Avatar of JameMeck
JameMeckFlag for United States of America asked on

Problem with outlook anywhere.

I have a problem with outlook anywhere:
when I use this setting from MS Oulook:
        Tick: Connect using SSL only
                Tick: Only connect to proxy servers that ........

---> I can't connect to the exchange server using outlook anywhere

But when I use this setting:
      Untick: Connect using SSL only
                Untick: Only connect to proxy servers that ........
I can connect to the Exchange Server as welll.


The problem: when I stay at my company, MS Oulook synchronize automatically setting with the Exchange Server, so when I set Untick, it changes to Tick automatically, so when I bring my computer to outside, I have to untick them again.
How can I solve this problem?

 

ExchangeOutlook

Avatar of undefined
Last Comment
thetime

8/22/2022 - Mon
Akhater

you should fix the core of the problem

are you using a wildcart * certificate ?

ASKER
JameMeck

I have Certificate with my Exchange server, I am using Netscreen Firewall.
Can you explain to me more detail?

Thanks!
Akhater

the problem is because the URL you are using to access outlook anywhere is not the same as the CN of your certificate


what is the CN of your certificate ? and what is the url u use to access your RPC/HTTP
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
ASKER
JameMeck

The CN = SRV03, the address when I public outlook anywhere is: mail.mydomain.com.

Thanks!
Akhater

ok so that's the issue...

is it an internal certificate or you bought it ?

can you just issue a new one or rekey it is cn=mail.mydomain.com ?
ASKER
JameMeck

Can I do a more simple action: change outlook anywhere to srv03.mydomain.com + and from domain control panel of ISP, I will point srv03.mydomain.com to my Exchange server?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Akhater

your CN=srv03 and not CN=srv03.mydomain.com

right ?

if so then it won't work


if you can't rekey the certificate (Which is the proper thing to do) try


Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:srv03


ASKER
JameMeck

I ran your command, but there is nothing happened, when I open MS outlook, a message appear, please take a look the picture below.

Thanks!
Untitled.png
Akhater

then the CN of your certificate is not srv03

is there anyway you can give me the URL of webmail.domain.com to see the certificate?




to undo

Set-OutlookProvider -Identity EXPR -CertPrincipalName $null

Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
ASKER
JameMeck

I got CN by this command: Get-ExchangeCertificate -domain "SRV03.mydomain.com" | fl, and sure the CN is SRV03
, and the address when I public the outlook anywhere is: mail.mydomain.com

I don't think I have mistake here.
Does it spend time for your command? I mean, do I have to wait some minutes?

Thank you very mch!
Akhater

Please run this will disable the msstd

Set-OutlookProvider EXPR -Server $null -CertPrincipalName none
ASKER
JameMeck

Please take a look this:



[PS] C:\Documents and Settings\Administrator.Local>Get-ExchangeCertificate -d
main "SRV03.mydomain.com" | fl


AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
                     ssControl.CryptoKeyAccessRule}
CertificateDomains : {SRV03, SRV03.mydomain.com}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=SRV03
NotAfter           : 9/17/2015 12:41:58 PM
NotBefore          : 9/17/2010 12:41:58 PM
PublicKeySize      : 2048
RootCAType         : GroupPolicy
SerialNumber       : F25E63CCD4F1C6934856BBCAD1DBA700
Services           : IMAP, POP, IIS, SMTP
Status             : Valid
Subject            : CN=SRV03
Thumbprint         : 5E0A83733FC1350DE4210A41FC1B71F38BE12733

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
                     ssControl.CryptoKeyAccessRule}
CertificateDomains : {SRV03, SRV03.mydomain.com}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=SRV03
NotAfter           : 9/17/2015 12:41:23 PM
NotBefore          : 9/17/2010 12:41:23 PM
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 337B1A5943C1C0AB4AA57EE4F26D8CFD
Services           : IMAP, POP, SMTP
Status             : Valid
Subject            : CN=SRV03
Thumbprint         : F9DA37AC684C479F590358B7FC26635478A69944
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Akhater

yes the CN is srv03 however you have no where mail.mydomain.com.... how was it working to start with without the certificate warnign
ASKER
JameMeck

Thank you very much Akhater!

How can I disable "Connect using SSL only"?

Akhater

Please run this will disable the msstd

Set-OutlookProvider EXPR -Server $null -CertPrincipalName none
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
Akhater

why would you want to do this ?

I don't think it is possible
ASKER
JameMeck

I don't know why.
But if the "Connect using SSL only" and "msstd" are checked, I can't connect to the server.
When they are unchecked, I can connect to the server using outlook any where.
I have done your command, the msstd has been changed to "none", but the checkbox is checked.
ASKER CERTIFIED SOLUTION
Akhater

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
JameMeck

OK OK,
I will try and post result as soon as possible.
Thank you very much for your help!
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Akhater

if it doesn't work just update this question.

if you decide to open another question on this matter do update this thread with a link so i can follow up

thetime

You seem to be misunderstanding Akhater and in general how Outlook anywhere works.

In order for the outlook anywhere to work you have to have the correct names listed on your certificate.
From my experience you cannot use Outlook Anywhere without a SSL connection. the sertificate you need is a SAN which should have the following set of names on it:

domain.com
autodiscover.domain.com
server.localdomain.local
servername

(Can someone just double check these names for me please)

Then the tick box you have to disable each time is not a problem anymore.
Fix the problem, don't create a new one by adding a quick fix to a existing problem.

SAN certs can be bought through godaddy.com.