Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

sbs 2008 Exchange 2007 / Outlook 2010 security error

Posted on 2010-09-19
15
Medium Priority
?
811 Views
Last Modified: 2012-06-27
Hello,

i've fixed the security error when starting outlook 2007/2010 on my terminal server users which states that the hostname doesnt match by using the instructions on http://support.microsoft.com/kb/981954.
The problem is now when the users start outlook it gives another ssl security error which states that the CA is not trusted.
After adding the certificate theres no problem, but each user on the terminal server needs to do it.
Is it possible to import the root or using certutil to import it by using scripts?
0
Comment
Question by:penthese
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 6
15 Comments
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 33712199
is the SBS Self signed cert...or a 3rd party cert?
0
 

Author Comment

by:penthese
ID: 33712257
this is a sbs self signed cert, signed using the certsrv.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 33712343
Just to be clear...did you just create the certificate by running the Setup Your Internet Address wizard, or some other method?
 
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:penthese
ID: 33712353
i've created it first by using the wizard from SBS, but it only had 1 address in it.
So i got the hostname mismatch error after that.
To fix this issue i've created and assigned a self signed certificate by using certsrv with multiple hostnames in it and used exchange shell to apply it.
The hostname issue is gone now, but now the first warning appears with ca not trusted.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 33712400
what is the host name supposed to be?
0
 

Author Comment

by:penthese
ID: 33712638
It was remote.testdomain.local
now i've also added srv-sbs2008.testdomain.local and srv-sbs2008 to it by creating a new cert from the certsrv sa.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 33712642
Can you manually import the cert into the profile on the TS?  does that resolve the issue?
0
 

Author Comment

by:penthese
ID: 33712799
Yes that works, when i import it the it wont bother the user again when starting Outlook. Thats why i want to automate this process in the logon script somehow.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 33712868
This strikes me that somehow the TS was not joined to the domain properly OR is not in the right OU within Active Directory or it should be picking up the cert without any further action.
What OU is the TS Server in?   I am not aware of a way to programmatically add the cert during the logon process.
0
 

Author Comment

by:penthese
ID: 33716556
The server has been joined to the ad domain and the computer account is active in the ad. It is in a newly created ou which is a child of the domain tree. I thought of using certutil to add it, do you have any experience with it?
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 33717391
I have no experience with certutil
The TS server should be in the MyBusiness\SBSServers OU or some sub OU of that so that all GP's for the SBS domain can apply.  This might be part of the issue.
0
 

Author Comment

by:penthese
ID: 33734890
Hello ChrisHanna,

thanks for your help so far, i¿ going to try that tonight and will update you.
0
 

Author Comment

by:penthese
ID: 33766296
Just tried it, nothing worked.
0
 

Accepted Solution

by:
penthese earned 0 total points
ID: 33766392
Found a solution for this issue by exporting the cert from the sbs2008 ca and installing it in the trusted authors on the terminal server. The outlook security errors are gone now by all users.
0
 

Author Closing Comment

by:penthese
ID: 34505794
Last comment was the solution.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question