ianrusty
asked on
Server Ceritifacte error on exchange 2007 after installing a new certificate
I have recently installed a purchased external certificate to ebcrypt pushmail to handheld devices. The good news is that part of the confiuration is working. But now when i start oiutlook 2007 i get a server certificate error i click yes to allow the use of the certificate it has found, then outlook starts ok. i think this is because i have only asociated the external certificate to the iis site??
also when try to access the out of office assistant i get the out of office assistant cannot be displayed, the server is unavailable. i think this may be associated with the certificate also.
Thanks in advance for any assistance.
also when try to access the out of office assistant i get the out of office assistant cannot be displayed, the server is unavailable. i think this may be associated with the certificate also.
Thanks in advance for any assistance.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Engurekona the same has been mentioned in the above given article
He is correct...I didn't look at his answer first. Sorry about that I have to run this cmdlet about once a week.
The name of the security certificate is invalid or does not match the name of the site
Is this is the same error that you are getting when Opening Outlook or is this something else??
Please post the Exact error.
Is this is the same error that you are getting when Opening Outlook or is this something else??
Please post the Exact error.
ASKER
All,
thanks allot for all your assistance, i'll be continueing with this issue later today. SAAKAR_RAO: yes its when opening outlook, but i also then get an error trying to access out of office assistant, i get it is unavailable. At the moment unsure wether it is related. As for server names etc externally we use HTTPS://pushmail.globaltextiles.co.uk for mobile connectivity to exchange, internally the exchange server is on an sbs 2008 server with all roles on the 1 box, with an fqdn of gt2008server.gtdomain.loca l. Now in iis to get the externally sources certificate to work i had to go into iis binding and select the purchased certificate etc as in the IIS certificate binding config screen shot attached. Before i did this although the certficate was installed, it seemed to get ignored and could get access externally using it. Again thanks to you all for your much apreciated assistance.
Global.bmp
thanks allot for all your assistance, i'll be continueing with this issue later today. SAAKAR_RAO: yes its when opening outlook, but i also then get an error trying to access out of office assistant, i get it is unavailable. At the moment unsure wether it is related. As for server names etc externally we use HTTPS://pushmail.globaltextiles.co.uk for mobile connectivity to exchange, internally the exchange server is on an sbs 2008 server with all roles on the 1 box, with an fqdn of gt2008server.gtdomain.loca
Global.bmp
Awesome at least it wroked for you..
ASKER
Hello, could you please look over the eddited lines below to make sure i have the syntax correct for our setup, again the full fqdn server name is gt2008server.gtdomain.loca l, and the external link that gets used is https://pushmail.globaltextiles.co.uk
thanks
Set-ClientAccessServer -Identity gt2008server.gtdomain.loca l -AutoDiscoverServiceIntern alUri https://exchange.gt2008server.gtdomain.local/Autodiscover/Autodiscover.xml <internal server address>
Set-WebServicesVirtualDire ctory -Identity "gt2008server.gtdomain.loc al\EWS (Default Web Site)" -InternalURL https://exchange.gt2008server.gtdomain.local/EWS/Exchange.asmx -BasicAuthentication:$true <again internal address>
Set-OABVirtualDirectory -Identity "gt2008server.gtdomain.loc al\OAB (Default Web Site)" -InternalURL https://exchange.gt2008server.gtdomain.local/OAB <internal address>
Set-ActiveSyncVirtualDirec tory -Identity "EXCHANGESERVERNAME\Micros oft-Server -ActiveSyn c (Default Web Site)" -ExternalURL https://pushmail.globaltextiles.com/Microsoft-Server-Activesync <external address>
thanks
Set-ClientAccessServer -Identity gt2008server.gtdomain.loca
Set-WebServicesVirtualDire
Set-OABVirtualDirectory -Identity "gt2008server.gtdomain.loc
