Starting this morning, my Windows XP users with Outlook 2007 are not able to connect to their mailboxes on the SBS 2008 box using RPC over HTTPS. Regular MAPI works fine. Outlook 2003 users are not having problems. Users with Outlook 2007 on Vista or Win 7 are not having problems either.
I made a change over the weekend to the SSL certificate, but I don't see what would have caused it. But it must have.
For the last month, I had a single name SSL cert for remote.domain.com. All clients worked fine with that cert (including XP with Outlook 2007 users).
However, my autodiscover was a problem because my nameserver doesn't support SRV records.
So I created a UCC/SAN cert that included mail.domain.com, remote.domain.com, and autodiscover.domain.com. I successfully installed that cert using this method:
The method above worked fine. The primary name on my cert is mail.domain.com and I can go to remote.domain.com in a browser and the cert works and is trusted.
But what's so odd is that this problem seems isolated to Windows XP users with Outlook 2007 using RPC over HTTPS. This includes users on the LAN and users off-site. What they get is they open Outlook, it prompts for password as normal (username is already populated or can be retyped as internaldomain\username) but when you enter the password, the prompt reappears as though it doesn't recognize the user/pass. But the user/pass and the setup are correct. I'm using the typical SBS setup for RPC over HTTPS where the URL to connect to is remote.domain.com and you tell it to connect to proxy servers that only have this principal name in their certificate: msstd:remote.domain.com
I typically tell it to use RPC over HTTPS on fast and slow connections so that users have a common interface when opening Outlook no matter where they are. I also set it up for basic authentication (just reviewing the setup so you know I'm doing it right).
From my perspective, things worked fine for a month on the single name SSL cert. Then I added the UCC/SAN cert, and that's when my XP + Outlook 07 users started having problems.