GordonLiq
asked on
Outlook cannot connect over VPN
Hi,
I have an exchange server 2007 installed on windows 2003.
And a terminal server install outlook 2007 connect to exchange over the VPN.
recently , every time I open the outlook , it ask me to type the username and password again
and then I get this message
There is a problem with the proxy server's security certificate, %s. The name on the security certificate is invalid or does not match the name of the site. Outlook is unable to connect to this server. (%s)
I have installed a certificate for server as webmail.domain.com , it used for outlook web access
I thought maybe this cause the problem , the certificate should be mail.domain.com
but I dont want to change the webaccess url .
can I still keep the web access as webmail.domain.com and fix the outlook to conect well?
I have an exchange server 2007 installed on windows 2003.
And a terminal server install outlook 2007 connect to exchange over the VPN.
recently , every time I open the outlook , it ask me to type the username and password again
and then I get this message
There is a problem with the proxy server's security certificate, %s. The name on the security certificate is invalid or does not match the name of the site. Outlook is unable to connect to this server. (%s)
I have installed a certificate for server as webmail.domain.com , it used for outlook web access
I thought maybe this cause the problem , the certificate should be mail.domain.com
but I dont want to change the webaccess url .
can I still keep the web access as webmail.domain.com and fix the outlook to conect well?
Or,
Please follow the article - http://support.microsoft.com/kb/940726
and also http://support.microsoft.com/kb/927612
Hope this helps
Thanks
Mohammed
Please follow the article - http://support.microsoft.com/kb/940726
and also http://support.microsoft.com/kb/927612
Hope this helps
Thanks
Mohammed
http://www.petri.co.il/save-your-exchange-password-in-microsoft-outlook-2003-or-2007.htm
Method #2 works for most of my XP/2003 users. Your mileage may vary though.
Method #2 works for most of my XP/2003 users. Your mileage may vary though.
ASKER
in http://support.microsoft.com/kb/927612
This problem occurs if the following Service Principal Names are registered on the Exchange server and if the Exchange server is not a global catalog server:
that describe my situation , My exchange server is a domain controller but not GC, should change this server as GC?
This problem occurs if the following Service Principal Names are registered on the Exchange server and if the Exchange server is not a global catalog server:
that describe my situation , My exchange server is a domain controller but not GC, should change this server as GC?
Yes. Exchange relies heavily on having access to a GC. If it's already a DC then its good practice to go ahead and make it a GC so that if the other DC is down you don't have problems with your email.
ASKER
And should change the primary DNS Ip to myself ?
It is point to one of the GC before.
It is point to one of the GC before.
Yes!
that will do. Change the Host Ip to point to the Exchange server if you promoting Exchange server DC as GC.
Please try that and revert back if you have issues.
Awaiting for ur comment
Thanks
Mohammed
that will do. Change the Host Ip to point to the Exchange server if you promoting Exchange server DC as GC.
Please try that and revert back if you have issues.
Awaiting for ur comment
Thanks
Mohammed
ASKER
I will do that when I in office, somethine change the DNS make the network disconnect and need a clean shutdown.
Ok.
Please do not do that >> Have Exchange installed on a server with GC role.
Exchange relies heavily on GC to do AD-lookups. This is a bad idea @ upgrading a DC to GC role
http://www.computerperformance.co.uk/exchange2003/exchange2003_global_catalog.htm#Why_does_Exchange_2003_need_Global_Catalog_Servers_
Exchange relies heavily on GC to do AD-lookups. This is a bad idea @ upgrading a DC to GC role
http://www.computerperformance.co.uk/exchange2003/exchange2003_global_catalog.htm#Why_does_Exchange_2003_need_Global_Catalog_Servers_
ASKER
Change the Exchange box from DC to GC does not help. still get that message, but outlook can connect.
ASKER
In
http://support.microsoft.com/kb/927612
It says:
* You replace the default self-signed Exchange Server 2007 or Exchange Server 2010 certificate with a different certificate.
Note The Setup program in Exchange Server 2007 or in Exchange Server 2010 creates a default self-signed certificate when Exchange Server 2007 or Exchange Server 2010 is installed.
