Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

SBS 2008 Wrong Certificate with Outlook Anywhere

Posted on 2011-02-19
5
Medium Priority
?
1,500 Views
Last Modified: 2012-05-11
Hi all,

got an SBS2008 playing up.  For a couple of weeks now, my remote users cannot connect to the SBS2008 using Outlook Anywhere.

The Exchange Account in Outlook is set as :
- Exchange Server : server.domain.local
- User Name : username
- Advanced - Connection Tab - Proxy settings
- URL : http://remote.domain.com
- Proxy : msstd:remote.domain.com

Open Outlook. Connection works.
Close Outlook - reopen Outlook : disconnected.
Check settings :
-  Advanced - Connection Tab - Proxy settings
- URL : SERVER
- Proxy : msstd:SERVER

Now, why does it automatically change ? I went back to the SBS server, deleted the cert in the MMC console : \Local Computer\Personal\Certificates "remote.domain.com" then went to the SBS console and re-did the steps "Setup your Internet Address" then "Add certificate".  Checked in IIS for the bindings and the certificate is correctly seleted...  

Still.  Outlook will revert to SERVER instead of remote.domain.com

Any clues ?
0
Comment
Question by:DaBoags
  • 4
5 Comments
 
LVL 60

Accepted Solution

by:
Cliff Galiher earned 1500 total points
ID: 34935235
This isn't a certificate issue. This is controlled by a service called autodiscover. Your external URLs are wrong in exchange so autodiscover is sending the wrong settings to outlook. "SERVER" is the generic default before the SBS setup is completed. Running te combination of te Internet address management wizard (IAMW) and the fix my network wizard (FMNW) from te SBS console will resolve the issue.

-Cliff
0
 

Author Comment

by:DaBoags
ID: 34935302
Mmh thanks Cliff, but I did that too.  The odd thing is that one of the remote user has a Vista Home. He's not in the domain of course, and his Outlook Anywhere works just fine...  (btw, when I said SERVER I meant the name of my server, which is CANCSBS, just didn't want to giveaway the real name...)

Looking at the following output, what do I need to change ? (server OS is in French, hope u can make sense of it all).
[PS] C:\Windows\system32>Get-WebServicesVirtualDirectory | Select name, *url* | fl


Name                 : EWS (SBS Web Applications)
InternalNLBBypassUrl : https://cancsbs.canc.local/ews/exchange.asmx
InternalUrl          : https://remote.canc.nc/EWS/Exchange.asmx
ExternalUrl          : https://remote.canc.nc/EWS/Exchange.asmx

Open in new window

[PS] C:\Windows\system32>Get-ClientAccessServer | Select Name, *Internal* | fl


Name                           : CANCSBS
AutoDiscoverServiceInternalUri : https://remote.canc.nc/Autodiscover/Autodiscover.xml

Open in new window

[PS] C:\Windows\system32>Test-OutlookWebServices | ft * -AutoSize -Wrap

  Id        Type Message
  --        ---- -------
1003 Information Test imminent d'AutoDiscover avec l'adresse de messagerie CANC
                 Admin@canc.nc.
1007 Information Serveur de test CANCSBS.canc.local avec le nom publié https://
                 remote.canc.nc/EWS/Exchange.asmx & https://remote.canc.nc/EWS/
                 Exchange.asmx.
1019 Information Point de connexion de service AutoDiscover valide trouvé. L'UR
                 L d'AutoDiscover sur cet objet est https://remote.canc.nc/Auto
                 discover/Autodiscover.xml.
1006 Information Service de découverte automatique contacté à https://remote.ca
                 nc.nc/Autodiscover/Autodiscover.xml.
1016     Success [EXCH]-Service AS contacté à https://remote.canc.nc/EWS/Exchan
                 ge.asmx. Le temps écoulé était de 656 millisecondes.
1015     Success [EXCH]-Service OAB contacté à https://remote.canc.nc/EWS/Excha
                 nge.asmx. Le temps écoulé était de 0 millisecondes.
1014     Success [EXCH]-Service UM contacté à https://remote.canc.nc/UnifiedMes
                 saging/Service.asmx. Le temps écoulé était de 46 millisecondes
                 .
1016     Success [EXPR]-Service AS contacté à https://remote.canc.nc/EWS/Exchan
                 ge.asmx. Le temps écoulé était de 15 millisecondes.
1015     Success [EXPR]-Service OAB contacté à https://remote.canc.nc/EWS/Exchange.asmx. Le temps écoulé était de 0 millisecondes.
1014     Success [EXPR]-Service UM contacté à https://remote.canc.nc/UnifiedMessaging/Service.asmx. Le temps écoulé était de 15 millisecondes
                 .
1013       Error Réception de l'erreur Le serveur a commis une violation de protocole. Section=ResponseStatusLine lors du contact de https://CANCSBS/Rpc.
1017       Error [EXPR]-Erreur lors du contact du service RPC/HTTP à https://CANCSBS/Rpc. Le temps écoulé était de 0 millisecondes.
1006     Success Le service de découverte automatique a été testé.
1021 Information Les services Web suivants ont généré des erreurs.  Contact du serveur : EXPR
Utilisez la sortie précédente pour diagnostiquer et corriger les erreurs.

Open in new window

0
 

Author Comment

by:DaBoags
ID: 34939025
Okay, still no luck.  Have run the Outlook test config (ctrl+outlook icon thingy) and the output is as attached.  Note the "Certificate Principal Name" points to the NetBIOS name of my server, not the ecert.  How do I change that ?
Protocol: Exchange HTTP
Server: CANCSBS
Login Name: Cadmin
SSL: Yes
Mutual Authentication: Yes
Availability Service URL: https://remote.canc.nc/EWS/Exchange.asmx
OOF URL: https://remote.canc.nc/EWS/Exchange.asmx
OAB URL: https://remote.canc.nc/OAB/02820a85-dff6-4f60-9b61-f0dfe3b533c2/
Unified Message Service URL: https://remote.canc.nc/UnifiedMessaging/Service.asmx
Auth Package: Unspecified
Certificate Principal Name: msstd:CANCSBS

Open in new window

0
 

Author Comment

by:DaBoags
ID: 34939077
Got it :)

First in Exchange Management Shell run the command :

Get-OutlookProvider.

Mine displayed no value for the CertPrincipalName so I used :

Set-OutlookProvider -CertPrincipalname msstd:remote.canc.nc
and it asked me which identity I wanted to change, so I entered : WEB, then again the same command EXCH then again EXPR.

Now, back to Get-OutlookProvider
Name                Server              CertPrincipalName   TTL
----                ------              -----------------   ---
EXCH                CANCSBS             msstd:remote.canc.nc 1
EXPR                CANCSBS             msstd:remote.canc.nc 1
WEB                 CANCSBS             msstd:remote.canc.nc 1


Back to Outlook test config and : voila :)
0
 

Author Closing Comment

by:DaBoags
ID: 34939117
Thanks Cliff for pointing me to the right direction.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
In this post, we will learn to set up the Group Naming policy and will see how it is going to impact the Display Name and the Email addresses of the Group.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question