Solved

Outlook 2007 and Exchange 2010 connection error

Posted on 2010-09-08
15
1,127 Views
Last Modified: 2012-06-21
Good morning,

All of a sudden we are having issues connecting to Exchange locally via Outlook 2007.  Up to this point everything has been running great.

NOTE:  domain specific information was purposely stripped from the returns.

Outlook Error message:
There is a problem with the proxy server's security certificate. The name on the security certificate is invalid or does not match the name of the target site owa.domain.com

Below are all of the relevant tests run across the environment.  Any assistance that can be offered would be greatly appreciated.

Outlook is unable to connect to the proxy server. (Error Code 0).

Get-ClientAccessServer | fl results

[PS] C:\Windows\system32>Get-ClientAccessServer | fl

RunspaceId                           : 296359f6-5360-4b9e-af4d-6d78f373993a
Name                                 : name
Fqdn                                 : name.domain.net
OutlookAnywhereEnabled               : True
AutoDiscoverServiceCN                : name
AutoDiscoverServiceClassName         : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri       : https://owa.domain.com/autodiscover/autodiscover.xml
AutoDiscoverServiceGuid              : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
AutoDiscoverSiteScope                : {Default-First-Site-Name}
AlternateServiceAccountConfiguration :
IsValid                              : True
ExchangeVersion                      : 0.1 (8.0.535.0)
DistinguishedName                    : CN=name,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Adm
                                       inistrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Co
                                       nfiguration,DC=domain,DC=net
Identity                             : CERBERUS
Guid                                 : 979d7737-8d41-49ae-abba-3aaec998b85d
ObjectCategory                       : domain Configuration/Schema/ms-Exch-Exchange-Server
ObjectClass                          : {top, server, msExchExchangeServer}
WhenChanged                          : 7/22/2010 1:36:41 PM
WhenCreated                          : 7/22/2010 1:09:03 PM
WhenChangedUTC                       : 7/22/2010 7:36:41 PM
WhenCreatedUTC                       : 7/22/2010 7:09:03 PM
OrganizationId                       :
OriginatingServer                    : name.domain.net

Get-ExchangeCertificate results:

Thumbprint                                Services   Subject
----------                                --------   -------
B0303392A628CA56B061E79D48D9B7F7602C0346  ....S.     CN=owa.name.com, OU=PositiveSSL, OU=Hosted by Register.com, ...

Get-ExchangeCertificate B0303392A628CA56B061E79D48D9B7F7602C0346 | fl

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR
                     ule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {owa.name.com, www.owa.name.com}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=Register.com CA SSL Services (DV), O=Register.com, C=US
NotAfter           : 7/31/2011 5:59:59 PM
NotBefore          : 7/30/2010 6:00:00 PM
PublicKeySize      : 2048
RootCAType         : ThirdParty
SerialNumber       : number
Services           : SMTP
Status             : Valid
Subject            : CN=owa.name.com, OU=PositiveSSL, OU=Hosted by Register.com, OU=Domain Control Validated
Thumbprint         : B0303392A628CA56B061E79D48D9B7F7602C0346
DF77C9F6427DC118287298BF020F436C471AE7C9  ....S.     CN=name
0
Comment
Question by:jjl505
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 4
  • 3
15 Comments
 

Author Comment

by:jjl505
ID: 33628087
Adding our external OWA is working fine.

Outlook Anywhere and internal Outlook is down.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33628093
AutoDiscoverServiceInternalUri       : https://owa.domain.com/autodiscover/autodiscover.xml

a) Do you have an internal DNS entry for owa.domain.com - pointing to lan ip of exchange

If not

then run this

Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri:"https://mail.domain.LOCAL/Autodiscover/Autodiscover.xml"


Get-AutodiscoverVirtualDirectory | set-AutodiscoverVirtualDirectory -InternalUrl:"https://mail.domain.LOCAL/Autodiscover/Autodiscover.xml"

 
0
 

Author Comment

by:jjl505
ID: 33628130
We do have a DNS entry pointing to the internal IP address of the Exchange server.

