Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

sbs 2003 outlook anywhere certificate error

Posted on 2011-02-22
10
Medium Priority
?
763 Views
Last Modified: 2012-05-11
Hi, have set up exchange 2003 outlook anywhere on my laptop and am getting a certificate error when connecting. A few things though, firstly when I open outlook I get a logon prompt for username and password, is that normal?
Anyway I enter the credentials and then get the certificate error suggesting that there is a problem with the proxy server's certificate. The name on the security is invalid or does not match the name of the target site server.mydomain.com.au. It also says that Outlook is unable to connect to the proxy server (Error Code 10).

I have checked the default iss website certificates for RPC and it matches what I have entered into outlook. Any Ideas?

Daz.
0
Comment
Question by:dazcoates
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
10 Comments
 
LVL 7

Expert Comment

by:viveksahu
ID: 34957812
Hi,

I found that if you insert your site (domain.domain.com/exchange) in the trusted sites list you will be able to install the cert. But don't just accept the defaults when you go to install it. The certificate must be placed in the trusted root folder, otherwise it will not work. By default IE places it into the intermediate folder. If you tried installing it already, go into the MMC, add the cert manager, browse to intermediate and drag and drop the cert into the trusted root folder.

follow the below article:

http://support.microsoft.com/kb/923575
0
 
LVL 2

Expert Comment

by:cityhelper
ID: 34957869
The first part of this answer I"m assuming you're using a public certificate that you purchased.  If not, skip to below the ========
I've found tha tyou need to make your certificates for sbs 2003 use a UCC certificate (multiple domains) on it.  I always do:

remote.domain.com
computername (of server)
domain.com
autodiscover.domain.com (because we're on exchange 2007/2010)
computername.domain.local (if your internal domain suffix is .local)

With the names above I can then use as my outlook anywhere proxy https://remote.domain.com

In SBS I also use the Connect to the Internet Wizard to generate the CSR key for the certificate and I install it that way.  I don't manually go through IIS or exchange unless I have to (not on sbs).
That way I make sure that it will work with OWA and RWW.

If I were you I'd try the connect to the internet wizard, (in server management > To Do List > #2) and re-run that only making a new certificate then picking public assuming you're not running a self signed certificate.

=============================================
Having said all of that, if you are using a Self Signed Certificate, have you installed it into the computer you are trying to setup outlook anywhere on?  It will have to be installed on there.
You export the .cer to that computer, then open it on the pc, click Install Certificate, and browse to the Trusted Root Certificates.  You put in there and it will ask if you're sure you want to trust whatever.domain.com and you say yes.   Then it should work.

0
 

Author Comment

by:dazcoates
ID: 34957915
So I've installed it to Trusted Root Certification Authorities and still no go.


0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 2

Expert Comment

by:cityhelper
ID: 34957933
So if you actually look at the certificate that you installed, does it say exactly the same thing that outlook has in it in the proxy area for outlook anywhere?  For example if the certificate is mail.domain.com.au  is that what is put into the proxy?

What authentication do you have it on?  I'd try both NTLM and Basic.  (at the bottom of that same page in outlook where you put the domain)
0
 
LVL 2

Expert Comment

by:cityhelper
ID: 34957955
Also, is the certificate expired?  
Do you have others using this configuration and certificate?  

If you don't have any others:
What Id  probably do is re-key a certificate.  You can do that through the Connect to the Internet Wizard (see my above post), then that will give you a brand new certificate.  As you go through that wizard, just keep everything the same except when you get to the certificate part, "make a new certificate" is what you'll want.  

by the way, it's normal to get a password prompt if you're not connected directly to the domain.  you'd want to login with domain\username  and obviously your password...
0
 

Author Comment

by:dazcoates
ID: 34958816
I'm actually at home now and another screen came up mentioning that it was autodiscover.mydomain.com.au, still won't let me in though, any ideas as to what this is now all about?

Cheers, Daz.
0
 

Author Comment

by:dazcoates
ID: 34958840
When creating a new certificate using the connect to the internet wizard, you get to the part where it asks for the web server name, we don't host our domain our ISP does so should it be www.mydomain.com.au or server.mydomain.com.au?

Daz.
0
 

Author Comment

by:dazcoates
ID: 34959029
I've tried re-installing certificates, changed it to www.mydomain.com.au, checked the two certificates side by side and there identical. ???????
0
 

Accepted Solution

by:
dazcoates earned 0 total points
ID: 34959591
Worked it out, i was trying to use 'server.domainname.com.au' it wasn't a FQDN. Changed the certificate to 'owa.domainnamme.com.au' which is and the certificate was accepted and it all logged on nicely.

Thanks to all for your assistance.
0
 

Author Closing Comment

by:dazcoates
ID: 34995298
Oh yes created a certificate for owa.domainname.com.au so it validated.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
This video discusses moving either the default database or any database to a new volume.
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question