* The common name on the replacement certificate does not match the fully qualified domain name (FQDN) of the URL that is stored in the following objects:
o The Service Connection Point object for the Autodiscover service
o The InternalUrl attribute of Exchange 2007 Web Service (EWS)
o The InternalUrl attribute of the Offline Address Book Web service
o The InternalUrl attribute of the Exchange unified messaging (UM) Web service
Is that means that my default certificate is
svremail.localdomain but I install the webmail.domain.com to replace it?
how can I check the current insatlled certificate.
http://support.microsoft.com/kb/927612
It says:
* You replace the default self-signed Exchange Server 2007 or Exchange Server 2010 certificate with a different certificate.
Note The Setup program in Exchange Server 2007 or in Exchange Server 2010 creates a default self-signed certificate when Exchange Server 2007 or Exchange Server 2010 is installed.
* The common name on the replacement certificate does not match the fully qualified domain name (FQDN) of the URL that is stored in the following objects:
o The Service Connection Point object for the Autodiscover service
o The InternalUrl attribute of Exchange 2007 Web Service (EWS)
o The InternalUrl attribute of the Offline Address Book Web service
o The InternalUrl attribute of the Exchange unified messaging (UM) Web service
Is that means that my default certificate is
svremail.localdomain but I install the webmail.domain.com to replace it?
how can I check the current insatlled certificate.
You should not change Exchange to Global Catalog. That messes up a lot of things.
GC has nothing to do with cert mismatch prompts.
a) Check the last section on registry settings here
http://technet.microsoft.com/en-us/library/cc179161(office.12).aspx
b) copy paste the output of this here
get-clientaccesserver | fl
get-autodiscovervirtualdir
get-exchangecertificate | fl
GC has nothing to do with cert mismatch prompts.
a) Check the last section on registry settings here
http://technet.microsoft.com/en-us/library/cc179161(office.12).aspx
b) copy paste the output of this here
get-clientaccesserver | fl
get-autodiscovervirtualdir
get-exchangecertificate | fl
Your UCC/SAN Cert should have the 4 following domains
mail.domain.com (external fqdn)
autodiscover.domain.com (external autodiscover)
mailservername.domain.loca
mailserver (internal mail server name)
Given that you have a cert for webmail.domain.com - which is also used by OWA,
what you need to do is
a) create an A-record in your local DNS (which is used by terminal server)
for
webmail.domain.com - to point to LAN IP of exchange server.
b) then add the users account in outlook - by going to webmail.domain.com - as servername
Also check the prior post on registry settings for TS install of Outlook 2007 in Ex 2007 env.
mail.domain.com (external fqdn)
autodiscover.domain.com (external autodiscover)
mailservername.domain.loca
mailserver (internal mail server name)
Given that you have a cert for webmail.domain.com - which is also used by OWA,
what you need to do is
a) create an A-record in your local DNS (which is used by terminal server)
for
webmail.domain.com - to point to LAN IP of exchange server.
b) then add the users account in outlook - by going to webmail.domain.com - as servername
Also check the prior post on registry settings for TS install of Outlook 2007 in Ex 2007 env.
ASKER
I have done
a) create an A-record in your local DNS (which is used by terminal server)
for
webmail.domain.com - to point to LAN IP of exchange server
the A-record is point to the internet IP of exchange before.
but it still does not work ,
I still get this message when I login from My laptop in office.
I have done a ipconfig /flushdns to clear the DNS before I try from my laptop
a) create an A-record in your local DNS (which is used by terminal server)
for
webmail.domain.com - to point to LAN IP of exchange server
the A-record is point to the internet IP of exchange before.
but it still does not work ,
I still get this message when I login from My laptop in office.
