Mistalanious
asked on
RPC over HTTP certificate problem
I recently setup a 2010 exchange server. All local emails and OWA works but when I try to connect a off site user via RPC over HTTP, I get the following error.
"There is a problem with the proxy server's security certificate. The security certificate is not from a trusted certifying authority.
Outlook is unable to connect to the proxy server domain.com. (Error Code 18)"
So the following troubleshooting steps have already been taken.
1. Reinstalling the certificate from the HTTPS:// site manually in the root auth folder.
2. Using multiple laptops at different locations. (Outlook 2007)
3. Uninstalling RPC over HTTP proxy and reinstalling it on the server.
There are no errors in the event logs or any email issues besides this. Is there any special ports that need to be opened in the firewall besides HTTPS?
Thank You
"There is a problem with the proxy server's security certificate. The security certificate is not from a trusted certifying authority.
Outlook is unable to connect to the proxy server domain.com. (Error Code 18)"
So the following troubleshooting steps have already been taken.
1. Reinstalling the certificate from the HTTPS:// site manually in the root auth folder.
2. Using multiple laptops at different locations. (Outlook 2007)
3. Uninstalling RPC over HTTP proxy and reinstalling it on the server.
There are no errors in the event logs or any email issues besides this. Is there any special ports that need to be opened in the firewall besides HTTPS?
Thank You
Shreedhar Ette
Does the certificate installed on the server is self signed?
Also Test Outlook Anywhere Connectivity at https://www.testexchangeconnectivity.com/
does it let you in to OWA when you click on "Continue (not recommended) in IE or :I ubderstand risk ..." if FireFox ? if yes you will have to get godaddy certificate.
ASKER
Thanks guys for the responses. I completely forgot I even posted on here. My mind has been in a million places.
shreedhar: When you say the certificate is self signed you mean its not a purchased one through a Thawte type company correct? If that is what you are asking no its just the one generated by the server.
aucklandnz: When I go directly to the OWA site which is https://exchange.domain.com/owa it works fine.
I tested with the Outlook Anywhere Connectivity and it got stuck on the
Testing SSL Certificate for validity.
The SSL Certificate failed one or more certificate validation checks.
Test Steps
Validating certificate name
Certificate name validation failed
Tell me more about this issue and how to resolve it
Additional Details
Host name exchange.domain.com does not match any name found on the server certificate CN=SERVERNAME
shreedhar: When you say the certificate is self signed you mean its not a purchased one through a Thawte type company correct? If that is what you are asking no its just the one generated by the server.
aucklandnz: When I go directly to the OWA site which is https://exchange.domain.com/owa it works fine.
I tested with the Outlook Anywhere Connectivity and it got stuck on the
Testing SSL Certificate for validity.
The SSL Certificate failed one or more certificate validation checks.
Test Steps
Validating certificate name
Certificate name validation failed
Tell me more about this issue and how to resolve it
Additional Details
Host name exchange.domain.com does not match any name found on the server certificate CN=SERVERNAME
ASKER
After searching around the interweb I have found that I need a certificate for exchange.domain.com on the Exchange Server. Can this be a Self-Signed Certificate? Or for Exchange 2010 does it have to be issued by a Company?
ASKER
Okay so I know its a SSL Certificate issue but now im trying to see how to create a SSL Certificate. Anybody have a good walk through for Exchange 2010?
Hi,
Check this article:
http://msmvps.com/blogs/andersonpatricio/archive/2009/10/02/how-to-renew-the-self-signed-certificate-using-exchange-2010.aspx
I hope this helps,
Shree
Check this article:
http://msmvps.com/blogs/andersonpatricio/archive/2009/10/02/how-to-renew-the-self-signed-certificate-using-exchange-2010.aspx
I hope this helps,
Shree
ASKER
I wasn't able to get anything from that link. Thank you though
Hi,
Use this below command to create a certificate:
New-ExchangeCertificate -SubjectName "cn=server fqdn" -DomainName autodiscover.externaldomai
However you need to modify the command to your requirements.
This command needs to be run from the power shell.
I hope this helps,
Shree
Use this below command to create a certificate:
New-ExchangeCertificate -SubjectName "cn=server fqdn" -DomainName autodiscover.externaldomai
However you need to modify the command to your requirements.
This command needs to be run from the power shell.
I hope this helps,
Shree
i would recommend to buy a SSL certificate,
link below explains how to install it
http://help.godaddy.com/article/4801
IIS7
http://help.godaddy.com/article/4801
IIS6
http://help.godaddy.com/article/4875
link below explains how to install it
http://help.godaddy.com/article/4801
IIS7
http://help.godaddy.com/article/4801
IIS6
http://help.godaddy.com/article/4875
ASKER
I would get a SSL Cert through a CA but I'm on budget. I created the correct certificate but now need to complete it. How do I go about approving it?
ASKER
I tried that site but they wont let you watch any of those videos unless you buy their crap. BOOO~!
Hi,
Check the attached snapshot you will find a Import Certificate Option in Right Hand Side window.
---------
Shree
exchange2007.JPG
Check the attached snapshot you will find a Import Certificate Option in Right Hand Side window.
---------
Shree
exchange2007.JPG
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Buying a cheap SSL Cert from a CA was the quick, cheap, and easiest way to go.