Jeff Rodgers
asked on
Microsoft Exchange Outlook Anywhere SSL Issue
I am having the weirdest of issues. We recently installed Exchange 2010. Everything works and works quite well until I install an SSL SAN Certificate so that we can use Outlook Anywhere.
1. The certificate works when launching Outlook Web Access and generates no errors.
2. When logging in with an Office 2007 Outlook Client, users are prompted with a Security Alert (locally or via Outlook Anywhere). The alert says that The Security Certificate is from a trusted certifying authority, the certificate has expired or is not yet valid and the name on the certificate is invalid.
Viewing the certificate shows an expired certificate from a company we have never heard of www.thesearidge.com .
This is a brand new certificate on a new Exchange 2010 server and everything works except this disconcerting error message. Users can click past the error with no consequences.
A review of all of the certificate services reveals that the certficate does not exist on any of our systems local, computer or system level.
Anyone have any suggestions? I have removed, revoked and created an entirely new cert with the same credentials specifying the same hosts names. Basically I followed the book.
This is very frustrating as I cannot identify the source of the certificate error.
1. The certificate works when launching Outlook Web Access and generates no errors.
2. When logging in with an Office 2007 Outlook Client, users are prompted with a Security Alert (locally or via Outlook Anywhere). The alert says that The Security Certificate is from a trusted certifying authority, the certificate has expired or is not yet valid and the name on the certificate is invalid.
Viewing the certificate shows an expired certificate from a company we have never heard of www.thesearidge.com .
This is a brand new certificate on a new Exchange 2010 server and everything works except this disconcerting error message. Users can click past the error with no consequences.
A review of all of the certificate services reveals that the certficate does not exist on any of our systems local, computer or system level.
Anyone have any suggestions? I have removed, revoked and created an entirely new cert with the same credentials specifying the same hosts names. Basically I followed the book.
This is very frustrating as I cannot identify the source of the certificate error.
ASKER
There are two certificates listed, the default certificate generated when the server was installed and the certificate generated from GoDaddy.
When I view both certificates there is no evidence of the www.thesearidge.com certificate. (we don't know who thesearidge.com is as this is like a phantom, expired certficate)
It is almost like there is a Hash collision or something else going on that is pulling the info from somewhere else.
When I view both certificates there is no evidence of the www.thesearidge.com certificate. (we don't know who thesearidge.com is as this is like a phantom, expired certficate)
It is almost like there is a Hash collision or something else going on that is pulling the info from somewhere else.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I installed this from scratch... Latest MS Iso's, all patches and SP's applied. I'm still new to the latest flavor of exchange, but this is truly bizarre.
Funny thing is removing the GoDaddy cert makes the certifcate warning disappear (but also breaks Outlook Anywhere, and to a lesser degree OWA.)
I will try your suggestions and report back on results.
Funny thing is removing the GoDaddy cert makes the certifcate warning disappear (but also breaks Outlook Anywhere, and to a lesser degree OWA.)
I will try your suggestions and report back on results.
Also
Exchange Management Console
toolbox >
there is a Best Practices Analyzer
Run that and see what that uncovers.
Have a good weekend.
thanks
Exchange Management Console
toolbox >
there is a Best Practices Analyzer
Run that and see what that uncovers.
Have a good weekend.
thanks
ASKER
Using the TestExchangeConnectivity link above, I was able to track the issue back to the autodiscover url which was pointed at the domain extention on the email (*@domainname.com).
Our website is hosted externally, and they had an expired cert on the external domain name which wasn't being used for anything (hence the prompt regarding an expired certificate).
Ran the Configure External Domain names prompt and was able to set things right.
Like I said, I am a newby with Exchange 2010 and was bound to be missing something. Been administering the same old Exchange 2003 box for too many years and got a little rusty.
Thanks for your help!
Our website is hosted externally, and they had an expired cert on the external domain name which wasn't being used for anything (hence the prompt regarding an expired certificate).
Ran the Configure External Domain names prompt and was able to set things right.
Like I said, I am a newby with Exchange 2010 and was bound to be missing something. Been administering the same old Exchange 2003 box for too many years and got a little rusty.
Thanks for your help!
ASKER
Top Marks for pointing an old dog to some new tricks!
Jeff
thanks for the kind words.
Also you can try to document your exchange installation and uncover any configuration issues using some built-in tools with Exchange.
Open Exchange Management Console
Go to toolbox
Go to best practices analyzer
Run a health scan
Click on display informational items.
You can follow the steps / recommendations from the results.
have a good weekend
thanks
thanks for the kind words.
Also you can try to document your exchange installation and uncover any configuration issues using some built-in tools with Exchange.
Open Exchange Management Console
Go to toolbox
Go to best practices analyzer
Run a health scan
Click on display informational items.
You can follow the steps / recommendations from the results.
have a good weekend
thanks
http://smtp25.blogspot.com/2009/09/security-certificate-has-expired-or-is.html
Run
Get-ExchangeCertificate | FL
Are there more than one Certificates listed there ?
Remove the one you dont need.