?
Solved

sbs 2003 outlook anywhere certificate error

Posted on 2011-02-22
10
Medium Priority
?
768 Views
Last Modified: 2012-05-11
Hi, have set up exchange 2003 outlook anywhere on my laptop and am getting a certificate error when connecting. A few things though, firstly when I open outlook I get a logon prompt for username and password, is that normal?
Anyway I enter the credentials and then get the certificate error suggesting that there is a problem with the proxy server's certificate. The name on the security is invalid or does not match the name of the target site server.mydomain.com.au. It also says that Outlook is unable to connect to the proxy server (Error Code 10).

I have checked the default iss website certificates for RPC and it matches what I have entered into outlook. Any Ideas?

Daz.
0
Comment
Question by:dazcoates
  • 6
  • 3
10 Comments
 
LVL 7

Expert Comment

by:viveksahu
ID: 34957812
Hi,

I found that if you insert your site (domain.domain.com/exchange) in the trusted sites list you will be able to install the cert. But don't just accept the defaults when you go to install it. The certificate must be placed in the trusted root folder, otherwise it will not work. By default IE places it into the intermediate folder. If you tried installing it already, go into the MMC, add the cert manager, browse to intermediate and drag and drop the cert into the trusted root folder.

follow the below article:

http://support.microsoft.com/kb/923575
0
 
LVL 2

Expert Comment

by:cityhelper
ID: 34957869
The first part of this answer I"m assuming you're using a public certificate that you purchased.  If not, skip to below the ========
I've found tha tyou need to make your certificates for sbs 2003 use a UCC certificate (multiple domains) on it.  I always do:

remote.domain.com
computername (of server)
domain.com
autodiscover.domain.com (because we're on exchange 2007/2010)
computername.domain.local (if your internal domain suffix is .local)

With the names above I can then use as my outlook anywhere proxy https://remote.domain.com

In SBS I also use the Connect to the Internet Wizard to generate the CSR key for the certificate and I install it that way.  I don't manually go through IIS or exchange unless I have to (not on sbs).
That way I make sure that it will work with OWA and RWW.

If I were you I'd try the connect to the internet wizard, (in server management > To Do List > #2) and re-run that only making a new certificate then picking public assuming you're not running a self signed certificate.

=============================================
Having said all of that, if you are using a Self Signed Certificate, have you installed it into the computer you are trying to setup outlook anywhere on?  It will have to be installed on there.
You export the .cer to that computer, then open it on the pc, click Install Certificate, and browse to the Trusted Root Certificates.  You put in there and it will ask if you're sure you want to trust whatever.domain.com and you say yes.   Then it should work.

0
 

Author Comment

by:dazcoates
ID: 34957915
So I've installed it to Trusted Root Certification Authorities and still no go.


0
 Email signature solution for Office 365

Easily set up a company-wide email signature in Office 365 that works with every email client. Add personalized email signatures to every email in your company. Let users preview their server-level signature in Outlook.

 
LVL 2

Expert Comment

by:cityhelper
ID: 34957933
So if you actually look at the certificate that you installed, does it say exactly the same thing that outlook has in it in the proxy area for outlook anywhere?  For example if the certificate is mail.domain.com.au  is that what is put into the proxy?

What authentication do you have it on?  I'd try both NTLM and Basic.  (at the bottom of that same page in outlook where you put the domain)
0
 
LVL 2

Expert Comment

by:cityhelper
ID: 34957955
Also, is the certificate expired?  
Do you have others using this configuration and certificate?  

If you don't have any others:
What Id  probably do is re-key a certificate.  You can do that through the Connect to the Internet Wizard (see my above post), then that will give you a brand new certificate.  As you go through that wizard, just keep everything the same except when you get to the certificate part, "make a new certificate" is what you'll want.  

by the way, it's normal to get a password prompt if you're not connected directly to the domain.  you'd want to login with domain\username  and obviously your password...
0
 

Author Comment

by:dazcoates
ID: 34958816
I'm actually at home now and another screen came up mentioning that it was autodiscover.mydomain.com.au, still won't let me in though, any ideas as to what this is now all about?

Cheers, Daz.
0
 

Author Comment

by:dazcoates
ID: 34958840
When creating a new certificate using the connect to the internet wizard, you get to the part where it asks for the web server name, we don't host our domain our ISP does so should it be www.mydomain.com.au or server.mydomain.com.au?

Daz.
0
 

Author Comment

by:dazcoates
ID: 34959029
I've tried re-installing certificates, changed it to www.mydomain.com.au, checked the two certificates side by side and there identical. ???????
0
 

Accepted Solution

by:
dazcoates earned 0 total points
ID: 34959591
Worked it out, i was trying to use 'server.domainname.com.au' it wasn't a FQDN. Changed the certificate to 'owa.domainnamme.com.au' which is and the certificate was accepted and it all logged on nicely.

Thanks to all for your assistance.
0
 

Author Closing Comment

by:dazcoates
ID: 34995298
Oh yes created a certificate for owa.domainname.com.au so it validated.
0

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I came across an unsolved Outlook issue and here is my solution.
Often, the users face difficulty in accessing Outlook 2016 PST files on Windows 10 computer. One of the reasons behind it is the improper functioning of MS Outlook when the user tries to open it. MS Outlook suddenly stops working, or it will not op…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses
Course of the Month7 days, 19 hours left to enroll

616 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question