Solved

Certificate problem

Posted on 2009-07-08
16
509 Views
Last Modified: 2012-05-07
I have a working Exchange 2007 system here in the States. I build a new Ex2k7 system in Europe and imported a wildcard cert. When my users log on locally, they get a certificate error. Shouldn't a wild card cert cover the server there?
0
Comment
Question by:simpson-it
  • 8
  • 7
16 Comments
 
LVL 8

Expert Comment

by:Npatang
ID: 24806244
What is the SCP URL set on the CAS box  and what is the domain name mentioned in the cert .. That should match..
YOu can check the INternalUri by running
Get-ClientAccessServer |fl
0
 

Author Comment

by:simpson-it
ID: 24806373
Here is my output. The 46 site is my European site. All reference to 29 is my US stie. Only my US site hosts OWA.


accessserveroutput.txt
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24806466
Your Wild card cert should cover this server as well.
Try accessing this URL https://46caht1.simpsonmfg.com/Autodiscover/Autodiscover.xml from the client and see if you are able to browse it or not. You should some kind of CODE (600).
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:simpson-it
ID: 24806482
<?xml version="1.0" encoding="utf-8" ?>
- <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
- <Response>
- <Error Time="20:06:59.7648473" Id="2084522505">
  <ErrorCode>600</ErrorCode>
  <Message>Invalid Request</Message>
  <DebugData />
  </Error>
  </Response>
  </Autodiscover>
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24806520
When you get the CERT error what is the URL it is reffering Also at the same time click on view certificate and see which certificate is showing there.
0
 
LVL 8

Accepted Solution

by:
Npatang earned 500 total points
ID: 24806548
Also check the URL on Virtual directory it hsould match with your SCP value.
For help see the Article http://support.microsoft.com/kb/940726 
0
 

Author Comment

by:simpson-it
ID: 24806576
Should it match the OWA gateway for the organization then?
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24806609
All your internal URl on the virualdirectory should match to https://46caht1.simpsonmfg.com/ (asper the article) as your SCP value is set to the same FQDN
0
 

Author Comment

by:simpson-it
ID: 24807881
Right, but my actual OWA address filters through another server. Does that matter?
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24807933
That must be for etxernal I guess. we just need to change the internal url's.. or I am quite not understanding that ...
0
 

Author Comment

by:simpson-it
ID: 24808010
I'm not certain that I quite understand either. I have a CAS/HT server and MB Server in each location. Here in the states, I have a CAS/HT NLB Cluster. All of my external clients access OWA through https://secure.simpsonmfg.com/exchange which routes to 29cahtc (my CAS/HT cluster). I obviously needed a CAHT server in each AD Site, so I added 46caht1. 46caht1 should only be a cas proxy to my 29 site. That being said, I used a wildcard cert for *.simpsonmfg.com for the 46caht1 server ONLY for internal SSL connections to 29cahtc. Does that help to explain the problem at all? Sorry about not spilling all this out originally. :)
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24808055
Thats fine you can try what was suggested earlier.

All your internal URl on the virualdirectory should match to https://46caht1.simpsonmfg.com/ (asper the article) as your SCP value is set to the same FQDN on 46aht server. You can use the article 940726 for further understanding
0
 

Author Comment

by:simpson-it
ID: 24808156
Ok, i applied these changes and now when I try to access https://46caht1.simpsonmfg.com/exchange, I get the login screen and then this:

Outlook Web Access is not available. If the problem continues, contact technical support for your organization and tell them the following: There is no Microsoft Exchange Client Access server that has the necessary configuration in the Active Directory site where the mailbox is stored.
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24808201
Did you chnage  any url for OWA Vdir .. of yes we don't have ,, settings the URL as per the article willnot effect OWA
0
 

Author Comment

by:simpson-it
ID: 24808320
I changed all three VDirs as described in the article.
0
 
LVL 13

Expert Comment

by:lastlostlast
ID: 24809688
Let me understand the scenario first...

We have 2 sites: US and Europe.
You had an E2k7 CAS,HUB,MBX setup in US site.
You now have setup E2k7 CAS, HUB,MBX in the Europe site.

You then exported the wildcard certificate from the US CAS server to the EUROPE CAS Server.

Now when your users who have Mailbox in the Europe site are connecting with Outlook, they get a certificate error.

Now if you click on the 'View Certificate' option, what certificate shows up?
Also if you run Test Email Auto Configuration, what results does it give. Check the URL's that it returns for OAB, EWS and autodiscover.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question