calitech
asked on
Outlook 2010 Exchange cert issue
I cannot get my newly updated Outlook 2010 to connect to my SBS2008/exchange 2007 server remotly. I was on Outlook 2007 and it was working. I uninstalled 07 and installed 10 and now I can't get the remote connection working. I tried installing the cert again but that didn't work.
The error is:
there is a problem with the proxy server's security certificate. the security certificate is not from a trusted certifying authority. Outlook is unable to connect to proxy server remote.mydomain.com (error code 8).
is there a setting in the new outlook 10 to allow self signed certs, it sounds like a security feature they added.
The error is:
there is a problem with the proxy server's security certificate. the security certificate is not from a trusted certifying authority. Outlook is unable to connect to proxy server remote.mydomain.com (error code 8).
is there a setting in the new outlook 10 to allow self signed certs, it sounds like a security feature they added.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes I installed the cert in the trusted group.
I am using RPC/HTTPS but connecting throgh the lan.
No I didn't purchase a cert, I am using the self signed that SBS generates. I have been fine so far using that cert.
here is the print out.
Welcome to the Exchange Management Shell!
Full list of cmdlets: get-command
Only Exchange cmdlets: get-excommand
Cmdlets for a specific role: get-help -role *UM* or *Mailbox*
Get general help: help
Get help for a cmdlet: help <cmdlet-name> or <cmdlet-name> -?
Show quick reference guide: quickref
Exchange team blog: get-exblog
Show full output for a cmd: <cmd> | format-list
Tip of the day #19:
If you want to test all IP Block List providers, you just have to pipe the Get-I
pBlockListProvider cmdlet to the Test-IpBlockListProvider cmdlet:
Get-IpBlockListProvider | Test-IpBlockListProvider -IpAddress 192.168.0.1
[PS] C:\Windows\System32>get-cl ientaccess server | fl
Name : SBS2008
OutlookAnywhereEnabled : True
AutoDiscoverServiceCN : SBS2008
AutoDiscoverServiceClassNa me : ms-Exchange-AutoDiscover-S ervice
AutoDiscoverServiceInterna lUri : https://remote.mydomain.com/Autodiscover
/Autodiscover.xml
AutoDiscoverServiceGuid : 77378f46-2c66-4aa9-a6a6-3e 7a48b12341
AutoDiscoverSiteScope : {Default-First-Site-Name}
IsValid : True
OriginatingServer : SBS2008.domain.local
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=SBS2008,CN=Servers,CN=E xchange Administrati
ve Group (FYDIBOHF23SPDLT),CN=Admin istrative G
roups,CN=First Organization,CN=Microsoft Excha
nge,CN=Services,CN=Configu ration,DC= domain,DC= local
Identity : SBS2008
Guid : 702a97db-a424-4b7f-adcd-e3 ee5346c6
ObjectCategory : domain.local/Configuration /Schema/ms -Exc
h-Exchange-Server
ObjectClass : {top, server, msExchExchangeServer}
WhenChanged : 8/13/2010 1:45:28 PM
WhenCreated : 1/26/2009 11:06:41 AM
[PS] C:\Windows\System32>get-au todiscover virtualdir ectory | fl
Name : Autodiscover (SBS Web Applications)
InternalAuthenticationMeth ods : {Basic, Ntlm, WindowsIntegrated}
ExternalAuthenticationMeth ods : {Basic, Ntlm, WindowsIntegrated}
BasicAuthentication : True
DigestAuthentication : False
WindowsAuthentication : True
MetabasePath : IIS://SBS2008.domain.local /W3SVC/3/R OOT/A
utodiscover
Path : C:\Program Files\Microsoft\Exchange Server\Clie
ntAccess\Autodiscover
Server : SBS2008
InternalUrl : https://remote.mydomain.com/Autodiscover/
Autodiscover.xml
ExternalUrl : https://remote.mydomain.com/Autodiscover/
Autodiscover.xml
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=Autodiscover (SBS Web Applications),CN=HTTP,
CN=Protocols,CN=SBS2008,CN =Servers,C N=Exchange
Administrative Group (FYDIBOHF23SPDLT),CN=Admin
istrative Groups,CN=First Organization,CN=Micro
soft Exchange,CN=Services,CN=Co nfiguratio n,DC=domai n,DC=local
Identity : SBS2008\Autodiscover (SBS Web Applications)
Guid : 44e425e7-4c44-449c-b5b1-4e ef798fef89
ObjectCategory : domain.local/Configuration /Schema/ms -Exch
-Auto-Discover-Virtual-Dir ectory
ObjectClass : {top, msExchVirtualDirectory, msExchAutoDiscove
rVirtualDirectory}
WhenChanged : 2/1/2009 12:35:52 PM
WhenCreated : 1/26/2009 11:11:12 AM
