?
Solved

Outlook 2010 Exchange cert issue

Posted on 2010-09-14
11
Medium Priority
?
1,006 Views
Last Modified: 2012-05-10
I cannot get my newly updated Outlook 2010 to connect to my SBS2008/exchange 2007 server remotly. I was on Outlook 2007 and it was working. I uninstalled 07 and installed 10 and now I can't get the remote connection working. I tried installing the cert again but that didn't work.

The error is:
there is a problem with the proxy server's security certificate. the security certificate is not from a trusted certifying authority. Outlook is unable to connect to proxy server remote.mydomain.com (error code 8).

is there a setting in the new outlook 10 to allow self signed certs, it sounds like a security feature they added.
0
Comment
Question by:calitech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
11 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 1336 total points
ID: 33678333
Have you seen the following troubleshooting guide?
http://support.microsoft.com/kb/923575
You may not have installed the certificate in the "Trusted root" folder.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33678342
Are you connecting over LAN or over RPC/HTTPS

Also please post the output of this from Exchange shell
Run this from SBS

get-clientaccessserver | fl
get-autodiscovervirtualdirectory | fl
get-exchangecertificate | fl

did you purchase a UCC/SAN cert and installed it on SBS ?

thanks
0
 

Author Comment

by:calitech
ID: 33678406
Yes I installed the cert in the trusted group.
 
I am using RPC/HTTPS but connecting throgh the lan.

No I didn't purchase a cert, I am using the self signed that SBS generates. I have been fine so far using that cert.

here is the print out.

         Welcome to the Exchange Management Shell!

 Full list of cmdlets:          get-command
 Only Exchange cmdlets:         get-excommand
 Cmdlets for a specific role:   get-help -role *UM* or *Mailbox*
 Get general help:              help
 Get help for a cmdlet:         help <cmdlet-name> or <cmdlet-name> -?
 Show quick reference guide:    quickref
 Exchange team blog:            get-exblog
 Show full output for a cmd:    <cmd> | format-list

Tip of the day #19:

If you want to test all IP Block List providers, you just have to pipe the Get-I
pBlockListProvider cmdlet to the Test-IpBlockListProvider cmdlet:

 Get-IpBlockListProvider | Test-IpBlockListProvider -IpAddress 192.168.0.1

[PS] C:\Windows\System32>get-clientaccessserver | fl


Name                           : SBS2008
OutlookAnywhereEnabled         : True
AutoDiscoverServiceCN          : SBS2008
AutoDiscoverServiceClassName   : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri : https://remote.mydomain.com/Autodiscover
                                 /Autodiscover.xml
AutoDiscoverServiceGuid        : 77378f46-2c66-4aa9-a6a6-3e7a48b12341
AutoDiscoverSiteScope          : {Default-First-Site-Name}
IsValid                        : True
OriginatingServer              : SBS2008.domain.local
ExchangeVersion                : 0.1 (8.0.535.0)
DistinguishedName              : CN=SBS2008,CN=Servers,CN=Exchange Administrati
                                 ve Group (FYDIBOHF23SPDLT),CN=Administrative G
                                 roups,CN=First Organization,CN=Microsoft Excha
                                 nge,CN=Services,CN=Configuration,DC=domain,DC=local
Identity                       : SBS2008
Guid                           : 702a97db-a424-4b7f-adcd-e3ee5346c6
ObjectCategory                 : domain.local/Configuration/Schema/ms-Exc
                                 h-Exchange-Server
ObjectClass                    : {top, server, msExchExchangeServer}
WhenChanged                    : 8/13/2010 1:45:28 PM
WhenCreated                    : 1/26/2009 11:06:41 AM



