Solved

Outlook 2007 and Exchange 2010 connection error

Posted on 2010-09-08
15
1,124 Views
Last Modified: 2012-06-21
Good morning,

All of a sudden we are having issues connecting to Exchange locally via Outlook 2007.  Up to this point everything has been running great.

NOTE:  domain specific information was purposely stripped from the returns.

Outlook Error message:
There is a problem with the proxy server's security certificate. The name on the security certificate is invalid or does not match the name of the target site owa.domain.com

Below are all of the relevant tests run across the environment.  Any assistance that can be offered would be greatly appreciated.

Outlook is unable to connect to the proxy server. (Error Code 0).

Get-ClientAccessServer | fl results

[PS] C:\Windows\system32>Get-ClientAccessServer | fl

RunspaceId                           : 296359f6-5360-4b9e-af4d-6d78f373993a
Name                                 : name
Fqdn                                 : name.domain.net
OutlookAnywhereEnabled               : True
AutoDiscoverServiceCN                : name
AutoDiscoverServiceClassName         : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri       : https://owa.domain.com/autodiscover/autodiscover.xml
AutoDiscoverServiceGuid              : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
AutoDiscoverSiteScope                : {Default-First-Site-Name}
AlternateServiceAccountConfiguration :
IsValid                              : True
ExchangeVersion                      : 0.1 (8.0.535.0)
DistinguishedName                    : CN=name,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Adm
                                       inistrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Co
                                       nfiguration,DC=domain,DC=net
Identity                             : CERBERUS
Guid                                 : 979d7737-8d41-49ae-abba-3aaec998b85d
ObjectCategory                       : domain Configuration/Schema/ms-Exch-Exchange-Server
ObjectClass                          : {top, server, msExchExchangeServer}
WhenChanged                          : 7/22/2010 1:36:41 PM
WhenCreated                          : 7/22/2010 1:09:03 PM
WhenChangedUTC                       : 7/22/2010 7:36:41 PM
WhenCreatedUTC                       : 7/22/2010 7:09:03 PM
OrganizationId                       :
OriginatingServer                    : name.domain.net

Get-ExchangeCertificate results:

Thumbprint                                Services   Subject
----------                                --------   -------
B0303392A628CA56B061E79D48D9B7F7602C0346  ....S.     CN=owa.name.com, OU=PositiveSSL, OU=Hosted by Register.com, ...

Get-ExchangeCertificate B0303392A628CA56B061E79D48D9B7F7602C0346 | fl

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR
                     ule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {owa.name.com, www.owa.name.com}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=Register.com CA SSL Services (DV), O=Register.com, C=US
NotAfter           : 7/31/2011 5:59:59 PM
NotBefore          : 7/30/2010 6:00:00 PM
PublicKeySize      : 2048
RootCAType         : ThirdParty
SerialNumber       : number
Services           : SMTP
Status             : Valid
Subject            : CN=owa.name.com, OU=PositiveSSL, OU=Hosted by Register.com, OU=Domain Control Validated
Thumbprint         : B0303392A628CA56B061E79D48D9B7F7602C0346
DF77C9F6427DC118287298BF020F436C471AE7C9  ....S.     CN=name
0
Comment
Question by:jjl505
  • 8
  • 4
  • 3
15 Comments
 

Author Comment

by:jjl505
ID: 33628087
Adding our external OWA is working fine.

Outlook Anywhere and internal Outlook is down.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33628093
AutoDiscoverServiceInternalUri       : https://owa.domain.com/autodiscover/autodiscover.xml

a) Do you have an internal DNS entry for owa.domain.com - pointing to lan ip of exchange

If not

then run this

Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri:"https://mail.domain.LOCAL/Autodiscover/Autodiscover.xml"


Get-AutodiscoverVirtualDirectory | set-AutodiscoverVirtualDirectory -InternalUrl:"https://mail.domain.LOCAL/Autodiscover/Autodiscover.xml"

 
0
 

Author Comment

by:jjl505
ID: 33628130
We do have a DNS entry pointing to the internal IP address of the Exchange server.