OriginatingServer : SBS2008.domain.local
IsValid : True
[PS] C:\Windows\System32>get-ex changecert ificate | fl
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System
.Security.AccessControl.Cr yptoKeyAcc essRule}
CertificateDomains : {SBS2008, SBS2008.domain.local, localhost}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=Default CA, C=US
NotAfter : 2/23/2015 8:21:21 AM
NotBefore : 2/24/2010 8:21:21 AM
PublicKeySize : 1024
RootCAType : Registry
SerialNumber : 4B45E1354302B3D5
Services : IMAP, POP
Status : Unknown
Subject : CN=SBS2008
Thumbprint : 555BB5941764036435016BE2D9 77D45F
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System
.Security.AccessControl.Cr yptoKeyAcc essRule}
CertificateDomains : {SBS2008, SBS2008.domain.local, localhost}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=Default CA, C=US
NotAfter : 2/22/2015 5:06:54 PM
NotBefore : 2/23/2010 5:06:54 PM
PublicKeySize : 1024
RootCAType : Registry
SerialNumber : 27F8E5F54340DC948A
Services : IMAP, POP
Status : Unknown
Subject : CN=SBS2008
Thumbprint : CC3CED23450693CCDA00DBC2F0 1531AC5EA8 8E23A8F3
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System
.Security.AccessControl.Cr yptoKeyAcc essRule}
CertificateDomains : {SBS2008.domain.local}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=domain-SBS2008-CA
NotAfter : 12/15/2010 11:35:23 AM
NotBefore : 12/15/2009 11:35:23 AM
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 20234569D5000000000008
Services : IMAP, POP
Status : Valid
Subject : CN=SBS2008.domain.local
Thumbprint : 42A5903A4DEE02483223AD874A E9FE031AE
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System
.Security.AccessControl.Cr yptoKeyAcc essRule, System.Securi
ty.AccessControl.CryptoKey AccessRule }
CertificateDomains : {remote.mydomain.com, mydomain.com, SBS2008.ca
litech-inc.local}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=domain-SBS2008-CA
NotAfter : 2/1/2011 12:25:31 PM
NotBefore : 2/1/2009 12:25:31 PM
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 1EC3254EF0023450000004
Services : IMAP, POP, IIS, SMTP
Status : Valid
Subject : CN=remote.mydomain.com
Thumbprint : BEA286207FAC8835D77899E43D 3697824354 7E
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System
.Security.AccessControl.Cr yptoKeyAcc essRule, System.Securi
ty.AccessControl.CryptoKey AccessRule }
CertificateDomains : {Sites, SBS2008.domain.local}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=domain-SBS2008-CA
NotAfter : 1/26/2011 10:54:01 AM
NotBefore : 1/26/2009 10:54:01 AM
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 6103D7890000000002
Services : IMAP, POP, SMTP
Status : Valid
Subject : CN=Sites
Thumbprint : E3ADC273545FC1E824353EF0F6 5FFFDF8FE7 85
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System
.Security.AccessControl.Cr yptoKeyAcc essRule}
CertificateDomains : {domain-SBS2008-CA}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=domain-SBS2008-CA
NotAfter : 1/26/2014 11:03:26 AM
NotBefore : 1/26/2009 10:53:26 AM
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 741A116EED30D596423452928A 64E1
Services : None
Status : Valid
Subject : CN=domain-SBS2008-CA
Thumbprint : 742C288D702AAACFCB83451A37 C7ECB0878F 5
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System
.Security.AccessControl.Cr yptoKeyAcc essRule}
CertificateDomains : {WMSvc-WIN-SNRV23P3O51}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=WMSvc-WIN-SNRV23P3O51
NotAfter : 1/24/2019 10:19:01 AM
NotBefore : 1/26/2009 10:19:01 AM
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 468D57S9699EFAB48d87F56AF6 6B9D
Services : None
Status : Valid
Subject : CN=WMSvc-WIN-SNRV23P3O51
Thumbprint : F692C6561C5910204761F725F0 B8D0237341 F
[PS] C:\Windows\System32>
I am using RPC/HTTPS but connecting throgh the lan.
No I didn't purchase a cert, I am using the self signed that SBS generates. I have been fine so far using that cert.
here is the print out.
Welcome to the Exchange Management Shell!
Full list of cmdlets: get-command
Only Exchange cmdlets: get-excommand
Cmdlets for a specific role: get-help -role *UM* or *Mailbox*
Get general help: help
Get help for a cmdlet: help <cmdlet-name> or <cmdlet-name> -?
