Solved

Problem with outlook anywhere.

Posted on 2010-11-10
21
489 Views
Last Modified: 2012-05-10
I have a problem with outlook anywhere:
when I use this setting from MS Oulook:
        Tick: Connect using SSL only
                Tick: Only connect to proxy servers that ........

---> I can't connect to the exchange server using outlook anywhere

But when I use this setting:
      Untick: Connect using SSL only
                Untick: Only connect to proxy servers that ........
I can connect to the Exchange Server as welll.


The problem: when I stay at my company, MS Oulook synchronize automatically setting with the Exchange Server, so when I set Untick, it changes to Tick automatically, so when I bring my computer to outside, I have to untick them again.
How can I solve this problem?

 

0
Comment
Question by:JameMeck
  • 11
  • 9
21 Comments
 
LVL 49

Expert Comment

by:Akhater
ID: 34100668
you should fix the core of the problem

are you using a wildcart * certificate ?

0
 

Author Comment

by:JameMeck
ID: 34100742
I have Certificate with my Exchange server, I am using Netscreen Firewall.
Can you explain to me more detail?

Thanks!
0
 
LVL 49

Expert Comment

by:Akhater
ID: 34100751
the problem is because the URL you are using to access outlook anywhere is not the same as the CN of your certificate


what is the CN of your certificate ? and what is the url u use to access your RPC/HTTP
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 

Author Comment

by:JameMeck
ID: 34100809
The CN = SRV03, the address when I public outlook anywhere is: mail.mydomain.com.

Thanks!
0
 
LVL 49

Expert Comment

by:Akhater
ID: 34100826
ok so that's the issue...

is it an internal certificate or you bought it ?

can you just issue a new one or rekey it is cn=mail.mydomain.com ?
0
 

Author Comment

by:JameMeck
ID: 34100866
Can I do a more simple action: change outlook anywhere to srv03.mydomain.com + and from domain control panel of ISP, I will point srv03.mydomain.com to my Exchange server?
0
 
LVL 49

Expert Comment

by:Akhater
ID: 34100880
your CN=srv03 and not CN=srv03.mydomain.com

right ?

if so then it won't work


if you can't rekey the certificate (Which is the proper thing to do) try


Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:srv03


0
 

Author Comment

by:JameMeck
ID: 34100930
I ran your command, but there is nothing happened, when I open MS outlook, a message appear, please take a look the picture below.

Thanks!
Untitled.png
0
 
LVL 49

Expert Comment

by:Akhater
ID: 34100943
then the CN of your certificate is not srv03

is there anyway you can give me the URL of webmail.domain.com to see the certificate?




to undo

Set-OutlookProvider -Identity EXPR -CertPrincipalName $null

0
 

Author Comment

by:JameMeck
ID: 34100981
I got CN by this command: Get-ExchangeCertificate -domain "SRV03.mydomain.com" | fl, and sure the CN is SRV03
, and the address when I public the outlook anywhere is: mail.mydomain.com

I don't think I have mistake here.
Does it spend time for your command? I mean, do I have to wait some minutes?

Thank you very mch!
0
 
LVL 49

Expert Comment

by:Akhater
ID: 34100991
Please run this will disable the msstd

Set-OutlookProvider EXPR -Server $null -CertPrincipalName none
0
 

Author Comment

by:JameMeck
ID: 34100994
Please take a look this:



[PS] C:\Documents and Settings\Administrator.Local>Get-ExchangeCertificate -d
main "SRV03.mydomain.com" | fl


AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
                     ssControl.CryptoKeyAccessRule}
CertificateDomains : {SRV03, SRV03.mydomain.com}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=SRV03
NotAfter           : 9/17/2015 12:41:58 PM
NotBefore          : 9/17/2010 12:41:58 PM
PublicKeySize      : 2048
RootCAType         : GroupPolicy
SerialNumber       : F25E63CCD4F1C6934856BBCAD1DBA700
Services           : IMAP, POP, IIS, SMTP
Status             : Valid
Subject            : CN=SRV03
Thumbprint         : 5E0A83733FC1350DE4210A41FC1B71F38BE12733

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
                     ssControl.CryptoKeyAccessRule}
CertificateDomains : {SRV03, SRV03.mydomain.com}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=SRV03
NotAfter           : 9/17/2015 12:41:23 PM
NotBefore          : 9/17/2010 12:41:23 PM
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 337B1A5943C1C0AB4AA57EE4F26D8CFD
Services           : IMAP, POP, SMTP
Status             : Valid
Subject            : CN=SRV03
Thumbprint         : F9DA37AC684C479F590358B7FC26635478A69944
0
 
LVL 49

Expert Comment

by:Akhater
ID: 34101014
yes the CN is srv03 however you have no where mail.mydomain.com.... how was it working to start with without the certificate warnign
0
 

Author Comment

by:JameMeck
ID: 34101021
Thank you very much Akhater!

How can I disable "Connect using SSL only"?

0
 
LVL 49

Expert Comment

by:Akhater
ID: 34101022
Please run this will disable the msstd

Set-OutlookProvider EXPR -Server $null -CertPrincipalName none
0
 
LVL 49

Expert Comment

by:Akhater
ID: 34101027
why would you want to do this ?

I don't think it is possible
0
 

Author Comment

by:JameMeck
ID: 34101090
I don't know why.
But if the "Connect using SSL only" and "msstd" are checked, I can't connect to the server.
When they are unchecked, I can connect to the server using outlook any where.
I have done your command, the msstd has been changed to "none", but the checkbox is checked.
0
 
LVL 49

Accepted Solution

by:
Akhater earned 500 total points
ID: 34101134
i don't want to be rude but you are trying to find a quick-fix to the problem.
the correct way is to fix your URLs and your certificates so that it all matches.


1. can you add in your external DNS srv03.mydomain.com to poin to the ip of mail.mydomin.com ?

if so do it and try again with srv03.mydomain.com in the settings with the Connect using SSL only checked and see if it works


0
 

Author Comment

by:JameMeck
ID: 34101156
OK OK,
I will try and post result as soon as possible.
Thank you very much for your help!
0
 
LVL 49

Expert Comment

by:Akhater
ID: 34101187
if it doesn't work just update this question.

if you decide to open another question on this matter do update this thread with a link so i can follow up

0
 
LVL 3

Expert Comment

by:thetime
ID: 34101189
You seem to be misunderstanding Akhater and in general how Outlook anywhere works.

In order for the outlook anywhere to work you have to have the correct names listed on your certificate.
From my experience you cannot use Outlook Anywhere without a SSL connection. the sertificate you need is a SAN which should have the following set of names on it:

domain.com
autodiscover.domain.com
server.localdomain.local
servername

(Can someone just double check these names for me please)

Then the tick box you have to disable each time is not a problem anymore.
Fix the problem, don't create a new one by adding a quick fix to a existing problem.

SAN certs can be bought through godaddy.com.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange 2013 POP3 2 32
Exchange 2010 - Default Receive Connector 2 32
How does user access Outlook on-premise archive on Exchange server 17 36
outlook calendar 2 24
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
When you have clients or friends from around the world, it becomes a challenge to arrange a meeting or effectively manage your time. This is where Outlook's capability to show 2 time zones in one calendar comes in handy.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question