• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1025
  • Last Modified:

Outlook 2010 Exchange cert issue

I cannot get my newly updated Outlook 2010 to connect to my SBS2008/exchange 2007 server remotly. I was on Outlook 2007 and it was working. I uninstalled 07 and installed 10 and now I can't get the remote connection working. I tried installing the cert again but that didn't work.

The error is:
there is a problem with the proxy server's security certificate. the security certificate is not from a trusted certifying authority. Outlook is unable to connect to proxy server remote.mydomain.com (error code 8).

is there a setting in the new outlook 10 to allow self signed certs, it sounds like a security feature they added.
0
calitech
Asked:
calitech
  • 5
  • 4
  • 2
3 Solutions
 
Rob WilliamsCommented:
Have you seen the following troubleshooting guide?
http://support.microsoft.com/kb/923575
You may not have installed the certificate in the "Trusted root" folder.
0
 
sunnyc7Commented:
Are you connecting over LAN or over RPC/HTTPS

Also please post the output of this from Exchange shell
Run this from SBS

get-clientaccessserver | fl
get-autodiscovervirtualdirectory | fl
get-exchangecertificate | fl

did you purchase a UCC/SAN cert and installed it on SBS ?

thanks
0
 
calitechAuthor Commented:
Yes I installed the cert in the trusted group.
 
I am using RPC/HTTPS but connecting throgh the lan.

No I didn't purchase a cert, I am using the self signed that SBS generates. I have been fine so far using that cert.

here is the print out.

         Welcome to the Exchange Management Shell!

 Full list of cmdlets:          get-command
 Only Exchange cmdlets:         get-excommand
 Cmdlets for a specific role:   get-help -role *UM* or *Mailbox*
 Get general help:              help
 Get help for a cmdlet:         help <cmdlet-name> or <cmdlet-name> -?
 Show quick reference guide:    quickref
 Exchange team blog:            get-exblog
 Show full output for a cmd:    <cmd> | format-list

Tip of the day #19:

If you want to test all IP Block List providers, you just have to pipe the Get-I
pBlockListProvider cmdlet to the Test-IpBlockListProvider cmdlet:

 Get-IpBlockListProvider | Test-IpBlockListProvider -IpAddress 192.168.0.1

[PS] C:\Windows\System32>get-clientaccessserver | fl


Name                           : SBS2008
OutlookAnywhereEnabled         : True
AutoDiscoverServiceCN          : SBS2008
AutoDiscoverServiceClassName   : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri : https://remote.mydomain.com/Autodiscover
                                 /Autodiscover.xml
AutoDiscoverServiceGuid        : 77378f46-2c66-4aa9-a6a6-3e7a48b12341
AutoDiscoverSiteScope          : {Default-First-Site-Name}
IsValid                        : True
OriginatingServer              : SBS2008.domain.local
ExchangeVersion                : 0.1 (8.0.535.0)
DistinguishedName              : CN=SBS2008,CN=Servers,CN=Exchange Administrati
                                 ve Group (FYDIBOHF23SPDLT),CN=Administrative G
                                 roups,CN=First Organization,CN=Microsoft Excha
                                 nge,CN=Services,CN=Configuration,DC=domain,DC=local
Identity                       : SBS2008
Guid                           : 702a97db-a424-4b7f-adcd-e3ee5346c6
ObjectCategory                 : domain.local/Configuration/Schema/ms-Exc
                                 h-Exchange-Server
ObjectClass                    : {top, server, msExchExchangeServer}
WhenChanged                    : 8/13/2010 1:45:28 PM
WhenCreated                    : 1/26/2009 11:06:41 AM



[PS] C:\Windows\System32>get-autodiscovervirtualdirectory | fl


Name                          : Autodiscover (SBS Web Applications)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
BasicAuthentication           : True
DigestAuthentication          : False
WindowsAuthentication         : True
MetabasePath                  : IIS://SBS2008.domain.local/W3SVC/3/ROOT/A
                                utodiscover
Path                          : C:\Program Files\Microsoft\Exchange Server\Clie
                                ntAccess\Autodiscover
Server                        : SBS2008
InternalUrl                   : https://remote.mydomain.com/Autodiscover/
                                Autodiscover.xml
ExternalUrl                   : https://remote.mydomain.com/Autodiscover/
                                Autodiscover.xml
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=Autodiscover (SBS Web Applications),CN=HTTP,
                                CN=Protocols,CN=SBS2008,CN=Servers,CN=Exchange
                                Administrative Group (FYDIBOHF23SPDLT),CN=Admin
                                istrative Groups,CN=First Organization,CN=Micro
                                soft Exchange,CN=Services,CN=Configuration,DC=domain,DC=local
Identity                      : SBS2008\Autodiscover (SBS Web Applications)
Guid                          : 44e425e7-4c44-449c-b5b1-4eef798fef89
ObjectCategory                : domain.local/Configuration/Schema/ms-Exch
                                -Auto-Discover-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchAutoDiscove
                                rVirtualDirectory}
WhenChanged                   : 2/1/2009 12:35:52 PM
WhenCreated                   : 1/26/2009 11:11:12 AM
OriginatingServer             : SBS2008.domain.local
IsValid                       : True



[PS] C:\Windows\System32>get-exchangecertificate | fl


AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {SBS2008, SBS2008.domain.local, localhost}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=Default CA, C=US
NotAfter           : 2/23/2015 8:21:21 AM
NotBefore          : 2/24/2010 8:21:21 AM
PublicKeySize      : 1024
RootCAType         : Registry
SerialNumber       : 4B45E1354302B3D5
Services           : IMAP, POP
Status             : Unknown
Subject            : CN=SBS2008
Thumbprint         : 555BB5941764036435016BE2D977D45F