Show quick reference guide: quickref
Exchange team blog: get-exblog
Show full output for a cmd: <cmd> | format-list
Tip of the day #19:
If you want to test all IP Block List providers, you just have to pipe the Get-I
pBlockListProvider cmdlet to the Test-IpBlockListProvider cmdlet:
Get-IpBlockListProvider | Test-IpBlockListProvider -IpAddress 192.168.0.1
[PS] C:\Windows\System32>get-cl
Name : SBS2008
OutlookAnywhereEnabled : True
AutoDiscoverServiceCN : SBS2008
AutoDiscoverServiceClassNa
AutoDiscoverServiceInterna
/Autodiscover.xml
AutoDiscoverServiceGuid : 77378f46-2c66-4aa9-a6a6-3e
AutoDiscoverSiteScope : {Default-First-Site-Name}
IsValid : True
OriginatingServer : SBS2008.domain.local
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=SBS2008,CN=Servers,CN=E
ve Group (FYDIBOHF23SPDLT),CN=Admin
roups,CN=First Organization,CN=Microsoft Excha
nge,CN=Services,CN=Configu
Identity : SBS2008
Guid : 702a97db-a424-4b7f-adcd-e3
ObjectCategory : domain.local/Configuration
h-Exchange-Server
ObjectClass : {top, server, msExchExchangeServer}
WhenChanged : 8/13/2010 1:45:28 PM
WhenCreated : 1/26/2009 11:06:41 AM
[PS] C:\Windows\System32>get-au
Name : Autodiscover (SBS Web Applications)
InternalAuthenticationMeth
ExternalAuthenticationMeth
BasicAuthentication : True
DigestAuthentication : False
WindowsAuthentication : True
MetabasePath : IIS://SBS2008.domain.local
utodiscover
Path : C:\Program Files\Microsoft\Exchange Server\Clie
ntAccess\Autodiscover
Server : SBS2008
InternalUrl : https://remote.mydomain.com/Autodiscover/
Autodiscover.xml
ExternalUrl : https://remote.mydomain.com/Autodiscover/
Autodiscover.xml
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=Autodiscover (SBS Web Applications),CN=HTTP,
CN=Protocols,CN=SBS2008,CN
Administrative Group (FYDIBOHF23SPDLT),CN=Admin
istrative Groups,CN=First Organization,CN=Micro
soft Exchange,CN=Services,CN=Co
Identity : SBS2008\Autodiscover (SBS Web Applications)
Guid : 44e425e7-4c44-449c-b5b1-4e
ObjectCategory : domain.local/Configuration
-Auto-Discover-Virtual-Dir
ObjectClass : {top, msExchVirtualDirectory, msExchAutoDiscove
rVirtualDirectory}
WhenChanged : 2/1/2009 12:35:52 PM
WhenCreated : 1/26/2009 11:11:12 AM
OriginatingServer : SBS2008.domain.local
IsValid : True
[PS] C:\Windows\System32>get-ex
AccessRules : {System.Security.AccessCon
.Security.AccessControl.Cr
CertificateDomains : {SBS2008, SBS2008.domain.local, localhost}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=Default CA, C=US
NotAfter : 2/23/2015 8:21:21 AM
NotBefore : 2/24/2010 8:21:21 AM
PublicKeySize : 1024
RootCAType : Registry
SerialNumber : 4B45E1354302B3D5
Services : IMAP, POP
Status : Unknown
Subject : CN=SBS2008
Thumbprint : 555BB5941764036435016BE2D9
AccessRules : {System.Security.AccessCon
.Security.AccessControl.Cr
CertificateDomains : {SBS2008, SBS2008.domain.local, localhost}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=Default CA, C=US
NotAfter : 2/22/2015 5:06:54 PM
NotBefore : 2/23/2010 5:06:54 PM
PublicKeySize : 1024
RootCAType : Registry
SerialNumber : 27F8E5F54340DC948A
Services : IMAP, POP
Status : Unknown
Subject : CN=SBS2008
Thumbprint : CC3CED23450693CCDA00DBC2F0
AccessRules : {System.Security.AccessCon
.Security.AccessControl.Cr
CertificateDomains : {SBS2008.domain.local}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=domain-SBS2008-CA
NotAfter : 12/15/2010 11:35:23 AM
NotBefore : 12/15/2009 11:35:23 AM
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 20234569D5000000000008
Services : IMAP, POP
Status : Valid
Subject : CN=SBS2008.domain.local
Thumbprint : 42A5903A4DEE02483223AD874A
AccessRules : {System.Security.AccessCon
.Security.AccessControl.Cr
ty.AccessControl.CryptoKey
CertificateDomains : {remote.mydomain.com, mydomain.com, SBS2008.ca
litech-inc.local}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=domain-SBS2008-CA
NotAfter : 2/1/2011 12:25:31 PM
NotBefore : 2/1/2009 12:25:31 PM
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 1EC3254EF0023450000004