I have done a ipconfig /flushdns to clear the DNS before I try from my laptop
Please post the gets in above post
ASKER
[PS] C:\Documents and Settings\admin>get-autodis
Name : Autodiscover (Default Web Site)
InternalAuthenticationMeth
ExternalAuthenticationMeth
BasicAuthentication : False
DigestAuthentication : False
WindowsAuthentication : True
MetabasePath : IIS://svr02.aaa.local/W3SV
Path : C:\Program Files\Microsoft\Exchange Server\Clie
ntAccess\Autodiscover
Server : SVR02
InternalUrl :
ExternalUrl :
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=Autodiscover (Default Web Site),CN=HTTP,CN=P
rotocols,CN=SVR02,CN=Serve
strative Group (FYDIBOHF23SPDLT),CN=Admin
ive Groups,CN=aaa Care Management,CN=Microsoft
Exchange,CN=Services,CN=Co
=local
Identity : SVR02\Autodiscover (Default Web Site)
Guid : 3ec7186e-4c5f-4712-a989-35
ObjectCategory : aaa.local/Configuration/Sc
cover-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchAutoDiscove
rVirtualDirectory}
WhenChanged : 14/07/2009 11:31:52 AM
WhenCreated : 14/07/2009 11:31:52 AM
OriginatingServer : svr02.aaa.local
IsValid : True
[PS] C:\Documents and Settings\admin>get-exchang
AccessRules : {System.Security.AccessCon
.Security.AccessControl.Cr
CertificateDomains : {webmail.aaacare.com.au}
HasPrivateKey : True
IsSelfSigned : False
Issuer : E=premium-server@thawte.co
OU=Certification Services Division, O=Thawte Consulting cc
, L=Cape Town, S=Western Cape, C=ZA
NotAfter : 21/11/2010 9:59:59 AM
NotBefore : 20/11/2008 10:00:00 AM
PublicKeySize : 1024
RootCAType : ThirdParty
SerialNumber : 311C5AF0072427F9A57220D8E4
Services : IIS
Status : Valid
Subject : CN=webmail.aaacare.com.au,
are Management, L=Toowoomba, S=Queensland, C=AU
Thumbprint : 559BDE0CA62D90BA7D3127B624
AccessRules : {System.Security.AccessCon
.Security.AccessControl.Cr
CertificateDomains : {svr02.aaacare.local}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=svr02.aaacare.local
NotAfter : 17/07/2009 10:19:42 PM
NotBefore : 17/07/2008 4:19:42 PM
PublicKeySize : 2048
RootCAType : Unknown
SerialNumber : 6FE76E48E61A8747E41EF8CE55
Services : None
Status : Invalid
Subject : CN=svr02.aaacare.local
Thumbprint : CD7D3F19EABAD3BC7B967ADB61
AccessRules : {System.Security.AccessCon
.Security.AccessControl.Cr
CertificateDomains : {mail.aaacare.com.au}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=aaa Intranet, DC=aaa, DC=local
NotAfter : 17/07/2010 3:59:18 PM
NotBefore : 17/07/2008 3:59:18 PM
PublicKeySize : 1024
RootCAType : Unknown
SerialNumber : 2077C76E000000000006
Services : None
Status : Invalid
Subject : CN=mail.aaacare.com.au, OU=aaa Care Management, O=aaa Care
Management, L=Toowoomba, S=Queensland, C=AU
Thumbprint : 7BEBD0675A70B9A4F06A5C581B
AccessRules : {System.Security.AccessCon
.Security.AccessControl.Cr
ty.AccessControl.CryptoKey
CertificateDomains : {svr02, svr02.aaa.local}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=svr02
NotAfter : 9/07/2009 1:35:41 PM
NotBefore : 9/07/2008 1:35:41 PM
PublicKeySize : 2048
RootCAType : Unknown
SerialNumber : A88B06C7DED91C9744981C5309
Services : IMAP, POP, SMTP
Status : Invalid
Subject : CN=svr02
Thumbprint : E3917918EBB7EEFD10DCE2A755
[PS] C:\Documents and Settings\admin>get-clienta
Name : SVR02
OutlookAnywhereEnabled : True
AutoDiscoverServiceCN : svr02
AutoDiscoverServiceClassNa
AutoDiscoverServiceInterna
todiscover.xml
AutoDiscoverServiceGuid : 77378f46-2c66-4aa9-a6a6-3e
AutoDiscoverSiteScope : {Default-First-Site}
IsValid : True
OriginatingServer : svr02.aaa.local
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=SVR02,CN=Servers,CN=Exc
