RPC over HTTP certificate problem

I recently setup a 2010 exchange server.  All local emails and OWA works but when I try to connect a off site user via RPC over HTTP, I get the following error.

"There is a problem with the proxy server's security certificate.  The security certificate is not from a trusted certifying authority.

Outlook is unable to connect to the proxy server domain.com. (Error Code 18)"

So the following troubleshooting steps have already been taken.

1.  Reinstalling the certificate from the HTTPS:// site manually in the root auth folder.
2.  Using multiple laptops at different locations.  (Outlook 2007)
3.  Uninstalling RPC over HTTP proxy and reinstalling it on the server.

There are no errors in the event logs or any email issues besides this.  Is there any special ports that need to be opened in the firewall besides HTTPS?

Thank You
LVL 1
MistalaniousAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Shreedhar EtteCommented:
Does the certificate installed on the server is self signed?

0
Shreedhar EtteCommented:
Also Test Outlook Anywhere Connectivity at https://www.testexchangeconnectivity.com/
0
aucklandnzCommented:
does it let you in to OWA when you click on "Continue (not recommended) in IE or :I ubderstand risk ..." if FireFox ? if yes you will have to get godaddy certificate.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

MistalaniousAuthor Commented:
Thanks guys for the responses.  I completely forgot I even posted on here.  My mind has been in a million places.

shreedhar: When you say the certificate is self signed you mean its not a purchased one through a Thawte type company correct?  If that is what you are asking no its just the one generated by the server.

aucklandnz: When I go directly to the OWA site which is https://exchange.domain.com/owa it works fine.

I tested with the Outlook Anywhere Connectivity and it got stuck on the

      Testing SSL Certificate for validity.
       The SSL Certificate failed one or more certificate validation checks.
       
      Test Steps
       
      Validating certificate name
       Certificate name validation failed
        Tell me more about this issue and how to resolve it
       
      Additional Details
       Host name exchange.domain.com does not match any name found on the server certificate CN=SERVERNAME
0
MistalaniousAuthor Commented:
After searching around the interweb I have found that I need a certificate for exchange.domain.com on the Exchange Server.  Can this be a Self-Signed Certificate?  Or for Exchange 2010 does it have to be issued by a Company?
0
MistalaniousAuthor Commented:
Okay so I know its a SSL Certificate issue but now im trying to see how to create a SSL Certificate.  Anybody have a good walk through for Exchange 2010?
0
MistalaniousAuthor Commented:
I wasn't able to get anything from that link.  Thank you though
0
Shreedhar EtteCommented:
Hi,

Use this below command to create a certificate:
New-ExchangeCertificate -SubjectName "cn=server fqdn" -DomainName autodiscover.externaldomain.org, mail.externaldomain.org, server name, server fqdn -PrivateKeyExportable $True | Enable-ExchangeCertificate -Services IIS,POP,SMTP,IMAP"

However you need to modify the command to your requirements.

This command needs to be run from the power shell.

I hope this helps,
Shree
0
aucklandnzCommented:
i would recommend to buy a SSL certificate,

link below explains how to install it

http://help.godaddy.com/article/4801

IIS7
http://help.godaddy.com/article/4801

IIS6
http://help.godaddy.com/article/4875

0
MistalaniousAuthor Commented:
I would get a SSL Cert through a CA but I'm on budget.  I created the correct certificate but now need to complete it.  How do I go about approving it?
0
MistalaniousAuthor Commented:
I tried that site but they wont let you watch any of those videos unless you buy their crap.  BOOO~!
0
Shreedhar EtteCommented:
Hi,

Check the attached snapshot you will find a Import Certificate Option in Right Hand Side window.

---------
Shree
exchange2007.JPG
0
MistalaniousAuthor Commented:
Alright,  I broke down and purchased a SSL certificate from GoDaddy.  I was able to import it fairly easily so it definitely is a lot easier than doing it all yourself.  The issue i'm running into now is that I have a different A Record setup for autodiscover.domain.com.  I cant assign certificate services that match the certificate services on the exchange.domain.com SSL Cert.  Any quick fix anybody can think of?  I'm going to start chipping at it now so if I get it before somebody responds i'll post my results.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Shreedhar EtteCommented:
Hi,

Refer this article:
http://support.microsoft.com/kb/940726

Hope this helps,
Shree
0
MistalaniousAuthor Commented:
Buying a cheap SSL Cert from a CA was the quick, cheap, and easiest way to go.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Servers

From novice to tech pro — start learning today.