Solved

Outlook 2007 and Exchange 2010 connection error

Posted on 2010-09-08
15
1,119 Views
Last Modified: 2012-06-21
Good morning,

All of a sudden we are having issues connecting to Exchange locally via Outlook 2007.  Up to this point everything has been running great.

NOTE:  domain specific information was purposely stripped from the returns.

Outlook Error message:
There is a problem with the proxy server's security certificate. The name on the security certificate is invalid or does not match the name of the target site owa.domain.com

Below are all of the relevant tests run across the environment.  Any assistance that can be offered would be greatly appreciated.

Outlook is unable to connect to the proxy server. (Error Code 0).

Get-ClientAccessServer | fl results

[PS] C:\Windows\system32>Get-ClientAccessServer | fl

RunspaceId                           : 296359f6-5360-4b9e-af4d-6d78f373993a
Name                                 : name
Fqdn                                 : name.domain.net
OutlookAnywhereEnabled               : True
AutoDiscoverServiceCN                : name
AutoDiscoverServiceClassName         : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri       : https://owa.domain.com/autodiscover/autodiscover.xml
AutoDiscoverServiceGuid              : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
AutoDiscoverSiteScope                : {Default-First-Site-Name}
AlternateServiceAccountConfiguration :
IsValid                              : True
ExchangeVersion                      : 0.1 (8.0.535.0)
DistinguishedName                    : CN=name,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Adm
                                       inistrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Co
                                       nfiguration,DC=domain,DC=net
Identity                             : CERBERUS
Guid                                 : 979d7737-8d41-49ae-abba-3aaec998b85d
ObjectCategory                       : domain Configuration/Schema/ms-Exch-Exchange-Server
ObjectClass                          : {top, server, msExchExchangeServer}
WhenChanged                          : 7/22/2010 1:36:41 PM
WhenCreated                          : 7/22/2010 1:09:03 PM
WhenChangedUTC                       : 7/22/2010 7:36:41 PM
WhenCreatedUTC                       : 7/22/2010 7:09:03 PM
OrganizationId                       :
OriginatingServer                    : name.domain.net

Get-ExchangeCertificate results:

Thumbprint                                Services   Subject
----------                                --------   -------
B0303392A628CA56B061E79D48D9B7F7602C0346  ....S.     CN=owa.name.com, OU=PositiveSSL, OU=Hosted by Register.com, ...

Get-ExchangeCertificate B0303392A628CA56B061E79D48D9B7F7602C0346 | fl

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR
                     ule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {owa.name.com, www.owa.name.com}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=Register.com CA SSL Services (DV), O=Register.com, C=US
NotAfter           : 7/31/2011 5:59:59 PM
NotBefore          : 7/30/2010 6:00:00 PM
PublicKeySize      : 2048
RootCAType         : ThirdParty
SerialNumber       : number
Services           : SMTP
Status             : Valid
Subject            : CN=owa.name.com, OU=PositiveSSL, OU=Hosted by Register.com, OU=Domain Control Validated
Thumbprint         : B0303392A628CA56B061E79D48D9B7F7602C0346
DF77C9F6427DC118287298BF020F436C471AE7C9  ....S.     CN=name
0
Comment
Question by:jjl505
  • 8
  • 4
  • 3
15 Comments
 

Author Comment

by:jjl505
ID: 33628087
Adding our external OWA is working fine.

Outlook Anywhere and internal Outlook is down.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33628093
AutoDiscoverServiceInternalUri       : https://owa.domain.com/autodiscover/autodiscover.xml

a) Do you have an internal DNS entry for owa.domain.com - pointing to lan ip of exchange

If not

then run this

Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri:"https://mail.domain.LOCAL/Autodiscover/Autodiscover.xml"


Get-AutodiscoverVirtualDirectory | set-AutodiscoverVirtualDirectory -InternalUrl:"https://mail.domain.LOCAL/Autodiscover/Autodiscover.xml"

 
0
 

Author Comment

by:jjl505
ID: 33628130
We do have a DNS entry pointing to the internal IP address of the Exchange server.