Group (FYDIBOHF23SPDLT),CN=Admin
ups,CN=aaa Care Management,CN=Microsoft Exchan
ge,CN=Services,CN=Configur
l
Identity : SVR02
Guid : c0d6953a-0142-41b9-b473-9c
ObjectCategory : aaa.local/Configuration/Sc
e-Server
ObjectClass : {top, server, msExchExchangeServer}
WhenChanged : 13/08/2008 9:58:34 AM
WhenCreated : 9/07/2007 12:17:21 PM
[PS] C:\Documents and Settings\admin>
Name : Autodiscover (Default Web Site)
InternalAuthenticationMeth
ExternalAuthenticationMeth
BasicAuthentication : False
DigestAuthentication : False
WindowsAuthentication : True
MetabasePath : IIS://svr02.aaa.local/W3SV
Path : C:\Program Files\Microsoft\Exchange Server\Clie
ntAccess\Autodiscover
Server : SVR02
InternalUrl :
ExternalUrl :
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=Autodiscover (Default Web Site),CN=HTTP,CN=P
rotocols,CN=SVR02,CN=Serve
strative Group (FYDIBOHF23SPDLT),CN=Admin
ive Groups,CN=aaa Care Management,CN=Microsoft
Exchange,CN=Services,CN=Co
=local
Identity : SVR02\Autodiscover (Default Web Site)
Guid : 3ec7186e-4c5f-4712-a989-35
ObjectCategory : aaa.local/Configuration/Sc
cover-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchAutoDiscove
rVirtualDirectory}
WhenChanged : 14/07/2009 11:31:52 AM
WhenCreated : 14/07/2009 11:31:52 AM
OriginatingServer : svr02.aaa.local
IsValid : True
[PS] C:\Documents and Settings\admin>get-exchang
AccessRules : {System.Security.AccessCon
.Security.AccessControl.Cr
CertificateDomains : {webmail.aaacare.com.au}
HasPrivateKey : True
IsSelfSigned : False
Issuer : E=premium-server@thawte.co
OU=Certification Services Division, O=Thawte Consulting cc
, L=Cape Town, S=Western Cape, C=ZA
NotAfter : 21/11/2010 9:59:59 AM
NotBefore : 20/11/2008 10:00:00 AM
PublicKeySize : 1024
RootCAType : ThirdParty
SerialNumber : 311C5AF0072427F9A57220D8E4
Services : IIS
Status : Valid
Subject : CN=webmail.aaacare.com.au,
are Management, L=Toowoomba, S=Queensland, C=AU
Thumbprint : 559BDE0CA62D90BA7D3127B624
AccessRules : {System.Security.AccessCon
.Security.AccessControl.Cr
CertificateDomains : {svr02.aaacare.local}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=svr02.aaacare.local
NotAfter : 17/07/2009 10:19:42 PM
NotBefore : 17/07/2008 4:19:42 PM
PublicKeySize : 2048
RootCAType : Unknown
SerialNumber : 6FE76E48E61A8747E41EF8CE55
Services : None
Status : Invalid
Subject : CN=svr02.aaacare.local
Thumbprint : CD7D3F19EABAD3BC7B967ADB61
AccessRules : {System.Security.AccessCon
.Security.AccessControl.Cr
CertificateDomains : {mail.aaacare.com.au}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=aaa Intranet, DC=aaa, DC=local
NotAfter : 17/07/2010 3:59:18 PM
NotBefore : 17/07/2008 3:59:18 PM
PublicKeySize : 1024
RootCAType : Unknown
SerialNumber : 2077C76E000000000006
Services : None
Status : Invalid
Subject : CN=mail.aaacare.com.au, OU=aaa Care Management, O=aaa Care
Management, L=Toowoomba, S=Queensland, C=AU
Thumbprint : 7BEBD0675A70B9A4F06A5C581B
AccessRules : {System.Security.AccessCon
.Security.AccessControl.Cr
ty.AccessControl.CryptoKey
CertificateDomains : {svr02, svr02.aaa.local}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=svr02
NotAfter : 9/07/2009 1:35:41 PM
NotBefore : 9/07/2008 1:35:41 PM
PublicKeySize : 2048
RootCAType : Unknown
SerialNumber : A88B06C7DED91C9744981C5309
Services : IMAP, POP, SMTP
Status : Invalid
Subject : CN=svr02
Thumbprint : E3917918EBB7EEFD10DCE2A755
[PS] C:\Documents and Settings\admin>get-clienta
Name : SVR02
OutlookAnywhereEnabled : True
AutoDiscoverServiceCN : svr02
AutoDiscoverServiceClassNa
AutoDiscoverServiceInterna
todiscover.xml
AutoDiscoverServiceGuid : 77378f46-2c66-4aa9-a6a6-3e