Set-ActiveSyncVirtualDirec
Change these: For -Identity "gt2008server.gtdomain.loc al\EWS
to -Identity gt2008server\EWS
to -Identity gt2008server\EWS
If your certificate enabled on IIS is pushmail.globaltextiles.co m then you should use:
Set-ClientAccessServer -Identity gt2008server -AutoDiscoverServiceIntern alUri https://pushmail.globaltextiles.com/Autodiscover/Autodiscover.xml
Set-WebServicesVirtualDire ctory -Identity "gt2008server\EWS (Default Web Site)" -InternalURL https://pushmail.globaltextiles.com/EWS/Exchange.asmx -BasicAuthentication:$true
Set-OABVirtualDirectory -Identity "gt2008server\OAB (Default Web Site)" -InternalURL https://pushmail.globaltextiles.com/OAB
Set-ActiveSyncVirtualDirec tory -Identity "gt2008server\Microsoft-Se rver-Activ eSync (Default Web Site)" -ExternalURL https://pushmail.globaltextiles.com/Microsoft-Server-Activesync
Set-ClientAccessServer -Identity gt2008server -AutoDiscoverServiceIntern
Set-WebServicesVirtualDire
Set-OABVirtualDirectory -Identity "gt2008server\OAB (Default Web Site)" -InternalURL https://pushmail.globaltextiles.com/OAB
Set-ActiveSyncVirtualDirec
your certficate is issued to pushmail.globaltextiles.co .uk/ so this url needs to published and also mkake sure that you be able to resolve this url internally
Set-ClientAccessServer -Identity gt2008server.gtdomain.loca l -AutoDiscoverServiceIntern alUri https://pushmail.globaltextiles.co.uk/Autodiscover/Autodiscover.xml <internal server address>
Set-WebServicesVirtualDire ctory -Identity "gt2008server.gtdomain.loc al\EWS (Default Web Site)" -InternalURL https://pushmail.globaltextiles.co.uk/EWS/Exchange.asmx -BasicAuthentication:$true <again internal address>
Set-OABVirtualDirectory -Identity "gt2008server.gtdomain.loc al\OAB (Default Web Site)" -InternalURL https://pushmail.globaltextiles.co.uk/OAB <internal address>
Set-ActiveSyncVirtualDirec tory -Identity "EXCHANGESERVERNAME\Micros oft-Server -ActiveSyn c (Default Web Site)" -ExternalURL https://pushmail.globaltextiles.com/Microsoft-Server-Activesync <external address>
Set-ClientAccessServer -Identity gt2008server.gtdomain.loca
Set-WebServicesVirtualDire
Set-OABVirtualDirectory -Identity "gt2008server.gtdomain.loc
Set-ActiveSyncVirtualDirec
ASKER
ok thanks for clearing that for me. iguess ill need to make some dns changes also then
yes you have to . you need to make sure that the external uRL should resolve to internal IP of CAS server
ASKER
ok, again many thanks for everybodys input, i have configure another dns zone for the pushmail.globaltextiles.co .uk to resolve to the internal ip address of the sbs server, then added the lines as advised above. I'll be speaking to the users in the morning, so i'll update then... fingers crossed!!
ASKER
Ok that has got rid of the initial certificate error on startup of outlook, thanks to you all!!
When i try to open the out of office assistant i get the error
"Your out of office settings cannot be displayed, because the server is currently unavailable"
I have run the get0autodiscovervirtualdir ectory, and found that there is no internal url, i have then ran the set-autodiscover command again and still no internal url (please see screen shot)
any ideas?
global02.jpg
When i try to open the out of office assistant i get the error
"Your out of office settings cannot be displayed, because the server is currently unavailable"
I have run the get0autodiscovervirtualdir
any ideas?
global02.jpg
Try:
remove-autodiscovervirtual directory "Autodiscover (Default Web Site)"
then
New-Autodiscovervirtualdir ectory
then
Set-ClientAccessServer -Identity GT2008SERVER -AutoDiscoverServiceIntern alUri https://FQDNOFCERTHERE/Autodiscover/Autodiscover.xml
remove-autodiscovervirtual
then
New-Autodiscovervirtualdir
then
Set-ClientAccessServer -Identity GT2008SERVER -AutoDiscoverServiceIntern
ASKER
hi, thanks for the reply, ran throught hose commands, they all got accespted ok with no errors, but still gives me no internalUrl
Did this resolve your OOF error?
ASKER
hello, no it still give server not available for the out of offfice assistant
And exchange.ourcompany.com = what the public cert is keyed at
more resources:
http://www.shudnow.net/2007/08/10/outlook-2007-certificate-error/