We help IT Professionals succeed at work.

OWA / Outlook Anywhere (http over rpc) Certificate

noooodlez
noooodlez asked
on
857 Views
Last Modified: 2012-05-10
Hi,
I recently purchased a UCC certificate from GoDaddy to service autodiscover.domain.com and mail.domain.com. (primarily for http over rpc from external).

I installed the certificate through certficate magament, and installed/enabled through exchange powershell. (Enable-exchangecertificate –services IIS, SMTP –thumbprint D75305BEF8175570EB6E03BA6FF4372D05ACE39F4

All went on fine. I am now having issues with my setup, (primarily the services to which the certificates apply). When I apply to SMTP and IIS, Outlook Anywhere then works perfectly from remote devices but fails on OWA in the local domain (certificate error - names do not match - http://sites.owa is being serviced by mail.domain.com).

I have applied various my internal/ucc certificates to services, but something always fails. Any advice on how I should configure this so everything is serviced correctly. Maybe I should be looking at hosts files on my internal netwotk??

Many Thanks
Steven

I am running exchange 2007 SP2. Half of my internal network is using OWA as the main
Comment
Watch Question

Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Thanks for the responses.

 I have the option of changing the alt names on my existing cert by managing it through the godaddy website, so dont think that re-keying will be necessary. I have added servername.domain.local and servername to my existing cert and am now awaiting it being issued (understandable they have a manual checking process).

I'm not sure that they will be happy to issue to just servername though as this could resolve to anywhere. I might just be being paranoid!!!?
I will report back when I know more.
Assuming that all is well with the certificate, what address would my internal clients use to connect to my SBS sites? I assume that the default http://sites/owa and http://servername/owa would be in?
Cheers
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
That's fine - they will send the Administrator of the domain an email for approval - then you just click on the link in the email to approve and then they will re-issue the certificate.
Clients will access via whatever FQDN you have added to the certificate and that resolves in DNS to the IP Address of your server, as long as the configuration of the server is correct.

Commented:
Thx alanhardisty for giving him the right names.

Commented:
*Assuming that all is well with the certificate, what address would my  internal clients use to connect to my SBS sites? I assume that the  default http://sites/owa and http://servername/owa would be in?

The http://servername/owa would be correct, not so sure about the other one.

Author

Commented:
Right, got my certificate, installed/repaired/enabled my certificate throgh exchange powershell.

Http over RPC works fine (without cert error)
OWA works fine (I had to change the URL we use to match the cert)

Outlook is now giving a certificate error (name mismatch), although SERVERNAME and SERVERNAME.domainname.com are valid alt names on my cert.

I'm further on than I was, only now the situation is worse as the warning message is now appearing on my MDs PC!!

Any more suggestions?

Many Thanks
Steven
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
Is this with locally configured Outlook clients?

If so, how are the clients configured?

Author

Commented:
Yes, this is locally connecting clients. One more thing I have noted.

The certificate is failing because Outlook is attempting to connect to "sites" which is the cname that SBS 2008 sets up for accessing it's iis apps. This is not included in my certificate alt names.

The message comes up twice. Http over RPC is not configured on my connection and I have deleted my sharepoint lists,

Commented:
Your MD's PC. Does it it ever leave the office? (if he leaves it at the office don't use the HTTP/rpc methods just use your standard network)

Go to email accounts then edit the exchange accouts
go to more settings
go to enable proxy settings

URL to connect to proxy for exchange.

Is that one pointing to your "Sites" mentioned above or to "mail.domain.com"?
Is "Only connect to proxy server that have this principle name in their cert" ticked?
the principle name that you supply should look like this: "msstd:mail.domain.com"

Author

Commented:
Hi, I may have sent you on a bit of a wild goose chase here. Every PC in the office the same, connecting directly to our exchange server (including my MD).

Http over rpc is not checked on any.

I suspect that exchange is delivering data linked over http somewhere (eg. http://sites/owa).

For the idiot over here (I do not profess to be an expert on certification), what is the relevance of msstd.xzxxxx.xxxxxx.com???

Commented:
ok ... (just checking if I can post or not - seems to be a problem with submitting here))

Commented:
It's "msstd:xxxx.xxxxxx.com" - see the colon.


Author:saku99Date:16/05/10 08:00 PMAccepted Solution

MSSTD stands for Microsoft Standard form, don't know why it works both ways but I've also noticed that, although I had some instances where outlook did not work without the prefix.

as a side note I had trouble remembering this stupid prefix so now I remember it as :

MicroSoft Sexually Transmitted Disease :)




More Information here about MSSTD

Author

Commented:
OK, I'm going to create a new post on here as I think my original question was answered, the problems I am experiencing now are knock on problems.

You guys feel free to jump in on my new post if you think you can help me further.

Thanks for your time guys, I will distribute points between you accordingly.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.