DNS

internal.net
--exchange server name = internal IP

external.com
--owa = internal IP
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 28

Accepted Solution

by:
sunnyc7 earned 250 total points
ID: 33628138
Next
UCC/SAN certificate

Your certificate has which names ?
internal.net
or
external.com ?
0
 

Author Comment

by:jjl505
ID: 33628150
Get-AutodiscoverVirtualDirector points to https://owa.damain.com/autodiscover/autodiscover.xml

Manually navigating to the above address results in:

 <?xml version="1.0" encoding="utf-8" ?>
- <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
- <Response>
- <Error Time="09:25:38.9738530" Id="746485907">
  <ErrorCode>600</ErrorCode>
  <Message>Invalid Request</Message>
  <DebugData />
  </Error>
  </Response>
  </Autodiscover>
0
 

Author Comment

by:jjl505
ID: 33628164
Certificate has owa.domain.com valid through 7.31.2011
0
 
LVL 6

Expert Comment

by:SHIELD1
ID: 33628329
I suspect a Microsoft update has caused this as i have had it for myself and a number of my clients and it was resolved simply by creating a self signed certificate (on the cheap side) or you can opt for a professional one because it eliminates website & certificate warnings about trusted sources.  I was trying to get a screenshot for you but I'm pressed for time.

What I remember is that to self sign required steps through IIS not through exchange as most posts will suggest.  Once you have the cetificate validated with your send connector/receive connector you will eliminate this problem.

I used the error message from the event log to help track down the solution and it was something like SMTP failed to deliver....TLS authentication...domain name not in certificate.

Sorry to be vague but I'm not at my server!
0
 

Author Comment

by:jjl505
ID: 33628460
Oddly enough there have been no updates applied to either the CAS or Mailbox servers.  

The event logs do not show anything regarding SMPT failures, TLS, etc...
0
 
LVL 6

Expert Comment

by:SHIELD1
ID: 33628986
ok fair enough, can you confirm whether you have a certificate, self signed or otherwise?

0
 
LVL 6

Assisted Solution

by:SHIELD1
SHIELD1 earned 250 total points
ID: 33629000
"There is a problem with the proxy server's security certificate. The name on the security certificate is invalid or does not match the name of the target site owa.domain.comThere is a problem  with the proxy server's security certificate. The name on the security  certificate is invalid or does not match the name of the target site  owa.domain.com"

this is the essence of your problem and can be resolved by creating a new certificate it just depneds on whether it is self signed or bought
0
 

Author Comment

by:jjl505
ID: 33629043
3rd party certificate...

Get-ExchangeCertificate B0303392A628CA56B061E79D48D9B7F7602C0346 | fl

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR
                     ule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {owa.name.com, www.owa.name.com}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=Register.com CA SSL Services (DV), O=Register.com, C=US
NotAfter           : 7/31/2011 5:59:59 PM
NotBefore          : 7/30/2010 6:00:00 PM
PublicKeySize      : 2048
RootCAType         : ThirdParty
SerialNumber       : number
Services           : SMTP
Status             : Valid
Subject            : CN=owa.name.com, OU=PositiveSSL, OU=Hosted by Register.com, OU=Domain Control Validated
Thumbprint         : B0303392A628CA56B061E79D48D9B7F7602C0346
DF77C9F6427DC118287298BF020F436C471AE7C9  ....S.     CN=name

It's in the system...i'm not sure why i need to do another certificate...
0
 

Author Comment

by:jjl505
ID: 33629245
I am removing the installed cert and attempting to re-import it.
0
 

Author Comment

by:jjl505
ID: 33629353
I am not sure why the certificate that was installed all of a sudden because remedial.  Removing the installed cert and then reimporting it seems to have done the trick.  I will do my best to award the appropriate points.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33630048
thanks jj505 for the points :)
0
 
LVL 6

Expert Comment

by:SHIELD1
ID: 33662521
I'm glad you were able to resolve the issue :)
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Are you unable to connect or configure Hotmail email account in Microsoft Outlook 2010, 2007? Or Outlook.com emails are not downloading to Outlook? Lets’ see the problem and resolve Outlook Connector error syncing folder hierarchy (0x8004102A).
When you have clients or friends from around the world, it becomes a challenge to arrange a meeting or effectively manage your time. This is where Outlook's capability to show 2 time zones in one calendar comes in handy.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question