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {SBS2008, SBS2008.domain.local, localhost}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=Default CA, C=US
NotAfter           : 2/22/2015 5:06:54 PM
NotBefore          : 2/23/2010 5:06:54 PM
PublicKeySize      : 1024
RootCAType         : Registry
SerialNumber       : 27F8E5F54340DC948A
Services           : IMAP, POP
Status             : Unknown
Subject            : CN=SBS2008
Thumbprint         : CC3CED23450693CCDA00DBC2F01531AC5EA88E23A8F3

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {SBS2008.domain.local}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=domain-SBS2008-CA
NotAfter           : 12/15/2010 11:35:23 AM
NotBefore          : 12/15/2009 11:35:23 AM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 20234569D5000000000008
Services           : IMAP, POP
Status             : Valid
Subject            : CN=SBS2008.domain.local
Thumbprint         : 42A5903A4DEE02483223AD874AE9FE031AE

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {remote.mydomain.com, mydomain.com, SBS2008.ca
                     litech-inc.local}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=domain-SBS2008-CA
NotAfter           : 2/1/2011 12:25:31 PM
NotBefore          : 2/1/2009 12:25:31 PM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 1EC3254EF0023450000004
Services           : IMAP, POP, IIS, SMTP
Status             : Valid
Subject            : CN=remote.mydomain.com
Thumbprint         : BEA286207FAC8835D77899E43D36978243547E

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {Sites, SBS2008.domain.local}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=domain-SBS2008-CA
NotAfter           : 1/26/2011 10:54:01 AM
NotBefore          : 1/26/2009 10:54:01 AM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 6103D7890000000002
Services           : IMAP, POP, SMTP
Status             : Valid
Subject            : CN=Sites
Thumbprint         : E3ADC273545FC1E824353EF0F65FFFDF8FE785

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {domain-SBS2008-CA}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=domain-SBS2008-CA
NotAfter           : 1/26/2014 11:03:26 AM
NotBefore          : 1/26/2009 10:53:26 AM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 741A116EED30D596423452928A64E1
Services           : None
Status             : Valid
Subject            : CN=domain-SBS2008-CA
Thumbprint         : 742C288D702AAACFCB83451A37C7ECB0878F5

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {WMSvc-WIN-SNRV23P3O51}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=WMSvc-WIN-SNRV23P3O51
NotAfter           : 1/24/2019 10:19:01 AM
NotBefore          : 1/26/2009 10:19:01 AM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 468D57S9699EFAB48d87F56AF66B9D
Services           : None
Status             : Valid
Subject            : CN=WMSvc-WIN-SNRV23P3O51
Thumbprint         : F692C6561C5910204761F725F0B8D0237341F



[PS] C:\Windows\System32>
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
sunnyc7Commented:
when you ping remote.domain.com - do you get the LAN IP of SBS server - or a external IP ?

did you buy a UCC/SAN cert from godaddy/digicert ?

these cert's look like they are issued by SBS
0
 
calitechAuthor Commented:
when i ping remote.domain.com I get the external ip.

I didn't purchase any cert for my server. I have been fine till now. I have been using the server one that gets created when you setup SBS.
0
 
sunnyc7Commented:
What is your internal FQDN ?
Is it
SBS2008.domain.local
0
 
calitechAuthor Commented:
No, it really is my company name. I just replace my name to domain for this post.
0
 
sunnyc7Commented:
I just want to make sure that I give correct commands to reset your autodiscoveruri's

Replace appropriate parts
mail.domain.local - internal fqdn of sbs
mail.domain.com - external FQDN / MX / where you access OWA

Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri:"https://mail.domain.local/Autodiscover/Autodiscover.xml"

Get-AutodiscoverVirtualDirectory | set-AutodiscoverVirtualDirectory -InternalUrl:"https://mail.domain.local/Autodiscover/Autodiscover.xml"

Get-AutodiscoverVirtualDirectory | set-AutodiscoverVirtualDirectory -ExternalUrl:"https://mail.domain.com/Autodiscover/Autodiscover.xml"

For outlook cert issues
The name on the cert has to match the name on autodiscover - that is mail.domain.local

Hence UCC/SAN cert's are preferable - than self-signed.


0
 
calitechAuthor Commented:
I entered the following commands, now what? I tested Outlook and still was not able to get in.
Can I get a RapidSSL?  http://www.ssl247.com/ssl-certificates/brands/rapidssl/


[PS] C:\Windows\System32>Get-ClientAccessServer | Set-ClientAccessServer -AutoDi
scoverServiceInternalUri:"https://SBS2008.domain.local/Autodiscover/Autodi
scover.xml"

[PS] C:\Windows\System32>Get-AutodiscoverVirtualDirectory | set-AutodiscoverVirt
ualDirectory -InternalUrl:"https://SBS2008.domain.local/Autodiscover/Autod
iscover.xml"

[PS] C:\Windows\System32>Get-AutodiscoverVirtualDirectory | set-AutodiscoverVirt
ualDirectory -ExternalUrl:"https://remote.mydomain.com/Autodiscover/Autodi
scover.xml"
WARNING: The command completed successfully but no settings of
'SBS2008\Autodiscover (SBS Web Applications)' have been modified.
[PS] C:\Windows\System32>
0
 
Rob WilliamsCommented:
>>"Can I get a RapidSSL?"
Yes, but RapidSSL is now owned by Symantec, I would recomend a Godday.com certificate which is also a little cheaper.
http://blogs.technet.com/b/sbs/archive/2009/02/11/sean-daniel-how-to-install-a-godaddy-certificate-on-sbs-2008.aspx
0
 
calitechAuthor Commented:
I guess I need to buy a cert for this to work
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

  • 5
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now