DNS

internal.net
--exchange server name = internal IP

external.com
--owa = internal IP
0
Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

 
LVL 28

Accepted Solution

by:
sunnyc7 earned 250 total points
ID: 33628138
Next
UCC/SAN certificate

Your certificate has which names ?
internal.net
or
external.com ?
0
 

Author Comment

by:jjl505
ID: 33628150
Get-AutodiscoverVirtualDirector points to https://owa.damain.com/autodiscover/autodiscover.xml

Manually navigating to the above address results in:

 <?xml version="1.0" encoding="utf-8" ?>
- <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
- <Response>
- <Error Time="09:25:38.9738530" Id="746485907">
  <ErrorCode>600</ErrorCode>
  <Message>Invalid Request</Message>
  <DebugData />
  </Error>
  </Response>
  </Autodiscover>
0
 

Author Comment

by:jjl505
ID: 33628164
Certificate has owa.domain.com valid through 7.31.2011
0
 
LVL 6

Expert Comment

by:SHIELD1
ID: 33628329
I suspect a Microsoft update has caused this as i have had it for myself and a number of my clients and it was resolved simply by creating a self signed certificate (on the cheap side) or you can opt for a professional one because it eliminates website & certificate warnings about trusted sources.  I was trying to get a screenshot for you but I'm pressed for time.

What I remember is that to self sign required steps through IIS not through exchange as most posts will suggest.  Once you have the cetificate validated with your send connector/receive connector you will eliminate this problem.

I used the error message from the event log to help track down the solution and it was something like SMTP failed to deliver....TLS authentication...domain name not in certificate.

Sorry to be vague but I'm not at my server!
0
 

Author Comment

by:jjl505
ID: 33628460
Oddly enough there have been no updates applied to either the CAS or Mailbox servers.  

The event logs do not show anything regarding SMPT failures, TLS, etc...
0
 
LVL 6

Expert Comment

by:SHIELD1
ID: 33628986
ok fair enough, can you confirm whether you have a certificate, self signed or otherwise?

0
 
LVL 6

Assisted Solution

by:SHIELD1
SHIELD1 earned 250 total points
ID: 33629000
"There is a problem with the proxy server's security certificate. The name on the security certificate is invalid or does not match the name of the target site owa.domain.comThere is a problem  with the proxy server's security certificate. The name on the security  certificate is invalid or does not match the name of the target site  owa.domain.com"

this is the essence of your problem and can be resolved by creating a new certificate it just depneds on whether it is self signed or bought
0
 

Author Comment

by:jjl505
ID: 33629043
3rd party certificate...

Get-ExchangeCertificate B0303392A628CA56B061E79D48D9B7F7602C0346 | fl

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR
                     ule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {owa.name.com, www.owa.name.com}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=Register.com CA SSL Services (DV), O=Register.com, C=US
NotAfter           : 7/31/2011 5:59:59 PM
NotBefore          : 7/30/2010 6:00:00 PM
PublicKeySize      : 2048
RootCAType         : ThirdParty
SerialNumber       : number
Services           : SMTP
Status             : Valid
Subject            : CN=owa.name.com, OU=PositiveSSL, OU=Hosted by Register.com, OU=Domain Control Validated
Thumbprint         : B0303392A628CA56B061E79D48D9B7F7602C0346
DF77C9F6427DC118287298BF020F436C471AE7C9  ....S.     CN=name

It's in the system...i'm not sure why i need to do another certificate...
0
 

Author Comment

by:jjl505
ID: 33629245
I am removing the installed cert and attempting to re-import it.
0
 

Author Comment

by:jjl505
ID: 33629353
I am not sure why the certificate that was installed all of a sudden because remedial.  Removing the installed cert and then reimporting it seems to have done the trick.  I will do my best to award the appropriate points.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33630048
thanks jj505 for the points :)
0
 
LVL 6

Expert Comment

by:SHIELD1
ID: 33662521
I'm glad you were able to resolve the issue :)
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
When you have clients or friends from around the world, it becomes a challenge to arrange a meeting or effectively manage your time. This is where Outlook's capability to show 2 time zones in one calendar comes in handy.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question