DNS

internal.net
--exchange server name = internal IP

external.com
--owa = internal IP
0
 
LVL 28

Accepted Solution

by:
sunnyc7 earned 250 total points
ID: 33628138
Next
UCC/SAN certificate

Your certificate has which names ?
internal.net
or
external.com ?
0
 

Author Comment

by:jjl505
ID: 33628150
Get-AutodiscoverVirtualDirector points to https://owa.damain.com/autodiscover/autodiscover.xml

Manually navigating to the above address results in:

 <?xml version="1.0" encoding="utf-8" ?>
- <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
- <Response>
- <Error Time="09:25:38.9738530" Id="746485907">
  <ErrorCode>600</ErrorCode>
  <Message>Invalid Request</Message>
  <DebugData />
  </Error>
  </Response>
  </Autodiscover>
0
 

Author Comment

by:jjl505
ID: 33628164
Certificate has owa.domain.com valid through 7.31.2011
0
 
LVL 6

Expert Comment

by:SHIELD1
ID: 33628329
I suspect a Microsoft update has caused this as i have had it for myself and a number of my clients and it was resolved simply by creating a self signed certificate (on the cheap side) or you can opt for a professional one because it eliminates website & certificate warnings about trusted sources.  I was trying to get a screenshot for you but I'm pressed for time.

What I remember is that to self sign required steps through IIS not through exchange as most posts will suggest.  Once you have the cetificate validated with your send connector/receive connector you will eliminate this problem.

I used the error message from the event log to help track down the solution and it was something like SMTP failed to deliver....TLS authentication...domain name not in certificate.

Sorry to be vague but I'm not at my server!
0
The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

 

Author Comment

by:jjl505
ID: 33628460
Oddly enough there have been no updates applied to either the CAS or Mailbox servers.  

The event logs do not show anything regarding SMPT failures, TLS, etc...
0
 
LVL 6

Expert Comment

by:SHIELD1
ID: 33628986
ok fair enough, can you confirm whether you have a certificate, self signed or otherwise?

0
 
LVL 6

Assisted Solution

by:SHIELD1
SHIELD1 earned 250 total points
ID: 33629000
"There is a problem with the proxy server's security certificate. The name on the security certificate is invalid or does not match the name of the target site owa.domain.comThere is a problem  with the proxy server's security certificate. The name on the security  certificate is invalid or does not match the name of the target site  owa.domain.com"

this is the essence of your problem and can be resolved by creating a new certificate it just depneds on whether it is self signed or bought
0
 

Author Comment

by:jjl505
ID: 33629043
3rd party certificate...

Get-ExchangeCertificate B0303392A628CA56B061E79D48D9B7F7602C0346 | fl

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR
                     ule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {owa.name.com, www.owa.name.com}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=Register.com CA SSL Services (DV), O=Register.com, C=US
NotAfter           : 7/31/2011 5:59:59 PM
NotBefore          : 7/30/2010 6:00:00 PM
PublicKeySize      : 2048
RootCAType         : ThirdParty
SerialNumber       : number
Services           : SMTP
Status             : Valid
Subject            : CN=owa.name.com, OU=PositiveSSL, OU=Hosted by Register.com, OU=Domain Control Validated
Thumbprint         : B0303392A628CA56B061E79D48D9B7F7602C0346
DF77C9F6427DC118287298BF020F436C471AE7C9  ....S.     CN=name

It's in the system...i'm not sure why i need to do another certificate...
0
 

Author Comment

by:jjl505
ID: 33629245
I am removing the installed cert and attempting to re-import it.
0
 

Author Comment

by:jjl505
ID: 33629353
I am not sure why the certificate that was installed all of a sudden because remedial.  Removing the installed cert and then reimporting it seems to have done the trick.  I will do my best to award the appropriate points.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33630048
thanks jj505 for the points :)
0
 
LVL 6

Expert Comment

by:SHIELD1
ID: 33662521
I'm glad you were able to resolve the issue :)
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now