Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Outlook 2007 and Exchange 2010 connection error

Posted on 2010-09-08
15
Medium Priority
?
1,132 Views
Last Modified: 2012-06-21
Good morning,

All of a sudden we are having issues connecting to Exchange locally via Outlook 2007.  Up to this point everything has been running great.

NOTE:  domain specific information was purposely stripped from the returns.

Outlook Error message:
There is a problem with the proxy server's security certificate. The name on the security certificate is invalid or does not match the name of the target site owa.domain.com

Below are all of the relevant tests run across the environment.  Any assistance that can be offered would be greatly appreciated.

Outlook is unable to connect to the proxy server. (Error Code 0).

Get-ClientAccessServer | fl results

[PS] C:\Windows\system32>Get-ClientAccessServer | fl

RunspaceId                           : 296359f6-5360-4b9e-af4d-6d78f373993a
Name                                 : name
Fqdn                                 : name.domain.net
OutlookAnywhereEnabled               : True
AutoDiscoverServiceCN                : name
AutoDiscoverServiceClassName         : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri       : https://owa.domain.com/autodiscover/autodiscover.xml
AutoDiscoverServiceGuid              : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
AutoDiscoverSiteScope                : {Default-First-Site-Name}
AlternateServiceAccountConfiguration :
IsValid                              : True
ExchangeVersion                      : 0.1 (8.0.535.0)
DistinguishedName                    : CN=name,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Adm
                                       inistrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Co
                                       nfiguration,DC=domain,DC=net
Identity                             : CERBERUS
Guid                                 : 979d7737-8d41-49ae-abba-3aaec998b85d
ObjectCategory                       : domain Configuration/Schema/ms-Exch-Exchange-Server
ObjectClass                          : {top, server, msExchExchangeServer}
WhenChanged                          : 7/22/2010 1:36:41 PM
WhenCreated                          : 7/22/2010 1:09:03 PM
WhenChangedUTC                       : 7/22/2010 7:36:41 PM
WhenCreatedUTC                       : 7/22/2010 7:09:03 PM
OrganizationId                       :
OriginatingServer                    : name.domain.net

Get-ExchangeCertificate results:

Thumbprint                                Services   Subject
----------                                --------   -------
B0303392A628CA56B061E79D48D9B7F7602C0346  ....S.     CN=owa.name.com, OU=PositiveSSL, OU=Hosted by Register.com, ...

Get-ExchangeCertificate B0303392A628CA56B061E79D48D9B7F7602C0346 | fl

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR
                     ule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {owa.name.com, www.owa.name.com}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=Register.com CA SSL Services (DV), O=Register.com, C=US
NotAfter           : 7/31/2011 5:59:59 PM
NotBefore          : 7/30/2010 6:00:00 PM
PublicKeySize      : 2048
RootCAType         : ThirdParty
SerialNumber       : number
Services           : SMTP
Status             : Valid
Subject            : CN=owa.name.com, OU=PositiveSSL, OU=Hosted by Register.com, OU=Domain Control Validated
Thumbprint         : B0303392A628CA56B061E79D48D9B7F7602C0346
DF77C9F6427DC118287298BF020F436C471AE7C9  ....S.     CN=name
0
Comment
Question by:jjl505
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 4
  • 3
15 Comments
 

Author Comment

by:jjl505
ID: 33628087
Adding our external OWA is working fine.

Outlook Anywhere and internal Outlook is down.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33628093
AutoDiscoverServiceInternalUri       : https://owa.domain.com/autodiscover/autodiscover.xml

a) Do you have an internal DNS entry for owa.domain.com - pointing to lan ip of exchange

If not

then run this

Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri:"https://mail.domain.LOCAL/Autodiscover/Autodiscover.xml"


Get-AutodiscoverVirtualDirectory | set-AutodiscoverVirtualDirectory -InternalUrl:"https://mail.domain.LOCAL/Autodiscover/Autodiscover.xml"

 
0
 

Author Comment

by:jjl505
ID: 33628130
We do have a DNS entry pointing to the internal IP address of the Exchange server.

