Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

SBS 2008 Wrong Certificate with Outlook Anywhere

Posted on 2011-02-19
5
Medium Priority
?
1,498 Views
Last Modified: 2012-05-11
Hi all,

got an SBS2008 playing up.  For a couple of weeks now, my remote users cannot connect to the SBS2008 using Outlook Anywhere.

The Exchange Account in Outlook is set as :
- Exchange Server : server.domain.local
- User Name : username
- Advanced - Connection Tab - Proxy settings
- URL : http://remote.domain.com
- Proxy : msstd:remote.domain.com

Open Outlook. Connection works.
Close Outlook - reopen Outlook : disconnected.
Check settings :
-  Advanced - Connection Tab - Proxy settings
- URL : SERVER
- Proxy : msstd:SERVER

Now, why does it automatically change ? I went back to the SBS server, deleted the cert in the MMC console : \Local Computer\Personal\Certificates "remote.domain.com" then went to the SBS console and re-did the steps "Setup your Internet Address" then "Add certificate".  Checked in IIS for the bindings and the certificate is correctly seleted...  

Still.  Outlook will revert to SERVER instead of remote.domain.com

Any clues ?
0
Comment
Question by:DaBoags
  • 4
5 Comments
 
LVL 59

Accepted Solution

by:
Cliff Galiher earned 1500 total points
ID: 34935235
This isn't a certificate issue. This is controlled by a service called autodiscover. Your external URLs are wrong in exchange so autodiscover is sending the wrong settings to outlook. "SERVER" is the generic default before the SBS setup is completed. Running te combination of te Internet address management wizard (IAMW) and the fix my network wizard (FMNW) from te SBS console will resolve the issue.

-Cliff
0
 

Author Comment

by:DaBoags
ID: 34935302
Mmh thanks Cliff, but I did that too.  The odd thing is that one of the remote user has a Vista Home. He's not in the domain of course, and his Outlook Anywhere works just fine...  (btw, when I said SERVER I meant the name of my server, which is CANCSBS, just didn't want to giveaway the real name...)

Looking at the following output, what do I need to change ? (server OS is in French, hope u can make sense of it all).
[PS] C:\Windows\system32>Get-WebServicesVirtualDirectory | Select name, *url* | fl


Name                 : EWS (SBS Web Applications)
InternalNLBBypassUrl : https://cancsbs.canc.local/ews/exchange.asmx
InternalUrl          : https://remote.canc.nc/EWS/Exchange.asmx
ExternalUrl          : https://remote.canc.nc/EWS/Exchange.asmx

Open in new window

[PS] C:\Windows\system32>Get-ClientAccessServer | Select Name, *Internal* | fl


Name                           : CANCSBS
AutoDiscoverServiceInternalUri : https://remote.canc.nc/Autodiscover/Autodiscover.xml

Open in new window

[PS] C:\Windows\system32>Test-OutlookWebServices | ft * -AutoSize -Wrap

  Id        Type Message
  --        ---- -------
1003 Information Test imminent d'AutoDiscover avec l'adresse de messagerie CANC
                 Admin@canc.nc.
1007 Information Serveur de test CANCSBS.canc.local avec le nom publié https://
                 remote.canc.nc/EWS/Exchange.asmx & https://remote.canc.nc/EWS/
                 Exchange.asmx.
1019 Information Point de connexion de service AutoDiscover valide trouvé. L'UR
                 L d'AutoDiscover sur cet objet est https://remote.canc.nc/Auto
                 discover/Autodiscover.xml.
1006 Information Service de découverte automatique contacté à https://remote.ca
                 nc.nc/Autodiscover/Autodiscover.xml.
1016     Success [EXCH]-Service AS contacté à https://remote.canc.nc/EWS/Exchan
                 ge.asmx. Le temps écoulé était de 656 millisecondes.
1015     Success [EXCH]-Service OAB contacté à https://remote.canc.nc/EWS/Excha
                 nge.asmx. Le temps écoulé était de 0 millisecondes.
1014     Success [EXCH]-Service UM contacté à https://remote.canc.nc/UnifiedMes
                 saging/Service.asmx. Le temps écoulé était de 46 millisecondes
                 .
1016     Success [EXPR]-Service AS contacté à https://remote.canc.nc/EWS/Exchan
                 ge.asmx. Le temps écoulé était de 15 millisecondes.
1015     Success [EXPR]-Service OAB contacté à https://remote.canc.nc/EWS/Exchange.asmx. Le temps écoulé était de 0 millisecondes.
1014     Success [EXPR]-Service UM contacté à https://remote.canc.nc/UnifiedMessaging/Service.asmx. Le temps écoulé était de 15 millisecondes
                 .
1013       Error Réception de l'erreur Le serveur a commis une violation de protocole. Section=ResponseStatusLine lors du contact de https://CANCSBS/Rpc.
1017       Error [EXPR]-Erreur lors du contact du service RPC/HTTP à https://CANCSBS/Rpc. Le temps écoulé était de 0 millisecondes.
1006     Success Le service de découverte automatique a été testé.
1021 Information Les services Web suivants ont généré des erreurs.  Contact du serveur : EXPR
Utilisez la sortie précédente pour diagnostiquer et corriger les erreurs.

Open in new window

0
 

Author Comment

by:DaBoags
ID: 34939025
Okay, still no luck.  Have run the Outlook test config (ctrl+outlook icon thingy) and the output is as attached.  Note the "Certificate Principal Name" points to the NetBIOS name of my server, not the ecert.  How do I change that ?
Protocol: Exchange HTTP
Server: CANCSBS
Login Name: Cadmin
SSL: Yes
Mutual Authentication: Yes
Availability Service URL: https://remote.canc.nc/EWS/Exchange.asmx
OOF URL: https://remote.canc.nc/EWS/Exchange.asmx
OAB URL: https://remote.canc.nc/OAB/02820a85-dff6-4f60-9b61-f0dfe3b533c2/
Unified Message Service URL: https://remote.canc.nc/UnifiedMessaging/Service.asmx
Auth Package: Unspecified
Certificate Principal Name: msstd:CANCSBS

Open in new window

0
 

Author Comment

by:DaBoags
ID: 34939077
Got it :)

First in Exchange Management Shell run the command :

Get-OutlookProvider.

Mine displayed no value for the CertPrincipalName so I used :

Set-OutlookProvider -CertPrincipalname msstd:remote.canc.nc
and it asked me which identity I wanted to change, so I entered : WEB, then again the same command EXCH then again EXPR.

Now, back to Get-OutlookProvider
Name                Server              CertPrincipalName   TTL
----                ------              -----------------   ---
EXCH                CANCSBS             msstd:remote.canc.nc 1
EXPR                CANCSBS             msstd:remote.canc.nc 1
WEB                 CANCSBS             msstd:remote.canc.nc 1


Back to Outlook test config and : voila :)
0
 

Author Closing Comment

by:DaBoags
ID: 34939117
Thanks Cliff for pointing me to the right direction.
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question