Solved

sbs 2003 outlook anywhere certificate error

Posted on 2011-02-22
10
754 Views
Last Modified: 2012-05-11
Hi, have set up exchange 2003 outlook anywhere on my laptop and am getting a certificate error when connecting. A few things though, firstly when I open outlook I get a logon prompt for username and password, is that normal?
Anyway I enter the credentials and then get the certificate error suggesting that there is a problem with the proxy server's certificate. The name on the security is invalid or does not match the name of the target site server.mydomain.com.au. It also says that Outlook is unable to connect to the proxy server (Error Code 10).

I have checked the default iss website certificates for RPC and it matches what I have entered into outlook. Any Ideas?

Daz.
0
Comment
Question by:dazcoates
  • 6
  • 3
10 Comments
 
LVL 7

Expert Comment

by:viveksahu
ID: 34957812
Hi,

I found that if you insert your site (domain.domain.com/exchange) in the trusted sites list you will be able to install the cert. But don't just accept the defaults when you go to install it. The certificate must be placed in the trusted root folder, otherwise it will not work. By default IE places it into the intermediate folder. If you tried installing it already, go into the MMC, add the cert manager, browse to intermediate and drag and drop the cert into the trusted root folder.

follow the below article:

http://support.microsoft.com/kb/923575
0
 
LVL 2

Expert Comment

by:cityhelper
ID: 34957869
The first part of this answer I"m assuming you're using a public certificate that you purchased.  If not, skip to below the ========
I've found tha tyou need to make your certificates for sbs 2003 use a UCC certificate (multiple domains) on it.  I always do:

remote.domain.com
computername (of server)
domain.com
autodiscover.domain.com (because we're on exchange 2007/2010)
computername.domain.local (if your internal domain suffix is .local)

With the names above I can then use as my outlook anywhere proxy https://remote.domain.com

In SBS I also use the Connect to the Internet Wizard to generate the CSR key for the certificate and I install it that way.  I don't manually go through IIS or exchange unless I have to (not on sbs).
That way I make sure that it will work with OWA and RWW.

If I were you I'd try the connect to the internet wizard, (in server management > To Do List > #2) and re-run that only making a new certificate then picking public assuming you're not running a self signed certificate.

=============================================
Having said all of that, if you are using a Self Signed Certificate, have you installed it into the computer you are trying to setup outlook anywhere on?  It will have to be installed on there.
You export the .cer to that computer, then open it on the pc, click Install Certificate, and browse to the Trusted Root Certificates.  You put in there and it will ask if you're sure you want to trust whatever.domain.com and you say yes.   Then it should work.

0
 

Author Comment

by:dazcoates
ID: 34957915
So I've installed it to Trusted Root Certification Authorities and still no go.


0
 
LVL 2

Expert Comment

by:cityhelper
ID: 34957933
So if you actually look at the certificate that you installed, does it say exactly the same thing that outlook has in it in the proxy area for outlook anywhere?  For example if the certificate is mail.domain.com.au  is that what is put into the proxy?

What authentication do you have it on?  I'd try both NTLM and Basic.  (at the bottom of that same page in outlook where you put the domain)
0
 
LVL 2

Expert Comment

by:cityhelper
ID: 34957955
Also, is the certificate expired?  
Do you have others using this configuration and certificate?  

If you don't have any others:
What Id  probably do is re-key a certificate.  You can do that through the Connect to the Internet Wizard (see my above post), then that will give you a brand new certificate.  As you go through that wizard, just keep everything the same except when you get to the certificate part, "make a new certificate" is what you'll want.  

by the way, it's normal to get a password prompt if you're not connected directly to the domain.  you'd want to login with domain\username  and obviously your password...
0
Why do Marketing keep bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

 

Author Comment

by:dazcoates
ID: 34958816
I'm actually at home now and another screen came up mentioning that it was autodiscover.mydomain.com.au, still won't let me in though, any ideas as to what this is now all about?

Cheers, Daz.
0
 

Author Comment

by:dazcoates
ID: 34958840
When creating a new certificate using the connect to the internet wizard, you get to the part where it asks for the web server name, we don't host our domain our ISP does so should it be www.mydomain.com.au or server.mydomain.com.au?

Daz.
0
 

Author Comment

by:dazcoates
ID: 34959029
I've tried re-installing certificates, changed it to www.mydomain.com.au, checked the two certificates side by side and there identical. ???????
0
 

Accepted Solution

by:
dazcoates earned 0 total points
ID: 34959591
Worked it out, i was trying to use 'server.domainname.com.au' it wasn't a FQDN. Changed the certificate to 'owa.domainnamme.com.au' which is and the certificate was accepted and it all logged on nicely.

Thanks to all for your assistance.
0
 

Author Closing Comment

by:dazcoates
ID: 34995298
Oh yes created a certificate for owa.domainname.com.au so it validated.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
how to add IIS SMTP to handle application/Scanner relays into office 365.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now