DNS

internal.net
--exchange server name = internal IP

external.com
--owa = internal IP
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 28

Accepted Solution

by:
sunnyc7 earned 1000 total points
ID: 33628138
Next
UCC/SAN certificate

Your certificate has which names ?
internal.net
or
external.com ?
0
 

Author Comment

by:jjl505
ID: 33628150
Get-AutodiscoverVirtualDirector points to https://owa.damain.com/autodiscover/autodiscover.xml

Manually navigating to the above address results in:

 <?xml version="1.0" encoding="utf-8" ?>
- <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
- <Response>
- <Error Time="09:25:38.9738530" Id="746485907">
  <ErrorCode>600</ErrorCode>
  <Message>Invalid Request</Message>
  <DebugData />
  </Error>
  </Response>
  </Autodiscover>
0
 

Author Comment

by:jjl505
ID: 33628164
Certificate has owa.domain.com valid through 7.31.2011
0
 
LVL 7

Expert Comment

by:Firmin Frederick
ID: 33628329
I suspect a Microsoft update has caused this as i have had it for myself and a number of my clients and it was resolved simply by creating a self signed certificate (on the cheap side) or you can opt for a professional one because it eliminates website & certificate warnings about trusted sources.  I was trying to get a screenshot for you but I'm pressed for time.

What I remember is that to self sign required steps through IIS not through exchange as most posts will suggest.  Once you have the cetificate validated with your send connector/receive connector you will eliminate this problem.

I used the error message from the event log to help track down the solution and it was something like SMTP failed to deliver....TLS authentication...domain name not in certificate.

Sorry to be vague but I'm not at my server!
0
 

Author Comment

by:jjl505
ID: 33628460
Oddly enough there have been no updates applied to either the CAS or Mailbox servers.  

The event logs do not show anything regarding SMPT failures, TLS, etc...
0
 
LVL 7

Expert Comment

by:Firmin Frederick
ID: 33628986
ok fair enough, can you confirm whether you have a certificate, self signed or otherwise?

0
 
LVL 7

Assisted Solution

by:Firmin Frederick
Firmin Frederick earned 1000 total points
ID: 33629000
"There is a problem with the proxy server's security certificate. The name on the security certificate is invalid or does not match the name of the target site owa.domain.comThere is a problem  with the proxy server's security certificate. The name on the security  certificate is invalid or does not match the name of the target site  owa.domain.com"

this is the essence of your problem and can be resolved by creating a new certificate it just depneds on whether it is self signed or bought
0
 

Author Comment

by:jjl505
ID: 33629043
3rd party certificate...

Get-ExchangeCertificate B0303392A628CA56B061E79D48D9B7F7602C0346 | fl

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR
                     ule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {owa.name.com, www.owa.name.com}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=Register.com CA SSL Services (DV), O=Register.com, C=US
NotAfter           : 7/31/2011 5:59:59 PM
NotBefore          : 7/30/2010 6:00:00 PM
PublicKeySize      : 2048
RootCAType         : ThirdParty
SerialNumber       : number
Services           : SMTP
Status             : Valid
Subject            : CN=owa.name.com, OU=PositiveSSL, OU=Hosted by Register.com, OU=Domain Control Validated
Thumbprint         : B0303392A628CA56B061E79D48D9B7F7602C0346
DF77C9F6427DC118287298BF020F436C471AE7C9  ....S.     CN=name

It's in the system...i'm not sure why i need to do another certificate...
0
 

Author Comment

by:jjl505
ID: 33629245
I am removing the installed cert and attempting to re-import it.
0
 

Author Comment

by:jjl505
ID: 33629353
I am not sure why the certificate that was installed all of a sudden because remedial.  Removing the installed cert and then reimporting it seems to have done the trick.  I will do my best to award the appropriate points.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33630048
thanks jj505 for the points :)
0
 
LVL 7

Expert Comment

by:Firmin Frederick
ID: 33662521
I'm glad you were able to resolve the issue :)
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
By default Outlook 2016 displays only one time zone in the Calendar. The following article explains how to display two time zones in one calendar view.
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question