sbs 2008 Exchange 2007 / Outlook 2010 security error
Hello,
i've fixed the security error when starting outlook 2007/2010 on my terminal server users which states that the hostname doesnt match by using the instructions on http://support.microsoft.com/kb/981954.
The problem is now when the users start outlook it gives another ssl security error which states that the CA is not trusted.
After adding the certificate theres no problem, but each user on the terminal server needs to do it.
Is it possible to import the root or using certutil to import it by using scripts?
i've fixed the security error when starting outlook 2007/2010 on my terminal server users which states that the hostname doesnt match by using the instructions on http://support.microsoft.com/kb/981954.
The problem is now when the users start outlook it gives another ssl security error which states that the CA is not trusted.
After adding the certificate theres no problem, but each user on the terminal server needs to do it.
Is it possible to import the root or using certutil to import it by using scripts?
Cris Hanna
is the SBS Self signed cert...or a 3rd party cert?
ASKER
this is a sbs self signed cert, signed using the certsrv.
Just to be clear...did you just create the certificate by running the Setup Your Internet Address wizard, or some other method?
ASKER
i've created it first by using the wizard from SBS, but it only had 1 address in it.
So i got the hostname mismatch error after that.
To fix this issue i've created and assigned a self signed certificate by using certsrv with multiple hostnames in it and used exchange shell to apply it.
The hostname issue is gone now, but now the first warning appears with ca not trusted.
So i got the hostname mismatch error after that.
To fix this issue i've created and assigned a self signed certificate by using certsrv with multiple hostnames in it and used exchange shell to apply it.
The hostname issue is gone now, but now the first warning appears with ca not trusted.
what is the host name supposed to be?
ASKER
It was remote.testdomain.local
now i've also added srv-sbs2008.testdomain.loc
now i've also added srv-sbs2008.testdomain.loc
Can you manually import the cert into the profile on the TS? does that resolve the issue?
ASKER
Yes that works, when i import it the it wont bother the user again when starting Outlook. Thats why i want to automate this process in the logon script somehow.
This strikes me that somehow the TS was not joined to the domain properly OR is not in the right OU within Active Directory or it should be picking up the cert without any further action.
What OU is the TS Server in? I am not aware of a way to programmatically add the cert during the logon process.
What OU is the TS Server in? I am not aware of a way to programmatically add the cert during the logon process.
ASKER
The server has been joined to the ad domain and the computer account is active in the ad. It is in a newly created ou which is a child of the domain tree. I thought of using certutil to add it, do you have any experience with it?
I have no experience with certutil
The TS server should be in the MyBusiness\SBSServers OU or some sub OU of that so that all GP's for the SBS domain can apply. This might be part of the issue.
The TS server should be in the MyBusiness\SBSServers OU or some sub OU of that so that all GP's for the SBS domain can apply. This might be part of the issue.
ASKER
Hello ChrisHanna,
thanks for your help so far, i¿ going to try that tonight and will update you.
thanks for your help so far, i¿ going to try that tonight and will update you.
ASKER
Just tried it, nothing worked.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Last comment was the solution.