AutoDiscoverSiteScope : {Default-First-Site}
IsValid : True
OriginatingServer : svr02.aaa.local
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=SVR02,CN=Servers,CN=Exc
Group (FYDIBOHF23SPDLT),CN=Admin
ups,CN=aaa Care Management,CN=Microsoft Exchan
ge,CN=Services,CN=Configur
l
Identity : SVR02
Guid : c0d6953a-0142-41b9-b473-9c
ObjectCategory : aaa.local/Configuration/Sc
e-Server
ObjectClass : {top, server, msExchExchangeServer}
WhenChanged : 13/08/2008 9:58:34 AM
WhenCreated : 9/07/2007 12:17:21 PM
[PS] C:\Documents and Settings\admin>
ASKER
in get-exchangecertificate | fl
it says : CertificateDomains : {svr02.aaacare.local}
is that cause problem?
the domain should be svr02.aaa.local or webmail.aaacare.com.au
it says : CertificateDomains : {svr02.aaacare.local}
is that cause problem?
the domain should be svr02.aaa.local or webmail.aaacare.com.au
run this
you will be all set after that
get-autodiscovervirtualdir
you will be all set after that
get-autodiscovervirtualdir
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Now , the result is below,
but it still does not work. the get-exchangecertificate | fl
still svr02.aaacare.local
but I don't have this domain , my
local domain is aaa.local
and interdomain is : aaacare.com.au
but it still does not work. the get-exchangecertificate | fl
still svr02.aaacare.local
but I don't have this domain , my
local domain is aaa.local
and interdomain is : aaacare.com.au
[PS] C:\Documents and Settings\admin>get-exchangecertificate | fl
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule, System.Securi
ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {webmail.aaacare.com.au}
HasPrivateKey : True
IsSelfSigned : False
Issuer : E=premium-server@thawte.com, CN=Thawte Premium Server CA,
OU=Certification Services Division, O=Thawte Consulting cc
, L=Cape Town, S=Western Cape, C=ZA
NotAfter : 21/11/2010 9:59:59 AM
NotBefore : 20/11/2008 10:00:00 AM
PublicKeySize : 1024
RootCAType : ThirdParty
SerialNumber : 311C5AF0072427F9A57220D8E4D1796F
Services : IIS, SMTP
Status : Valid
Subject : CN=webmail.aaacare.com.au, OU=aaa Care Management, O=aaa C
are Management, L=Toowoomba, S=Queensland, C=AU
Thumbprint : 559BDE0CA62D90BA7D3127B6244881AAB5B87DF4
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {svr02.aaacare.local}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=svr02.aaacare.local
NotAfter : 17/07/2009 10:19:42 PM
NotBefore : 17/07/2008 4:19:42 PM
PublicKeySize : 2048
RootCAType : Unknown
SerialNumber : 6FE76E48E61A8747E41EF8CE5530D4
Services : None
Status : Invalid
Subject : CN=svr02.aaacare.local
Thumbprint : CD7D3F19EABAD3BC7B967ADB6114FCEBBF5F11F9
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail.aaacare.com.au}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=aaa Intranet, DC=aaa, DC=local
NotAfter : 17/07/2010 3:59:18 PM
NotBefore : 17/07/2008 3:59:18 PM
PublicKeySize : 1024
RootCAType : Unknown
SerialNumber : 2077C76E000000000006
Services : None
Status : Invalid
Subject : CN=mail.aaacare.com.au, OU=aaa Care Management, O=aaa Care
Management, L=Toowoomba, S=Queensland, C=AU
Thumbprint : 7BEBD0675A70B9A4F06A5C581B5C808B8495D7F1
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule, System.Securi
ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {svr02, svr02.aaa.local}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=svr02
NotAfter : 9/07/2009 1:35:41 PM
NotBefore : 9/07/2008 1:35:41 PM
PublicKeySize : 2048
RootCAType : Unknown
SerialNumber : A88B06C7DED91C9744981C5309ADC6B2
Services : IMAP, POP, SMTP
Status : Invalid
Subject : CN=svr02
