Solved

SBS 2008 Wrong Certificate with Outlook Anywhere

Posted on 2011-02-19
5
1,480 Views
Last Modified: 2012-05-11
Hi all,

got an SBS2008 playing up.  For a couple of weeks now, my remote users cannot connect to the SBS2008 using Outlook Anywhere.

The Exchange Account in Outlook is set as :
- Exchange Server : server.domain.local
- User Name : username
- Advanced - Connection Tab - Proxy settings
- URL : http://remote.domain.com
- Proxy : msstd:remote.domain.com

Open Outlook. Connection works.
Close Outlook - reopen Outlook : disconnected.
Check settings :
-  Advanced - Connection Tab - Proxy settings
- URL : SERVER
- Proxy : msstd:SERVER

Now, why does it automatically change ? I went back to the SBS server, deleted the cert in the MMC console : \Local Computer\Personal\Certificates "remote.domain.com" then went to the SBS console and re-did the steps "Setup your Internet Address" then "Add certificate".  Checked in IIS for the bindings and the certificate is correctly seleted...  

Still.  Outlook will revert to SERVER instead of remote.domain.com

Any clues ?
0
Comment
Question by:DaBoags
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
5 Comments
 
LVL 58

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 34935235
This isn't a certificate issue. This is controlled by a service called autodiscover. Your external URLs are wrong in exchange so autodiscover is sending the wrong settings to outlook. "SERVER" is the generic default before the SBS setup is completed. Running te combination of te Internet address management wizard (IAMW) and the fix my network wizard (FMNW) from te SBS console will resolve the issue.

-Cliff
0
 

Author Comment

by:DaBoags
ID: 34935302
Mmh thanks Cliff, but I did that too.  The odd thing is that one of the remote user has a Vista Home. He's not in the domain of course, and his Outlook Anywhere works just fine...  (btw, when I said SERVER I meant the name of my server, which is CANCSBS, just didn't want to giveaway the real name...)

Looking at the following output, what do I need to change ? (server OS is in French, hope u can make sense of it all).
[PS] C:\Windows\system32>Get-WebServicesVirtualDirectory | Select name, *url* | fl


Name                 : EWS (SBS Web Applications)
InternalNLBBypassUrl : https://cancsbs.canc.local/ews/exchange.asmx
InternalUrl          : https://remote.canc.nc/EWS/Exchange.asmx
ExternalUrl          : https://remote.canc.nc/EWS/Exchange.asmx

Open in new window

[PS] C:\Windows\system32>Get-ClientAccessServer | Select Name, *Internal* | fl


Name                           : CANCSBS
AutoDiscoverServiceInternalUri : https://remote.canc.nc/Autodiscover/Autodiscover.xml

Open in new window

[PS] C:\Windows\system32>Test-OutlookWebServices | ft * -AutoSize -Wrap

  Id        Type Message
  --        ---- -------
1003 Information Test imminent d'AutoDiscover avec l'adresse de messagerie CANC
                 Admin@canc.nc.
1007 Information Serveur de test CANCSBS.canc.local avec le nom publié https://
                 remote.canc.nc/EWS/Exchange.asmx & https://remote.canc.nc/EWS/
                 Exchange.asmx.
1019 Information Point de connexion de service AutoDiscover valide trouvé. L'UR
                 L d'AutoDiscover sur cet objet est https://remote.canc.nc/Auto
                 discover/Autodiscover.xml.
1006 Information Service de découverte automatique contacté à https://remote.ca
                 nc.nc/Autodiscover/Autodiscover.xml.
1016     Success [EXCH]-Service AS contacté à https://remote.canc.nc/EWS/Exchan
                 ge.asmx. Le temps écoulé était de 656 millisecondes.
1015     Success [EXCH]-Service OAB contacté à https://remote.canc.nc/EWS/Excha
                 nge.asmx. Le temps écoulé était de 0 millisecondes.
1014     Success [EXCH]-Service UM contacté à https://remote.canc.nc/UnifiedMes
                 saging/Service.asmx. Le temps écoulé était de 46 millisecondes
                 .
1016     Success [EXPR]-Service AS contacté à https://remote.canc.nc/EWS/Exchan
                 ge.asmx. Le temps écoulé était de 15 millisecondes.
1015     Success [EXPR]-Service OAB contacté à https://remote.canc.nc/EWS/Exchange.asmx. Le temps écoulé était de 0 millisecondes.
1014     Success [EXPR]-Service UM contacté à https://remote.canc.nc/UnifiedMessaging/Service.asmx. Le temps écoulé était de 15 millisecondes
                 .
1013       Error Réception de l'erreur Le serveur a commis une violation de protocole. Section=ResponseStatusLine lors du contact de https://CANCSBS/Rpc.
1017       Error [EXPR]-Erreur lors du contact du service RPC/HTTP à https://CANCSBS/Rpc. Le temps écoulé était de 0 millisecondes.
1006     Success Le service de découverte automatique a été testé.
1021 Information Les services Web suivants ont généré des erreurs.  Contact du serveur : EXPR
Utilisez la sortie précédente pour diagnostiquer et corriger les erreurs.

Open in new window

0
 

Author Comment

by:DaBoags
ID: 34939025
Okay, still no luck.  Have run the Outlook test config (ctrl+outlook icon thingy) and the output is as attached.  Note the "Certificate Principal Name" points to the NetBIOS name of my server, not the ecert.  How do I change that ?
Protocol: Exchange HTTP
Server: CANCSBS
Login Name: Cadmin
SSL: Yes
Mutual Authentication: Yes
Availability Service URL: https://remote.canc.nc/EWS/Exchange.asmx
OOF URL: https://remote.canc.nc/EWS/Exchange.asmx
OAB URL: https://remote.canc.nc/OAB/02820a85-dff6-4f60-9b61-f0dfe3b533c2/
Unified Message Service URL: https://remote.canc.nc/UnifiedMessaging/Service.asmx
Auth Package: Unspecified
Certificate Principal Name: msstd:CANCSBS

Open in new window

0
 

Author Comment

by:DaBoags
ID: 34939077
Got it :)

First in Exchange Management Shell run the command :

Get-OutlookProvider.

Mine displayed no value for the CertPrincipalName so I used :

Set-OutlookProvider -CertPrincipalname msstd:remote.canc.nc
and it asked me which identity I wanted to change, so I entered : WEB, then again the same command EXCH then again EXPR.

Now, back to Get-OutlookProvider
Name                Server              CertPrincipalName   TTL
----                ------              -----------------   ---
EXCH                CANCSBS             msstd:remote.canc.nc 1
EXPR                CANCSBS             msstd:remote.canc.nc 1
WEB                 CANCSBS             msstd:remote.canc.nc 1


Back to Outlook test config and : voila :)
0
 

Author Closing Comment

by:DaBoags
ID: 34939117
Thanks Cliff for pointing me to the right direction.
0

Featured Post

Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question