Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Wild Card Certificate and Outlook 2007

Posted on 2009-07-14
4
Medium Priority
?
971 Views
Last Modified: 2012-05-07
I am running windows 2008 small business server.  We have implemented outlook anywhere with exchange 2007.  Most of the clients are running Outlook 2007.  SBS comes preconfigured with everything using Remote.domain.com  and it was recommended to use a wild card ssl for different sub domains if necessary.

The issue i am running into is with Outlook Anywhere on the Outlook 2007 client machines.  In the account setup on the client machine,  In the exchange proxy settings, I have the setting use SSL checked, as well as Only connect to  proxy servers that have this principal name in the certificate:

msstd:*.domain.com

Everything works beautifully.  But on semi-frequent occassions, the above setting is automatically changing in outlook to read:  msstd:remote.domain.com  and then it fails with the password prompt over and over again.  As soon as i change the sub domain back to the * it all works again.

Is there anyway to get Outlook 2007 to stop changing that setting?  I haven't seen it occur with any of the 2003 Outlook clients.  Its really annoying.  I have people that will work for a couple of months with no issues and then I  have certain people that the setting changes every few weeks.  

Any help would be appreciated.

Thanks
0
Comment
Question by:jbmos2333
  • 2
4 Comments
 
LVL 65

Expert Comment

by:Mestha
ID: 24854747
The recommendation to use a wildcard was wrong.
That cannot have been a Microsoft recommendation, as they don't say that. It sounds like yet another of the misconceptions around the SAN/UC requirement of Exchange 2007 which continues to be spread. A SAN/UC is not a wildcard certificate, and a wildcard certificate is not a suitable replacement.

The reason it is changing is because Autodiscover is correcting it. Outlook 2003 doesn't use autodiscover so cannot be corrected. SBS 2008 is built around the remote.example.com host name and most things will be set to that in the virtual directories.
I don't believe Exchange 2007 will let you set the URL for Outlook Anywhere as *.example.com, which means you cannot stop autodiscover from correcting the URL.

Your best option would be to get a SAN/UC certificate, or at least a single name certificate for remote.example.com and use that instead. If your external DNS provider supports SRV records then a single name certificate will do the job.

Simon.
0
 
LVL 13

Accepted Solution

by:
lastlostlast earned 1000 total points
ID: 24854819
run the cmd in exchange management shell

set-OutlookProvider EXPR -CertPrincipalName *.domain.com

This should help you out... let me know if you have any concerns...
0
 

Author Comment

by:jbmos2333
ID: 24861022
Going to give it a try.  But before I was able to, Outlook Anywhere just quit working.  Trying to get it back up.
0
 

Author Closing Comment

by:jbmos2333
ID: 31603517
Exactly what i needed.  Sorry I forgot to award the points for this.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Steps to fix “Unable to mount database. (hr=0x80004005, ec=1108)”.
In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question