Thumbprint : E3917918EBB7EEFD10DCE2A75559F17B00A5D816
[PS] C:\Documents and Settings\admin>get-clientaccessserver | fl
Name : SVR02
OutlookAnywhereEnabled : True
AutoDiscoverServiceCN : svr02
AutoDiscoverServiceClassName : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri : https://webmail.aaacare.com.au/autodiscover/au
todiscover.xml
AutoDiscoverServiceGuid : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
AutoDiscoverSiteScope : {Default-First-Site}
IsValid : True
OriginatingServer : svr02.aaa.local
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=SVR02,CN=Servers,CN=Exchange Administrative
Group (FYDIBOHF23SPDLT),CN=Administrative Gro
ups,CN=aaa Care Management,CN=Microsoft Exchan
ge,CN=Services,CN=Configuration,DC=aaa,DC=loca
l
Identity : SVR02
Guid : c0d6953a-0142-41b9-b473-9ca11f6e6229
ObjectCategory : aaa.local/Configuration/Schema/ms-Exch-Exchang
e-Server
ObjectClass : {top, server, msExchExchangeServer}
WhenChanged : 15/09/2010 8:52:47 AM
WhenCreated : 9/07/2007 12:17:21 PM
[PS] C:\Documents and Settings\admin>get-autodiscovervirtualdirectory | fl
Name : Autodiscover (Default Web Site)
InternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
BasicAuthentication : False
DigestAuthentication : False
WindowsAuthentication : True
MetabasePath : IIS://svr02.aaa.local/W3SVC/1/ROOT/Autodiscover
Path : C:\Program Files\Microsoft\Exchange Server\Clie
ntAccess\Autodiscover
Server : SVR02
InternalUrl : https://webmail.aaacare.com.au/autodiscover/aut
odiscover.xml
ExternalUrl : https://webmail.aaacare.com.au/autodiscover/aut
odiscover.xml
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=Autodiscover (Default Web Site),CN=HTTP,CN=P
rotocols,CN=SVR02,CN=Servers,CN=Exchange Admini
strative Group (FYDIBOHF23SPDLT),CN=Administrat
ive Groups,CN=aaa Care Management,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=aaa,DC
=local
Identity : SVR02\Autodiscover (Default Web Site)
Guid : 3ec7186e-4c5f-4712-a989-3569bce61468
ObjectCategory : aaa.local/Configuration/Schema/ms-Exch-Auto-Dis
cover-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchAutoDiscove
rVirtualDirectory}
WhenChanged : 15/09/2010 8:51:50 AM
WhenCreated : 14/07/2009 11:31:52 AM
OriginatingServer : svr02.aaa.local
IsValid : True
[PS] C:\Documents and Settings\admin>
there are couple of fixes which I will give - in terms of authentication settings.
apart from that, I hope you are adding the exchange server as
webmail.aaacare.com.au
in server-name field
When you are trying to create a new outlook profile.
thanks
apart from that, I hope you are adding the exchange server as
webmail.aaacare.com.au
in server-name field
When you are trying to create a new outlook profile.
thanks
ASKER
But what about the old users? I have 100 users and cannot change them one by one.
and , the outlook 2007 in windows 2003 R2 works well without any message
the outlook 2007 in windows 2008 R2 get that message , and ask me to enter the password for svr02.aaa.local and then said exchange is unavailable.
the oulook 2007 in my windows 7 get that message and ask for password for svr02.aaa.local and then work but I need enter the password everytime.
and , the outlook 2007 in windows 2003 R2 works well without any message
the outlook 2007 in windows 2008 R2 get that message , and ask me to enter the password for svr02.aaa.local and then said exchange is unavailable.
the oulook 2007 in my windows 7 get that message and ask for password for svr02.aaa.local and then work but I need enter the password everytime.
you would need UCC/SAN cert to rectify most of these issues.