[PS] C:\Windows\System32>get-autodiscovervirtualdirectory | fl


Name                          : Autodiscover (SBS Web Applications)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
BasicAuthentication           : True
DigestAuthentication          : False
WindowsAuthentication         : True
MetabasePath                  : IIS://SBS2008.domain.local/W3SVC/3/ROOT/A
                                utodiscover
Path                          : C:\Program Files\Microsoft\Exchange Server\Clie
                                ntAccess\Autodiscover
Server                        : SBS2008
InternalUrl                   : https://remote.mydomain.com/Autodiscover/
                                Autodiscover.xml
ExternalUrl                   : https://remote.mydomain.com/Autodiscover/
                                Autodiscover.xml
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=Autodiscover (SBS Web Applications),CN=HTTP,
                                CN=Protocols,CN=SBS2008,CN=Servers,CN=Exchange
                                Administrative Group (FYDIBOHF23SPDLT),CN=Admin
                                istrative Groups,CN=First Organization,CN=Micro
                                soft Exchange,CN=Services,CN=Configuration,DC=domain,DC=local
Identity                      : SBS2008\Autodiscover (SBS Web Applications)
Guid                          : 44e425e7-4c44-449c-b5b1-4eef798fef89
ObjectCategory                : domain.local/Configuration/Schema/ms-Exch
                                -Auto-Discover-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchAutoDiscove
                                rVirtualDirectory}
WhenChanged                   : 2/1/2009 12:35:52 PM
WhenCreated                   : 1/26/2009 11:11:12 AM
OriginatingServer             : SBS2008.domain.local
IsValid                       : True



[PS] C:\Windows\System32>get-exchangecertificate | fl


AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {SBS2008, SBS2008.domain.local, localhost}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=Default CA, C=US
NotAfter           : 2/23/2015 8:21:21 AM
NotBefore          : 2/24/2010 8:21:21 AM
PublicKeySize      : 1024
RootCAType         : Registry
SerialNumber       : 4B45E1354302B3D5
Services           : IMAP, POP
Status             : Unknown
Subject            : CN=SBS2008
Thumbprint         : 555BB5941764036435016BE2D977D45F

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {SBS2008, SBS2008.domain.local, localhost}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=Default CA, C=US
NotAfter           : 2/22/2015 5:06:54 PM
NotBefore          : 2/23/2010 5:06:54 PM
PublicKeySize      : 1024
RootCAType         : Registry
SerialNumber       : 27F8E5F54340DC948A
Services           : IMAP, POP
Status             : Unknown
Subject            : CN=SBS2008
Thumbprint         : CC3CED23450693CCDA00DBC2F01531AC5EA88E23A8F3

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {SBS2008.domain.local}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=domain-SBS2008-CA
NotAfter           : 12/15/2010 11:35:23 AM
NotBefore          : 12/15/2009 11:35:23 AM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 20234569D5000000000008
Services           : IMAP, POP
Status             : Valid
Subject            : CN=SBS2008.domain.local
Thumbprint         : 42A5903A4DEE02483223AD874AE9FE031AE

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {remote.mydomain.com, mydomain.com, SBS2008.ca
                     litech-inc.local}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=domain-SBS2008-CA
NotAfter           : 2/1/2011 12:25:31 PM
NotBefore          : 2/1/2009 12:25:31 PM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 1EC3254EF0023450000004
Services           : IMAP, POP, IIS, SMTP
Status             : Valid
Subject            : CN=remote.mydomain.com
Thumbprint         : BEA286207FAC8835D77899E43D36978243547E

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {Sites, SBS2008.domain.local}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=domain-SBS2008-CA
NotAfter           : 1/26/2011 10:54:01 AM
NotBefore          : 1/26/2009 10:54:01 AM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 6103D7890000000002
Services           : IMAP, POP, SMTP
Status             : Valid
Subject            : CN=Sites
Thumbprint         : E3ADC273545FC1E824353EF0F65FFFDF8FE785

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {domain-SBS2008-CA}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=domain-SBS2008-CA
NotAfter           : 1/26/2014 11:03:26 AM
NotBefore          : 1/26/2009 10:53:26 AM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 741A116EED30D596423452928A64E1
Services           : None
Status             : Valid
Subject            : CN=domain-SBS2008-CA
Thumbprint         : 742C288D702AAACFCB83451A37C7ECB0878F5

