Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1135
  • Last Modified:

Outlook 2007 and Exchange 2010 connection error

Good morning,

All of a sudden we are having issues connecting to Exchange locally via Outlook 2007.  Up to this point everything has been running great.

NOTE:  domain specific information was purposely stripped from the returns.

Outlook Error message:
There is a problem with the proxy server's security certificate. The name on the security certificate is invalid or does not match the name of the target site owa.domain.com

Below are all of the relevant tests run across the environment.  Any assistance that can be offered would be greatly appreciated.

Outlook is unable to connect to the proxy server. (Error Code 0).

Get-ClientAccessServer | fl results

[PS] C:\Windows\system32>Get-ClientAccessServer | fl

RunspaceId                           : 296359f6-5360-4b9e-af4d-6d78f373993a
Name                                 : name
Fqdn                                 : name.domain.net
OutlookAnywhereEnabled               : True
AutoDiscoverServiceCN                : name
AutoDiscoverServiceClassName         : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri       : https://owa.domain.com/autodiscover/autodiscover.xml
AutoDiscoverServiceGuid              : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
AutoDiscoverSiteScope                : {Default-First-Site-Name}
AlternateServiceAccountConfiguration :
IsValid                              : True
ExchangeVersion                      : 0.1 (8.0.535.0)
DistinguishedName                    : CN=name,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Adm
                                       inistrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Co
                                       nfiguration,DC=domain,DC=net
Identity                             : CERBERUS
Guid                                 : 979d7737-8d41-49ae-abba-3aaec998b85d
ObjectCategory                       : domain Configuration/Schema/ms-Exch-Exchange-Server
ObjectClass                          : {top, server, msExchExchangeServer}
WhenChanged                          : 7/22/2010 1:36:41 PM
WhenCreated                          : 7/22/2010 1:09:03 PM
WhenChangedUTC                       : 7/22/2010 7:36:41 PM
WhenCreatedUTC                       : 7/22/2010 7:09:03 PM
OrganizationId                       :
OriginatingServer                    : name.domain.net

Get-ExchangeCertificate results:

Thumbprint                                Services   Subject
----------                                --------   -------
B0303392A628CA56B061E79D48D9B7F7602C0346  ....S.     CN=owa.name.com, OU=PositiveSSL, OU=Hosted by Register.com, ...

Get-ExchangeCertificate B0303392A628CA56B061E79D48D9B7F7602C0346 | fl

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR
                     ule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {owa.name.com, www.owa.name.com}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=Register.com CA SSL Services (DV), O=Register.com, C=US
NotAfter           : 7/31/2011 5:59:59 PM
NotBefore          : 7/30/2010 6:00:00 PM
PublicKeySize      : 2048
RootCAType         : ThirdParty
SerialNumber       : number
Services           : SMTP
Status             : Valid
Subject            : CN=owa.name.com, OU=PositiveSSL, OU=Hosted by Register.com, OU=Domain Control Validated
Thumbprint         : B0303392A628CA56B061E79D48D9B7F7602C0346
DF77C9F6427DC118287298BF020F436C471AE7C9  ....S.     CN=name
0
jjl505
Asked:
jjl505
  • 8
  • 4
  • 3
2 Solutions
 
jjl505Author Commented:
Adding our external OWA is working fine.

Outlook Anywhere and internal Outlook is down.
0
 
sunnyc7Commented:
AutoDiscoverServiceInternalUri       : https://owa.domain.com/autodiscover/autodiscover.xml

a) Do you have an internal DNS entry for owa.domain.com - pointing to lan ip of exchange

If not

then run this

Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri:"https://mail.domain.LOCAL/Autodiscover/Autodiscover.xml"


Get-AutodiscoverVirtualDirectory | set-AutodiscoverVirtualDirectory -InternalUrl:"https://mail.domain.LOCAL/Autodiscover/Autodiscover.xml"

 
0
 
jjl505Author Commented:
We do have a DNS entry pointing to the internal IP address of the Exchange server.

DNS

internal.net
--exchange server name = internal IP

external.com
--owa = internal IP
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
sunnyc7Commented:
Next
UCC/SAN certificate

Your certificate has which names ?
internal.net
or
external.com ?
0
 
jjl505Author Commented:
Get-AutodiscoverVirtualDirector points to https://owa.damain.com/autodiscover/autodiscover.xml

Manually navigating to the above address results in:

 <?xml version="1.0" encoding="utf-8" ?>
- <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
- <Response>
- <Error Time="09:25:38.9738530" Id="746485907">
  <ErrorCode>600</ErrorCode>
  <Message>Invalid Request</Message>
  <DebugData />
  </Error>
  </Response>
  </Autodiscover>
0
 
jjl505Author Commented:
Certificate has owa.domain.com valid through 7.31.2011
0
 
Firmin FrederickSenior IT ConsultantCommented:
I suspect a Microsoft update has caused this as i have had it for myself and a number of my clients and it was resolved simply by creating a self signed certificate (on the cheap side) or you can opt for a professional one because it eliminates website & certificate warnings about trusted sources.  I was trying to get a screenshot for you but I'm pressed for time.

What I remember is that to self sign required steps through IIS not through exchange as most posts will suggest.  Once you have the cetificate validated with your send connector/receive connector you will eliminate this problem.

I used the error message from the event log to help track down the solution and it was something like SMTP failed to deliver....TLS authentication...domain name not in certificate.

Sorry to be vague but I'm not at my server!
0
 
jjl505Author Commented:
Oddly enough there have been no updates applied to either the CAS or Mailbox servers.  

The event logs do not show anything regarding SMPT failures, TLS, etc...
0
 
Firmin FrederickSenior IT ConsultantCommented:
ok fair enough, can you confirm whether you have a certificate, self signed or otherwise?

0
 
Firmin FrederickSenior IT ConsultantCommented:
"There is a problem with the proxy server's security certificate. The name on the security certificate is invalid or does not match the name of the target site owa.domain.comThere is a problem  with the proxy server's security certificate. The name on the security  certificate is invalid or does not match the name of the target site  owa.domain.com"

this is the essence of your problem and can be resolved by creating a new certificate it just depneds on whether it is self signed or bought
0
 
jjl505Author Commented:
3rd party certificate...

Get-ExchangeCertificate B0303392A628CA56B061E79D48D9B7F7602C0346 | fl

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR
                     ule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {owa.name.com, www.owa.name.com}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=Register.com CA SSL Services (DV), O=Register.com, C=US
NotAfter           : 7/31/2011 5:59:59 PM
NotBefore          : 7/30/2010 6:00:00 PM
PublicKeySize      : 2048
RootCAType         : ThirdParty
SerialNumber       : number
Services           : SMTP
Status             : Valid
Subject            : CN=owa.name.com, OU=PositiveSSL, OU=Hosted by Register.com, OU=Domain Control Validated
Thumbprint         : B0303392A628CA56B061E79D48D9B7F7602C0346
DF77C9F6427DC118287298BF020F436C471AE7C9  ....S.     CN=name

It's in the system...i'm not sure why i need to do another certificate...
0
 
jjl505Author Commented:
I am removing the installed cert and attempting to re-import it.
0
 
jjl505Author Commented:
I am not sure why the certificate that was installed all of a sudden because remedial.  Removing the installed cert and then reimporting it seems to have done the trick.  I will do my best to award the appropriate points.
0
 
sunnyc7Commented:
thanks jj505 for the points :)
0
 
Firmin FrederickSenior IT ConsultantCommented:
I'm glad you were able to resolve the issue :)
0

Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

  • 8
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now