SBS 2008 STD OAB fails to download. Certificate error...

DarthGraf
DarthGraf used Ask the Experts™
on
Hello All,

I've searched the solutions on this site and have yet to come up with an answer that solves my scenario.

I have a SBS 2008 server std.  I have a standard trusted SSL cert that I purchased for my remote.<domain> site. I created the request through the SBS console and applied it via the console as well.  From what I have gathered, it adds this cert to the "SBS Web Applications" website in IIS.  Also, I have read that in SBS 2008, the autodiscover web app is moved from the default website to this "sbs web applications" website as well.  Therefore, I should be able to get to https://remote.<domain>/autodiscover.

I added a DNS entry on the External dns host for Autodiscover.<domain>.

Now, problem is, my outlook clients, configured via Outlook Anywhere,  are getting a certificate error.  I also get sync errors in Outlook saying it can't download the OAB.  My understanding is that the location of the OAB is determined through the autodiscover service?  So I am thinking I need to get the autodiscover working before I get the OAB to download.  

Main question:  How do I properly configure SBS 2008 and Outlook anywhere to get my clients to use https://remote.<domain>/autodiscover (using my trusted cert) instead of it defaulting to https://autodiscover.<domain>/autodiscover ?

I checked the Exchange Management Console and the OAB is configured to use https://remote.<domain> for the external site.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Expert of the Quarter 2009
Expert of the Year 2009
Commented:
The SBS standard certificate makes some major presumptions, the main one being that your EXTERNAL DNS provider (ie on the Internet) supports SRV records. That allows the autodiscover.example.com URL to be redirected to remote.example.com which SBS uses.

If your provider does not support SRV records (And many do not) then you need to change to a SAN/UC certificate so that you can include the autodiscover.example.com URL.

If you need to deploy a SAN/UC certificate then I have instructions here: http://blog.sembee.co.uk/archive/2008/05/30/78.aspx 
If your provider does support SRV records then you need to setup them http://support.microsoft.com/kb/940881 

Simon.

Author

Commented:
Thanks for the response Simon!

My provider does NOT support SRV records.  Do you know of any other work around besides buying a new certificate?  

Thanks!
Expert of the Quarter 2009
Expert of the Year 2009

Commented:
Other than changing provider?
No.
Those are the only two methods that are available.

Simon.
These are the first two ways in sequence, outlook 2007 will use to connect to autodiscover service using outlook anywhere if any one of these is working for you without any certificate error then you dont need to go for new certificate.

https://xyz.com/autodiscover/autodiscover.xml
https://autodiscover.xyz.com/autodiscover/autodiscover.xml

if any of those methods dont work for you then either you need to go for SAN certificate or SRV record which you ISP doesnt support.you need to go for SAN in this case.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial