Solved

Outlook 2010 Exchange cert issue

Posted on 2010-09-14
11
1,004 Views
Last Modified: 2012-05-10
I cannot get my newly updated Outlook 2010 to connect to my SBS2008/exchange 2007 server remotly. I was on Outlook 2007 and it was working. I uninstalled 07 and installed 10 and now I can't get the remote connection working. I tried installing the cert again but that didn't work.

The error is:
there is a problem with the proxy server's security certificate. the security certificate is not from a trusted certifying authority. Outlook is unable to connect to proxy server remote.mydomain.com (error code 8).

is there a setting in the new outlook 10 to allow self signed certs, it sounds like a security feature they added.
0
Comment
Question by:calitech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
11 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 334 total points
ID: 33678333
Have you seen the following troubleshooting guide?
http://support.microsoft.com/kb/923575
You may not have installed the certificate in the "Trusted root" folder.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33678342
Are you connecting over LAN or over RPC/HTTPS

Also please post the output of this from Exchange shell
Run this from SBS

get-clientaccessserver | fl
get-autodiscovervirtualdirectory | fl
get-exchangecertificate | fl

did you purchase a UCC/SAN cert and installed it on SBS ?

thanks
0
 

Author Comment

by:calitech
ID: 33678406
Yes I installed the cert in the trusted group.
 
I am using RPC/HTTPS but connecting throgh the lan.

No I didn't purchase a cert, I am using the self signed that SBS generates. I have been fine so far using that cert.

here is the print out.

         Welcome to the Exchange Management Shell!

 Full list of cmdlets:          get-command
 Only Exchange cmdlets:         get-excommand
 Cmdlets for a specific role:   get-help -role *UM* or *Mailbox*
 Get general help:              help
 Get help for a cmdlet:         help <cmdlet-name> or <cmdlet-name> -?
 Show quick reference guide:    quickref
 Exchange team blog:            get-exblog
 Show full output for a cmd:    <cmd> | format-list

Tip of the day #19:

If you want to test all IP Block List providers, you just have to pipe the Get-I
pBlockListProvider cmdlet to the Test-IpBlockListProvider cmdlet:

 Get-IpBlockListProvider | Test-IpBlockListProvider -IpAddress 192.168.0.1

[PS] C:\Windows\System32>get-clientaccessserver | fl


Name                           : SBS2008
OutlookAnywhereEnabled         : True
AutoDiscoverServiceCN          : SBS2008
AutoDiscoverServiceClassName   : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri : https://remote.mydomain.com/Autodiscover
                                 /Autodiscover.xml
AutoDiscoverServiceGuid        : 77378f46-2c66-4aa9-a6a6-3e7a48b12341
AutoDiscoverSiteScope          : {Default-First-Site-Name}
IsValid                        : True
OriginatingServer              : SBS2008.domain.local
ExchangeVersion                : 0.1 (8.0.535.0)
DistinguishedName              : CN=SBS2008,CN=Servers,CN=Exchange Administrati
                                 ve Group (FYDIBOHF23SPDLT),CN=Administrative G
                                 roups,CN=First Organization,CN=Microsoft Excha
                                 nge,CN=Services,CN=Configuration,DC=domain,DC=local
Identity                       : SBS2008
Guid                           : 702a97db-a424-4b7f-adcd-e3ee5346c6
ObjectCategory                 : domain.local/Configuration/Schema/ms-Exc
                                 h-Exchange-Server
ObjectClass                    : {top, server, msExchExchangeServer}
WhenChanged                    : 8/13/2010 1:45:28 PM
WhenCreated                    : 1/26/2009 11:06:41 AM



[PS] C:\Windows\System32>get-autodiscovervirtualdirectory | fl


Name                          : Autodiscover (SBS Web Applications)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
BasicAuthentication           : True
DigestAuthentication          : False
WindowsAuthentication         : True
MetabasePath                  : IIS://SBS2008.domain.local/W3SVC/3/ROOT/A
                                utodiscover
Path                          : C:\Program Files\Microsoft\Exchange Server\Clie
                                ntAccess\Autodiscover
Server                        : SBS2008
InternalUrl                   : https://remote.mydomain.com/Autodiscover/
                                Autodiscover.xml
ExternalUrl                   : https://remote.mydomain.com/Autodiscover/
                                Autodiscover.xml
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=Autodiscover (SBS Web Applications),CN=HTTP,
                                CN=Protocols,CN=SBS2008,CN=Servers,CN=Exchange
                                Administrative Group (FYDIBOHF23SPDLT),CN=Admin
                                istrative Groups,CN=First Organization,CN=Micro
                                soft Exchange,CN=Services,CN=Configuration,DC=domain,DC=local
Identity                      : SBS2008\Autodiscover (SBS Web Applications)
Guid                          : 44e425e7-4c44-449c-b5b1-4eef798fef89
ObjectCategory                : domain.local/Configuration/Schema/ms-Exch
                                -Auto-Discover-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchAutoDiscove
                                rVirtualDirectory}
WhenChanged                   : 2/1/2009 12:35:52 PM
WhenCreated                   : 1/26/2009 11:11:12 AM
OriginatingServer             : SBS2008.domain.local
IsValid                       : True



[PS] C:\Windows\System32>get-exchangecertificate | fl


AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {SBS2008, SBS2008.domain.local, localhost}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=Default CA, C=US
NotAfter           : 2/23/2015 8:21:21 AM
NotBefore          : 2/24/2010 8:21:21 AM
PublicKeySize      : 1024
RootCAType         : Registry
SerialNumber       : 4B45E1354302B3D5
Services           : IMAP, POP
Status             : Unknown
Subject            : CN=SBS2008
Thumbprint         : 555BB5941764036435016BE2D977D45F

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {SBS2008, SBS2008.domain.local, localhost}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=Default CA, C=US
NotAfter           : 2/22/2015 5:06:54 PM
NotBefore          : 2/23/2010 5:06:54 PM
PublicKeySize      : 1024
RootCAType         : Registry
SerialNumber       : 27F8E5F54340DC948A
Services           : IMAP, POP
Status             : Unknown
Subject            : CN=SBS2008
Thumbprint         : CC3CED23450693CCDA00DBC2F01531AC5EA88E23A8F3

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {SBS2008.domain.local}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=domain-SBS2008-CA
NotAfter           : 12/15/2010 11:35:23 AM
NotBefore          : 12/15/2009 11:35:23 AM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 20234569D5000000000008
Services           : IMAP, POP
Status             : Valid
Subject            : CN=SBS2008.domain.local
Thumbprint         : 42A5903A4DEE02483223AD874AE9FE031AE

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {remote.mydomain.com, mydomain.com, SBS2008.ca
                     litech-inc.local}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=domain-SBS2008-CA
NotAfter           : 2/1/2011 12:25:31 PM
NotBefore          : 2/1/2009 12:25:31 PM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 1EC3254EF0023450000004
Services           : IMAP, POP, IIS, SMTP
Status             : Valid
Subject            : CN=remote.mydomain.com
Thumbprint         : BEA286207FAC8835D77899E43D36978243547E

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {Sites, SBS2008.domain.local}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=domain-SBS2008-CA
NotAfter           : 1/26/2011 10:54:01 AM
NotBefore          : 1/26/2009 10:54:01 AM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 6103D7890000000002
Services           : IMAP, POP, SMTP
Status             : Valid
Subject            : CN=Sites
Thumbprint         : E3ADC273545FC1E824353EF0F65FFFDF8FE785

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {domain-SBS2008-CA}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=domain-SBS2008-CA
NotAfter           : 1/26/2014 11:03:26 AM
NotBefore          : 1/26/2009 10:53:26 AM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 741A116EED30D596423452928A64E1
Services           : None
Status             : Valid
Subject            : CN=domain-SBS2008-CA
Thumbprint         : 742C288D702AAACFCB83451A37C7ECB0878F5