Services : IMAP, POP, IIS, SMTP
Status : Valid
Subject : CN=remote.mydomain.com
Thumbprint : BEA286207FAC8835D77899E43D
AccessRules : {System.Security.AccessCon
.Security.AccessControl.Cr
ty.AccessControl.CryptoKey
CertificateDomains : {Sites, SBS2008.domain.local}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=domain-SBS2008-CA
NotAfter : 1/26/2011 10:54:01 AM
NotBefore : 1/26/2009 10:54:01 AM
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 6103D7890000000002
Services : IMAP, POP, SMTP
Status : Valid
Subject : CN=Sites
Thumbprint : E3ADC273545FC1E824353EF0F6
AccessRules : {System.Security.AccessCon
.Security.AccessControl.Cr
CertificateDomains : {domain-SBS2008-CA}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=domain-SBS2008-CA
NotAfter : 1/26/2014 11:03:26 AM
NotBefore : 1/26/2009 10:53:26 AM
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 741A116EED30D596423452928A
Services : None
Status : Valid
Subject : CN=domain-SBS2008-CA
Thumbprint : 742C288D702AAACFCB83451A37
AccessRules : {System.Security.AccessCon
.Security.AccessControl.Cr
CertificateDomains : {WMSvc-WIN-SNRV23P3O51}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=WMSvc-WIN-SNRV23P3O51
NotAfter : 1/24/2019 10:19:01 AM
NotBefore : 1/26/2009 10:19:01 AM
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 468D57S9699EFAB48d87F56AF6
Services : None
Status : Valid
Subject : CN=WMSvc-WIN-SNRV23P3O51
Thumbprint : F692C6561C5910204761F725F0
[PS] C:\Windows\System32>
when you ping remote.domain.com - do you get the LAN IP of SBS server - or a external IP ?
did you buy a UCC/SAN cert from godaddy/digicert ?
these cert's look like they are issued by SBS
did you buy a UCC/SAN cert from godaddy/digicert ?
these cert's look like they are issued by SBS
ASKER
when i ping remote.domain.com I get the external ip.
I didn't purchase any cert for my server. I have been fine till now. I have been using the server one that gets created when you setup SBS.
I didn't purchase any cert for my server. I have been fine till now. I have been using the server one that gets created when you setup SBS.
What is your internal FQDN ?
Is it
SBS2008.domain.local
Is it
SBS2008.domain.local
ASKER
No, it really is my company name. I just replace my name to domain for this post.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I entered the following commands, now what? I tested Outlook and still was not able to get in.
Can I get a RapidSSL? http://www.ssl247.com/ssl-certificates/brands/rapidssl/
[PS] C:\Windows\System32>Get-Cl ientAccess Server | Set-ClientAccessServer -AutoDi
scoverServiceInternalUri:" https://SBS2008.domain.local/Autodiscover/Autodi
scover.xml"
[PS] C:\Windows\System32>Get-Au todiscover VirtualDir ectory | set-AutodiscoverVirt
ualDirectory -InternalUrl:"https://SBS2008.domain.local/Autodiscover/Autod
iscover.xml"
[PS] C:\Windows\System32>Get-Au todiscover VirtualDir ectory | set-AutodiscoverVirt
ualDirectory -ExternalUrl:"https://remote.mydomain.com/Autodiscover/Autodi
scover.xml"
WARNING: The command completed successfully but no settings of
'SBS2008\Autodiscover (SBS Web Applications)' have been modified.
[PS] C:\Windows\System32>
Can I get a RapidSSL? http://www.ssl247.com/ssl-certificates/brands/rapidssl/
[PS] C:\Windows\System32>Get-Cl
scoverServiceInternalUri:"
scover.xml"
[PS] C:\Windows\System32>Get-Au
ualDirectory -InternalUrl:"https://SBS2008.domain.local/Autodiscover/Autod
iscover.xml"
[PS] C:\Windows\System32>Get-Au
ualDirectory -ExternalUrl:"https://remote.mydomain.com/Autodiscover/Autodi
scover.xml"
WARNING: The command completed successfully but no settings of
'SBS2008\Autodiscover (SBS Web Applications)' have been modified.
[PS] C:\Windows\System32>
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I guess I need to buy a cert for this to work
Also please post the output of this from Exchange shell
Run this from SBS
get-clientaccessserver | fl
get-autodiscovervirtualdir
get-exchangecertificate | fl
did you purchase a UCC/SAN cert and installed it on SBS ?
thanks