asked on
OWA / Outlook Anywhere (http over rpc) Certificate
Hi,
I recently purchased a UCC certificate from GoDaddy to service autodiscover.domain.com and mail.domain.com. (primarily for http over rpc from external).
I installed the certificate through certficate magament, and installed/enabled through exchange powershell. (Enable-exchangecertificate
All went on fine. I am now having issues with my setup, (primarily the services to which the certificates apply). When I apply to SMTP and IIS, Outlook Anywhere then works perfectly from remote devices but fails on OWA in the local domain (certificate error - names do not match - http://sites.owa is being serviced by mail.domain.com).
I have applied various my internal/ucc certificates to services, but something always fails. Any advice on how I should configure this so everything is serviced correctly. Maybe I should be looking at hosts files on my internal netwotk??
Many Thanks
Steven
I am running exchange 2007 SP2. Half of my internal network is using OWA as the main
I recently purchased a UCC certificate from GoDaddy to service autodiscover.domain.com and mail.domain.com. (primarily for http over rpc from external).
I installed the certificate through certficate magament, and installed/enabled through exchange powershell. (Enable-exchangecertificate
All went on fine. I am now having issues with my setup, (primarily the services to which the certificates apply). When I apply to SMTP and IIS, Outlook Anywhere then works perfectly from remote devices but fails on OWA in the local domain (certificate error - names do not match - http://sites.owa is being serviced by mail.domain.com).
I have applied various my internal/ucc certificates to services, but something always fails. Any advice on how I should configure this so everything is serviced correctly. Maybe I should be looking at hosts files on my internal netwotk??
Many Thanks
Steven
I am running exchange 2007 SP2. Half of my internal network is using OWA as the main
Windows Server 2008
Last Comment
noooodlez
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
That's fine - they will send the Administrator of the domain an email for approval - then you just click on the link in the email to approve and then they will re-issue the certificate.
Clients will access via whatever FQDN you have added to the certificate and that resolves in DNS to the IP Address of your server, as long as the configuration of the server is correct.
Clients will access via whatever FQDN you have added to the certificate and that resolves in DNS to the IP Address of your server, as long as the configuration of the server is correct.
Thx alanhardisty for giving him the right names.
*Assuming that all is well with the certificate, what address would my internal clients use to connect to my SBS sites? I assume that the default http://sites/owa and http://servername/owa would be in?
The http://servername/owa would be correct, not so sure about the other one.
The http://servername/owa would be correct, not so sure about the other one.
ASKER
Right, got my certificate, installed/repaired/enabled
Http over RPC works fine (without cert error)
OWA works fine (I had to change the URL we use to match the cert)
Outlook is now giving a certificate error (name mismatch), although SERVERNAME and SERVERNAME.domainname.com are valid alt names on my cert.
I'm further on than I was, only now the situation is worse as the warning message is now appearing on my MDs PC!!
Any more suggestions?
Many Thanks
Steven
Http over RPC works fine (without cert error)
OWA works fine (I had to change the URL we use to match the cert)
Outlook is now giving a certificate error (name mismatch), although SERVERNAME and SERVERNAME.domainname.com are valid alt names on my cert.
I'm further on than I was, only now the situation is worse as the warning message is now appearing on my MDs PC!!
Any more suggestions?
Many Thanks
Steven
Is this with locally configured Outlook clients?
If so, how are the clients configured?
If so, how are the clients configured?
ASKER
Yes, this is locally connecting clients. One more thing I have noted.
The certificate is failing because Outlook is attempting to connect to "sites" which is the cname that SBS 2008 sets up for accessing it's iis apps. This is not included in my certificate alt names.
The message comes up twice. Http over RPC is not configured on my connection and I have deleted my sharepoint lists,
The certificate is failing because Outlook is attempting to connect to "sites" which is the cname that SBS 2008 sets up for accessing it's iis apps. This is not included in my certificate alt names.
The message comes up twice. Http over RPC is not configured on my connection and I have deleted my sharepoint lists,
Your MD's PC. Does it it ever leave the office? (if he leaves it at the office don't use the HTTP/rpc methods just use your standard network)
Go to email accounts then edit the exchange accouts
go to more settings
go to enable proxy settings
URL to connect to proxy for exchange.
Is that one pointing to your "Sites" mentioned above or to "mail.domain.com"?
Is "Only connect to proxy server that have this principle name in their cert" ticked?
the principle name that you supply should look like this: "msstd:mail.domain.com"
Go to email accounts then edit the exchange accouts
go to more settings
go to enable proxy settings
URL to connect to proxy for exchange.
Is that one pointing to your "Sites" mentioned above or to "mail.domain.com"?
Is "Only connect to proxy server that have this principle name in their cert" ticked?
the principle name that you supply should look like this: "msstd:mail.domain.com"
ASKER
Hi, I may have sent you on a bit of a wild goose chase here. Every PC in the office the same, connecting directly to our exchange server (including my MD).
Http over rpc is not checked on any.
I suspect that exchange is delivering data linked over http somewhere (eg. http://sites/owa).
For the idiot over here (I do not profess to be an expert on certification), what is the relevance of msstd.xzxxxx.xxxxxx.com???
Http over rpc is not checked on any.
I suspect that exchange is delivering data linked over http somewhere (eg. http://sites/owa).
For the idiot over here (I do not profess to be an expert on certification), what is the relevance of msstd.xzxxxx.xxxxxx.com???
ok ... (just checking if I can post or not - seems to be a problem with submitting here))
It's "msstd:xxxx.xxxxxx.com" - see the colon.
More Information here about MSSTD
Author:saku99Date:16/05/1008:00 PMAccepted Solution
MSSTD stands for Microsoft Standard form, don't know why it works both ways but I've also noticed that, although I had some instances where outlook did not work without the prefix.
as a side note I had trouble remembering this stupid prefix so now I remember it as :
MicroSoft Sexually Transmitted Disease :)
More Information here about MSSTD
ASKER
OK, I'm going to create a new post on here as I think my original question was answered, the problems I am experiencing now are knock on problems.
You guys feel free to jump in on my new post if you think you can help me further.
Thanks for your time guys, I will distribute points between you accordingly.
You guys feel free to jump in on my new post if you think you can help me further.
Thanks for your time guys, I will distribute points between you accordingly.
I have the option of changing the alt names on my existing cert by managing it through the godaddy website, so dont think that re-keying will be necessary. I have added servername.domain.local and servername to my existing cert and am now awaiting it being issued (understandable they have a manual checking process).
I'm not sure that they will be happy to issue to just servername though as this could resolve to anywhere. I might just be being paranoid!!!?
I will report back when I know more.
Assuming that all is well with the certificate, what address would my internal clients use to connect to my SBS sites? I assume that the default http://sites/owa and http://servername/owa would be in?
Cheers