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {WMSvc-WIN-SNRV23P3O51}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=WMSvc-WIN-SNRV23P3O51
NotAfter           : 1/24/2019 10:19:01 AM
NotBefore          : 1/26/2009 10:19:01 AM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 468D57S9699EFAB48d87F56AF66B9D
Services           : None
Status             : Valid
Subject            : CN=WMSvc-WIN-SNRV23P3O51
Thumbprint         : F692C6561C5910204761F725F0B8D0237341F



[PS] C:\Windows\System32>
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 28

Expert Comment

by:sunnyc7
ID: 33678419
when you ping remote.domain.com - do you get the LAN IP of SBS server - or a external IP ?

did you buy a UCC/SAN cert from godaddy/digicert ?

these cert's look like they are issued by SBS
0
 

Author Comment

by:calitech
ID: 33678448
when i ping remote.domain.com I get the external ip.

I didn't purchase any cert for my server. I have been fine till now. I have been using the server one that gets created when you setup SBS.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33678456
What is your internal FQDN ?
Is it
SBS2008.domain.local
0
 

Author Comment

by:calitech
ID: 33678467
No, it really is my company name. I just replace my name to domain for this post.
0
 
LVL 28

Assisted Solution

by:sunnyc7
sunnyc7 earned 166 total points
ID: 33678478
I just want to make sure that I give correct commands to reset your autodiscoveruri's

Replace appropriate parts
mail.domain.local - internal fqdn of sbs
mail.domain.com - external FQDN / MX / where you access OWA

Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri:"https://mail.domain.local/Autodiscover/Autodiscover.xml"

Get-AutodiscoverVirtualDirectory | set-AutodiscoverVirtualDirectory -InternalUrl:"https://mail.domain.local/Autodiscover/Autodiscover.xml"

Get-AutodiscoverVirtualDirectory | set-AutodiscoverVirtualDirectory -ExternalUrl:"https://mail.domain.com/Autodiscover/Autodiscover.xml"

For outlook cert issues
The name on the cert has to match the name on autodiscover - that is mail.domain.local

Hence UCC/SAN cert's are preferable - than self-signed.


0
 

Author Comment

by:calitech
ID: 33678989
I entered the following commands, now what? I tested Outlook and still was not able to get in.
Can I get a RapidSSL?  http://www.ssl247.com/ssl-certificates/brands/rapidssl/


[PS] C:\Windows\System32>Get-ClientAccessServer | Set-ClientAccessServer -AutoDi
scoverServiceInternalUri:"https://SBS2008.domain.local/Autodiscover/Autodi
scover.xml"

[PS] C:\Windows\System32>Get-AutodiscoverVirtualDirectory | set-AutodiscoverVirt
ualDirectory -InternalUrl:"https://SBS2008.domain.local/Autodiscover/Autod
iscover.xml"

[PS] C:\Windows\System32>Get-AutodiscoverVirtualDirectory | set-AutodiscoverVirt
ualDirectory -ExternalUrl:"https://remote.mydomain.com/Autodiscover/Autodi
scover.xml"
WARNING: The command completed successfully but no settings of
'SBS2008\Autodiscover (SBS Web Applications)' have been modified.
[PS] C:\Windows\System32>
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 334 total points
ID: 33681176
>>"Can I get a RapidSSL?"
Yes, but RapidSSL is now owned by Symantec, I would recomend a Godday.com certificate which is also a little cheaper.
http://blogs.technet.com/b/sbs/archive/2009/02/11/sean-daniel-how-to-install-a-godaddy-certificate-on-sbs-2008.aspx
0
 

Author Closing Comment

by:calitech
ID: 33791578
I guess I need to buy a cert for this to work
0

Featured Post

Backup Solution for AWS

Read about how CloudBerry Backup fully integrates your backups with Amazon S3 and Amazon Glacier to provide military-grade encryption and dramatically cut storage costs on any platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you unable to connect or configure Hotmail email account in Microsoft Outlook 2010, 2007? Or Outlook.com emails are not downloading to Outlook? Lets’ see the problem and resolve Outlook Connector error syncing folder hierarchy (0x8004102A).
In this step by step procedure, you will come to know the details of creating an Outlook meeting in 2007, 2010, 2013 & 2016.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question