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {WMSvc-WIN-SNRV23P3O51}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=WMSvc-WIN-SNRV23P3O51
NotAfter           : 1/24/2019 10:19:01 AM
NotBefore          : 1/26/2009 10:19:01 AM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 468D57S9699EFAB48d87F56AF66B9D
Services           : None
Status             : Valid
Subject            : CN=WMSvc-WIN-SNRV23P3O51
Thumbprint         : F692C6561C5910204761F725F0B8D0237341F



[PS] C:\Windows\System32>
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
LVL 28

Expert Comment

by:sunnyc7
ID: 33678419
when you ping remote.domain.com - do you get the LAN IP of SBS server - or a external IP ?

did you buy a UCC/SAN cert from godaddy/digicert ?

these cert's look like they are issued by SBS
0
 

Author Comment

by:calitech
ID: 33678448
when i ping remote.domain.com I get the external ip.

I didn't purchase any cert for my server. I have been fine till now. I have been using the server one that gets created when you setup SBS.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33678456
What is your internal FQDN ?
Is it
SBS2008.domain.local
0
 

Author Comment

by:calitech
ID: 33678467
No, it really is my company name. I just replace my name to domain for this post.
0
 
LVL 28

Assisted Solution

by:sunnyc7
sunnyc7 earned 664 total points
ID: 33678478
I just want to make sure that I give correct commands to reset your autodiscoveruri's

Replace appropriate parts
mail.domain.local - internal fqdn of sbs
mail.domain.com - external FQDN / MX / where you access OWA

Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri:"https://mail.domain.local/Autodiscover/Autodiscover.xml"

Get-AutodiscoverVirtualDirectory | set-AutodiscoverVirtualDirectory -InternalUrl:"https://mail.domain.local/Autodiscover/Autodiscover.xml"

Get-AutodiscoverVirtualDirectory | set-AutodiscoverVirtualDirectory -ExternalUrl:"https://mail.domain.com/Autodiscover/Autodiscover.xml"

For outlook cert issues
The name on the cert has to match the name on autodiscover - that is mail.domain.local

Hence UCC/SAN cert's are preferable - than self-signed.


0
 

Author Comment

by:calitech
ID: 33678989
I entered the following commands, now what? I tested Outlook and still was not able to get in.
Can I get a RapidSSL?  http://www.ssl247.com/ssl-certificates/brands/rapidssl/


[PS] C:\Windows\System32>Get-ClientAccessServer | Set-ClientAccessServer -AutoDi
scoverServiceInternalUri:"https://SBS2008.domain.local/Autodiscover/Autodi
scover.xml"

[PS] C:\Windows\System32>Get-AutodiscoverVirtualDirectory | set-AutodiscoverVirt
ualDirectory -InternalUrl:"https://SBS2008.domain.local/Autodiscover/Autod
iscover.xml"

[PS] C:\Windows\System32>Get-AutodiscoverVirtualDirectory | set-AutodiscoverVirt
ualDirectory -ExternalUrl:"https://remote.mydomain.com/Autodiscover/Autodi
scover.xml"
WARNING: The command completed successfully but no settings of
'SBS2008\Autodiscover (SBS Web Applications)' have been modified.
[PS] C:\Windows\System32>
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 1336 total points
ID: 33681176
>>"Can I get a RapidSSL?"
Yes, but RapidSSL is now owned by Symantec, I would recomend a Godday.com certificate which is also a little cheaper.
http://blogs.technet.com/b/sbs/archive/2009/02/11/sean-daniel-how-to-install-a-godaddy-certificate-on-sbs-2008.aspx
0
 

Author Closing Comment

by:calitech
ID: 33791578
I guess I need to buy a cert for this to work
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
Suggested Courses
Course of the Month8 days, 7 hours left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question