The cases spring from the fact that we are trying to use your one Good SSL and trying to apply it everywhere.
We havent gotten to the phones part yet (Droids Windows mobile 6)
lets try to isolate the cases.
a) Outlook 2003 - should not have any issues.
b) for outlook 2007/windows 2008 R2 - dont enter server name as SVR02.aaa.local
enter servername as webmail.aaacare.com.au (you mentioned you created a dNS entry pointing to lan ip of exchange for this)
c) Outlook 2007/Windows 7 repeated password prompts > try this one
If “Remember my password” doesn’t work and you keep getting prompted:
a) close outlook
b) go to Start... Run and type 'control userpasswords2' (without the quotes) and press OK
c) click on the Advanced tab and press 'Manage Passwords'
d) find the entry for your mail server and click ‘Properties’
e) erase the Server name and type in vexch01 or the name of your DC / global catalog server
f) leave the password blank and click OK
g) start Outlook, enter your password and check off ‘Remember my password’ one last time. It should not prompt again.
http://www.petri.co.il/forums/showthread.php?t=18808
Please try this one by one and let me know if it works.
The cases spring from the fact that we are trying to use your one Good SSL and trying to apply it everywhere.
We havent gotten to the phones part yet (Droids Windows mobile 6)
lets try to isolate the cases.
a) Outlook 2003 - should not have any issues.
b) for outlook 2007/windows 2008 R2 - dont enter server name as SVR02.aaa.local
enter servername as webmail.aaacare.com.au (you mentioned you created a dNS entry pointing to lan ip of exchange for this)
c) Outlook 2007/Windows 7 repeated password prompts > try this one
If “Remember my password” doesn’t work and you keep getting prompted:
a) close outlook
b) go to Start... Run and type 'control userpasswords2' (without the quotes) and press OK
c) click on the Advanced tab and press 'Manage Passwords'
d) find the entry for your mail server and click ‘Properties’
e) erase the Server name and type in vexch01 or the name of your DC / global catalog server
f) leave the password blank and click OK
g) start Outlook, enter your password and check off ‘Remember my password’ one last time. It should not prompt again.
http://www.petri.co.il/forums/showthread.php?t=18808
Please try this one by one and let me know if it works.
ASKER
I have done all as your describe , but it still doesnot work,
the error message is :
there is a problem with the proxy server's security certificate. the name on the security certificate is invalid or does not match the name of the target site mail.aaacare.com.au
outlook is unable to connect to the proxy server.
the error message is :
there is a problem with the proxy server's security certificate. the name on the security certificate is invalid or does not match the name of the target site mail.aaacare.com.au
outlook is unable to connect to the proxy server.
ASKER
please ignore the latest question, it is caused the system attendant server stoppped.
ASKER
I have done all as your describe , but it still doesnot work,
the error message is :
there is a problem with the proxy server's security certificate. the name on the security certificate is invalid or does not match the name of the target site mail.aaacare.com.au
the security is webmail.aaa.com.au
outlook can connect but keep get this message everytime.
the error message is :
there is a problem with the proxy server's security certificate. the name on the security certificate is invalid or does not match the name of the target site mail.aaacare.com.au
the security is webmail.aaa.com.au
outlook can connect but keep get this message everytime.
ASKER
Finally I install a certificate like *.aaadomain.com and fix the problem
For outlook clients @ security cert mismatch
Go to DNS for that lan
(from outlook do this
ipconfig /all)
find dNS
Go to that server.
start > run > dnsmgmt.msc
Create a A-record for
webmail.domain.com - to point to lan IP of exchange server.
that should work.