that leads in the wrong direction. So I don't think my problem has anything to do with the mismatched principal name. I can access other SSL sites without any problem - OWA, Sharepoint (through port 987)

No, no ISA server. That is not included with SBS 2008 Premium.
0
 
LVL 10

Expert Comment

by:PlusIT
ID: 24785048
yes but arent you accessing those with a domain joined computer, have you tried with a computer that is out of the domain to see if you get a cert warning then?
0
 

Author Comment

by:muaddib32
ID: 24785198
I have only been testing it with non-domain computers. Without any problems with the certificate. As expected, since it is a third-party certificate.
0
 

Accepted Solution

by:
muaddib32 earned 0 total points
ID: 24922492
Please close this question as I still have the problem and no-one seems to have any suggestions. No points awarded.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
Suggested Courses
Course of the Month9 days, 19 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question