asked on

SBS 2008 Wrong Certificate with Outlook Anywhere

Hi all,

got an SBS2008 playing up. For a couple of weeks now, my remote users cannot connect to the SBS2008 using Outlook Anywhere.

The Exchange Account in Outlook is set as :
- Exchange Server : server.domain.local
- User Name : username
- Advanced - Connection Tab - Proxy settings
- URL : http://remote.domain.com
- Proxy : msstd:remote.domain.com

Open Outlook. Connection works.
Close Outlook - reopen Outlook : disconnected.
Check settings :
- Advanced - Connection Tab - Proxy settings
- URL : SERVER
- Proxy : msstd:SERVER

Now, why does it automatically change ? I went back to the SBS server, deleted the cert in the MMC console : \Local Computer\Personal\Certificates "remote.domain.com" then went to the SBS console and re-did the steps "Setup your Internet Address" then "Add certificate". Checked in IIS for the bindings and the certificate is correctly seleted...

Still. Outlook will revert to SERVER instead of remote.domain.com

Any clues ?

ASKER CERTIFIED SOLUTION

Cliff Galiher

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

DaBoags

ASKER

Mmh thanks Cliff, but I did that too. The odd thing is that one of the remote user has a Vista Home. He's not in the domain of course, and his Outlook Anywhere works just fine... (btw, when I said SERVER I meant the name of my server, which is CANCSBS, just didn't want to giveaway the real name...)

Looking at the following output, what do I need to change ? (server OS is in French, hope u can make sense of it all).

[PS] C:\Windows\system32>Get-WebServicesVirtualDirectory | Select name, *url* | fl


Name                 : EWS (SBS Web Applications)
InternalNLBBypassUrl : https://cancsbs.canc.local/ews/exchange.asmx
InternalUrl          : https://remote.canc.nc/EWS/Exchange.asmx
ExternalUrl          : https://remote.canc.nc/EWS/Exchange.asmx

Open in new window

[PS] C:\Windows\system32>Get-ClientAccessServer | Select Name, *Internal* | fl


Name                           : CANCSBS
AutoDiscoverServiceInternalUri : https://remote.canc.nc/Autodiscover/Autodiscover.xml

Open in new window

[PS] C:\Windows\system32>Test-OutlookWebServices | ft * -AutoSize -Wrap

  Id        Type Message
  --        ---- -------
1003 Information Test imminent d'AutoDiscover avec l'adresse de messagerie CANC
                 Admin@canc.nc.
1007 Information Serveur de test CANCSBS.canc.local avec le nom publié https://
                 remote.canc.nc/EWS/Exchange.asmx & https://remote.canc.nc/EWS/
                 Exchange.asmx.
1019 Information Point de connexion de service AutoDiscover valide trouvé. L'UR
                 L d'AutoDiscover sur cet objet est https://remote.canc.nc/Auto
                 discover/Autodiscover.xml.
1006 Information Service de découverte automatique contacté à https://remote.ca
                 nc.nc/Autodiscover/Autodiscover.xml.
1016     Success [EXCH]-Service AS contacté à https://remote.canc.nc/EWS/Exchan
                 ge.asmx. Le temps écoulé était de 656 millisecondes.
1015     Success [EXCH]-Service OAB contacté à https://remote.canc.nc/EWS/Excha
                 nge.asmx. Le temps écoulé était de 0 millisecondes.
1014     Success [EXCH]-Service UM contacté à https://remote.canc.nc/UnifiedMes
                 saging/Service.asmx. Le temps écoulé était de 46 millisecondes
                 .
1016     Success [EXPR]-Service AS contacté à https://remote.canc.nc/EWS/Exchan
                 ge.asmx. Le temps écoulé était de 15 millisecondes.
1015     Success [EXPR]-Service OAB contacté à https://remote.canc.nc/EWS/Exchange.asmx. Le temps écoulé était de 0 millisecondes.
1014     Success [EXPR]-Service UM contacté à https://remote.canc.nc/UnifiedMessaging/Service.asmx. Le temps écoulé était de 15 millisecondes
                 .
1013       Error Réception de l'erreur Le serveur a commis une violation de protocole. Section=ResponseStatusLine lors du contact de https://CANCSBS/Rpc.
1017       Error [EXPR]-Erreur lors du contact du service RPC/HTTP à https://CANCSBS/Rpc. Le temps écoulé était de 0 millisecondes.
1006     Success Le service de découverte automatique a été testé.
1021 Information Les services Web suivants ont généré des erreurs.  Contact du serveur : EXPR
Utilisez la sortie précédente pour diagnostiquer et corriger les erreurs.

Open in new window

DaBoags

ASKER

Okay, still no luck. Have run the Outlook test config (ctrl+outlook icon thingy) and the output is as attached. Note the "Certificate Principal Name" points to the NetBIOS name of my server, not the ecert. How do I change that ?

Protocol: Exchange HTTP
Server: CANCSBS
Login Name: Cadmin
SSL: Yes
Mutual Authentication: Yes
Availability Service URL: https://remote.canc.nc/EWS/Exchange.asmx
OOF URL: https://remote.canc.nc/EWS/Exchange.asmx
OAB URL: https://remote.canc.nc/OAB/02820a85-dff6-4f60-9b61-f0dfe3b533c2/
Unified Message Service URL: https://remote.canc.nc/UnifiedMessaging/Service.asmx
Auth Package: Unspecified
Certificate Principal Name: msstd:CANCSBS

Open in new window

DaBoags

ASKER

Got it :)

First in Exchange Management Shell run the command :

Get-OutlookProvider.

Mine displayed no value for the CertPrincipalName so I used :

Set-OutlookProvider -CertPrincipalname msstd:remote.canc.nc
and it asked me which identity I wanted to change, so I entered : WEB, then again the same command EXCH then again EXPR.

Now, back to Get-OutlookProvider
Name Server CertPrincipalName TTL
---- ------ ----------------- ---
EXCH CANCSBS msstd:remote.canc.nc 1
EXPR CANCSBS msstd:remote.canc.nc 1
WEB CANCSBS msstd:remote.canc.nc 1

Back to Outlook test config and : voila :)

DaBoags

ASKER

Thanks Cliff for pointing me to the right direction.