Solved

SBS 2008 Wrong Certificate with Outlook Anywhere

Posted on 2011-02-19
5
1,467 Views
Last Modified: 2012-05-11
Hi all,

got an SBS2008 playing up.  For a couple of weeks now, my remote users cannot connect to the SBS2008 using Outlook Anywhere.

The Exchange Account in Outlook is set as :
- Exchange Server : server.domain.local
- User Name : username
- Advanced - Connection Tab - Proxy settings
- URL : http://remote.domain.com
- Proxy : msstd:remote.domain.com

Open Outlook. Connection works.
Close Outlook - reopen Outlook : disconnected.
Check settings :
-  Advanced - Connection Tab - Proxy settings
- URL : SERVER
- Proxy : msstd:SERVER

Now, why does it automatically change ? I went back to the SBS server, deleted the cert in the MMC console : \Local Computer\Personal\Certificates "remote.domain.com" then went to the SBS console and re-did the steps "Setup your Internet Address" then "Add certificate".  Checked in IIS for the bindings and the certificate is correctly seleted...  

Still.  Outlook will revert to SERVER instead of remote.domain.com

Any clues ?
0
Comment
Question by:DaBoags
  • 4
5 Comments
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 500 total points
Comment Utility
This isn't a certificate issue. This is controlled by a service called autodiscover. Your external URLs are wrong in exchange so autodiscover is sending the wrong settings to outlook. "SERVER" is the generic default before the SBS setup is completed. Running te combination of te Internet address management wizard (IAMW) and the fix my network wizard (FMNW) from te SBS console will resolve the issue.

-Cliff
0
 

Author Comment

by:DaBoags
Comment Utility
Mmh thanks Cliff, but I did that too.  The odd thing is that one of the remote user has a Vista Home. He's not in the domain of course, and his Outlook Anywhere works just fine...  (btw, when I said SERVER I meant the name of my server, which is CANCSBS, just didn't want to giveaway the real name...)

Looking at the following output, what do I need to change ? (server OS is in French, hope u can make sense of it all).
[PS] C:\Windows\system32>Get-WebServicesVirtualDirectory | Select name, *url* | fl


Name                 : EWS (SBS Web Applications)
InternalNLBBypassUrl : https://cancsbs.canc.local/ews/exchange.asmx
InternalUrl          : https://remote.canc.nc/EWS/Exchange.asmx
ExternalUrl          : https://remote.canc.nc/EWS/Exchange.asmx

Open in new window

[PS] C:\Windows\system32>Get-ClientAccessServer | Select Name, *Internal* | fl


Name                           : CANCSBS
AutoDiscoverServiceInternalUri : https://remote.canc.nc/Autodiscover/Autodiscover.xml

Open in new window

[PS] C:\Windows\system32>Test-OutlookWebServices | ft * -AutoSize -Wrap

  Id        Type Message
  --        ---- -------
1003 Information Test imminent d'AutoDiscover avec l'adresse de messagerie CANC
                 Admin@canc.nc.
1007 Information Serveur de test CANCSBS.canc.local avec le nom publié https://
                 remote.canc.nc/EWS/Exchange.asmx & https://remote.canc.nc/EWS/
                 Exchange.asmx.
1019 Information Point de connexion de service AutoDiscover valide trouvé. L'UR
                 L d'AutoDiscover sur cet objet est https://remote.canc.nc/Auto
                 discover/Autodiscover.xml.
1006 Information Service de découverte automatique contacté à https://remote.ca
                 nc.nc/Autodiscover/Autodiscover.xml.
1016     Success [EXCH]-Service AS contacté à https://remote.canc.nc/EWS/Exchan
                 ge.asmx. Le temps écoulé était de 656 millisecondes.
1015     Success [EXCH]-Service OAB contacté à https://remote.canc.nc/EWS/Excha
                 nge.asmx. Le temps écoulé était de 0 millisecondes.
1014     Success [EXCH]-Service UM contacté à https://remote.canc.nc/UnifiedMes
                 saging/Service.asmx. Le temps écoulé était de 46 millisecondes
                 .
1016     Success [EXPR]-Service AS contacté à https://remote.canc.nc/EWS/Exchan
                 ge.asmx. Le temps écoulé était de 15 millisecondes.
1015     Success [EXPR]-Service OAB contacté à https://remote.canc.nc/EWS/Exchange.asmx. Le temps écoulé était de 0 millisecondes.
1014     Success [EXPR]-Service UM contacté à https://remote.canc.nc/UnifiedMessaging/Service.asmx. Le temps écoulé était de 15 millisecondes
                 .
1013       Error Réception de l'erreur Le serveur a commis une violation de protocole. Section=ResponseStatusLine lors du contact de https://CANCSBS/Rpc.
1017       Error [EXPR]-Erreur lors du contact du service RPC/HTTP à https://CANCSBS/Rpc. Le temps écoulé était de 0 millisecondes.
1006     Success Le service de découverte automatique a été testé.
1021 Information Les services Web suivants ont généré des erreurs.  Contact du serveur : EXPR
Utilisez la sortie précédente pour diagnostiquer et corriger les erreurs.

Open in new window

0
 

Author Comment

by:DaBoags
Comment Utility
Okay, still no luck.  Have run the Outlook test config (ctrl+outlook icon thingy) and the output is as attached.  Note the "Certificate Principal Name" points to the NetBIOS name of my server, not the ecert.  How do I change that ?
Protocol: Exchange HTTP
Server: CANCSBS
Login Name: Cadmin
SSL: Yes
Mutual Authentication: Yes
Availability Service URL: https://remote.canc.nc/EWS/Exchange.asmx
OOF URL: https://remote.canc.nc/EWS/Exchange.asmx
OAB URL: https://remote.canc.nc/OAB/02820a85-dff6-4f60-9b61-f0dfe3b533c2/
Unified Message Service URL: https://remote.canc.nc/UnifiedMessaging/Service.asmx
Auth Package: Unspecified
Certificate Principal Name: msstd:CANCSBS

Open in new window

0
 

Author Comment

by:DaBoags
Comment Utility
Got it :)

First in Exchange Management Shell run the command :

Get-OutlookProvider.

Mine displayed no value for the CertPrincipalName so I used :

Set-OutlookProvider -CertPrincipalname msstd:remote.canc.nc
and it asked me which identity I wanted to change, so I entered : WEB, then again the same command EXCH then again EXPR.

Now, back to Get-OutlookProvider
Name                Server              CertPrincipalName   TTL
----                ------              -----------------   ---
EXCH                CANCSBS             msstd:remote.canc.nc 1
EXPR                CANCSBS             msstd:remote.canc.nc 1
WEB                 CANCSBS             msstd:remote.canc.nc 1


Back to Outlook test config and : voila :)
0
 

Author Closing Comment

by:DaBoags
Comment Utility
Thanks Cliff for pointing me to the right direction.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now