Outlook 2007 Cert/RPC over HTTP issue

The sales team at a client’s company are using RPC over HTTP in outlook 2007 to connect to their emails from home. In outlook 2003 this always has and still does work fine. However they are now getting a certificate error (attached)
The interesting this is this is only happening in this version of outlook for machines that are attached to the corporate domain. If the machine is in a workgroup there is no issue.
The MSSTD proxy is set to the CN of the certificate but still we are getting errors. Short of turning the proxy feature off within exchange I am out of ideas. Any help would be much appreciated.
 Certificate Error
lil_danAsked:
Who is Participating?
 
endital1097Connect With a Mentor Commented:
also post the results from
get-outlookprovider expr | fl

server and certprincipalname should both be blank
if either are not run

set-outlookprovider expr -server $null -certprincipalname $null
0
 
e_aravindCommented:
0
 
lil_danAuthor Commented:
mail.pensionsfirst.com is working from the internet and internally, im not sure you are meant to hit a page when browsing to rpcproxy.dll are you?
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
lil_danAuthor Commented:
Actually when browsing the dll it prompts for a username and password and authenticates successfully using corporate username and pw combination - both internet and internal.  
0
 
e_aravindCommented:
Just curious, if you run
Set-OutlookProvider -Identity EXPR none

Note: its not $null but none and try to repair the OL2k7 profiles ...then test against the exchange server
0
 
lil_danAuthor Commented:
The results from the article are as follows

Get-ExchangeCertificate | where { $_.Services.ToString(
).Contains("IIS") -eq $true } | fl Cert*


CertificateDomains : {ftp.pensionsfirst.com, mail.pensionsfirst.com}
CertificateRequest :

Get-ClientAccessServer uklonsvrex1 | fl AutoDiscoverSer
viceInternalUri


AutoDiscoverServiceInternalUri : https://mail.pensionsfirst.com/autodiscover/au
                                 todiscover.xml


Get-WebServicesVirtualDirectory | fl *Url


InternalNLBBypassUrl : https://uklonsvrex1.corp.pf.com/ews/exchange.asmx
InternalUrl          : https://mail.pensionsfirst.com/ews/exchange.asmx
ExternalUrl          :

Get-OabVirtualDirectory | fl *Url


InternalUrl : http://uklonsvrex1.corp.pf.com/OAB
ExternalUrl :


Get-AutodiscoverVirtualDirectory | fl *Url


InternalUrl :
ExternalUrl :


Get-OutlookAnywhere | fl External*


ExternalHostname : mail.pensionsfirst.com

Unfortunatley the Set-OutlookProvider -Identity EXPR none
 returns:

Set-OutlookProvider : A parameter cannot be found that matches parameter name '
none'.
At line:1 char:20
+ Set-OutlookProvider  <<<< -Identity EXPR none

and Set-OutlookProvider -Identity EXPR returns

WARNING: The command completed successfully but no settings of 'EXPR' have been
 modified.

either way its not working still. Thanks for your help so far - any further assistance would be really appreciated! :)

0
 
endital1097Commented:
you need to update your oab vdir

set-oabvirtualdirectory oab* -InternalUrl https://mail.pensionsfirst.com/oab
0
 
lil_danAuthor Commented:
@endital1097 - Should the cert pincipal name not be that of the cert with a prefix of msstd: ?
This means i can tick the "only connect to proxy servers with this principal name" box in outlook, ensuring the security of the connection does it not?
msstd.jpg
0
 
endital1097Commented:
no, this certprincipalname value should be blank except for a few circumstances
your configuration does not require a value
0
 
lil_danAuthor Commented:
The solution is a work around that fixes the problem - the issue is it allows people to connect without selecting SSL proxy settings within outlook, which in turn creates a security risk. However if you are looking for quick fix this definitely works.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.