Improve company productivity with a Business Account.Sign Up

x
?
Solved

sbs 2003 outlook anywhere certificate error

Posted on 2011-02-22
10
Medium Priority
?
769 Views
Last Modified: 2012-05-11
Hi, have set up exchange 2003 outlook anywhere on my laptop and am getting a certificate error when connecting. A few things though, firstly when I open outlook I get a logon prompt for username and password, is that normal?
Anyway I enter the credentials and then get the certificate error suggesting that there is a problem with the proxy server's certificate. The name on the security is invalid or does not match the name of the target site server.mydomain.com.au. It also says that Outlook is unable to connect to the proxy server (Error Code 10).

I have checked the default iss website certificates for RPC and it matches what I have entered into outlook. Any Ideas?

Daz.
0
Comment
Question by:dazcoates
  • 6
  • 3
10 Comments
 
LVL 7

Expert Comment

by:viveksahu
ID: 34957812
Hi,

I found that if you insert your site (domain.domain.com/exchange) in the trusted sites list you will be able to install the cert. But don't just accept the defaults when you go to install it. The certificate must be placed in the trusted root folder, otherwise it will not work. By default IE places it into the intermediate folder. If you tried installing it already, go into the MMC, add the cert manager, browse to intermediate and drag and drop the cert into the trusted root folder.

follow the below article:

http://support.microsoft.com/kb/923575
0
 
LVL 2

Expert Comment

by:cityhelper
ID: 34957869
The first part of this answer I"m assuming you're using a public certificate that you purchased.  If not, skip to below the ========
I've found tha tyou need to make your certificates for sbs 2003 use a UCC certificate (multiple domains) on it.  I always do:

remote.domain.com
computername (of server)
domain.com
autodiscover.domain.com (because we're on exchange 2007/2010)
computername.domain.local (if your internal domain suffix is .local)

With the names above I can then use as my outlook anywhere proxy https://remote.domain.com

In SBS I also use the Connect to the Internet Wizard to generate the CSR key for the certificate and I install it that way.  I don't manually go through IIS or exchange unless I have to (not on sbs).
That way I make sure that it will work with OWA and RWW.

If I were you I'd try the connect to the internet wizard, (in server management > To Do List > #2) and re-run that only making a new certificate then picking public assuming you're not running a self signed certificate.

=============================================
Having said all of that, if you are using a Self Signed Certificate, have you installed it into the computer you are trying to setup outlook anywhere on?  It will have to be installed on there.
You export the .cer to that computer, then open it on the pc, click Install Certificate, and browse to the Trusted Root Certificates.  You put in there and it will ask if you're sure you want to trust whatever.domain.com and you say yes.   Then it should work.

0
 

Author Comment

by:dazcoates
ID: 34957915
So I've installed it to Trusted Root Certification Authorities and still no go.


0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 2

Expert Comment

by:cityhelper
ID: 34957933
So if you actually look at the certificate that you installed, does it say exactly the same thing that outlook has in it in the proxy area for outlook anywhere?  For example if the certificate is mail.domain.com.au  is that what is put into the proxy?

What authentication do you have it on?  I'd try both NTLM and Basic.  (at the bottom of that same page in outlook where you put the domain)
0
 
LVL 2

Expert Comment

by:cityhelper
ID: 34957955
Also, is the certificate expired?  
Do you have others using this configuration and certificate?  

If you don't have any others:
What Id  probably do is re-key a certificate.  You can do that through the Connect to the Internet Wizard (see my above post), then that will give you a brand new certificate.  As you go through that wizard, just keep everything the same except when you get to the certificate part, "make a new certificate" is what you'll want.  

by the way, it's normal to get a password prompt if you're not connected directly to the domain.  you'd want to login with domain\username  and obviously your password...
0
 

Author Comment

by:dazcoates
ID: 34958816
I'm actually at home now and another screen came up mentioning that it was autodiscover.mydomain.com.au, still won't let me in though, any ideas as to what this is now all about?

Cheers, Daz.
0
 

Author Comment

by:dazcoates
ID: 34958840
When creating a new certificate using the connect to the internet wizard, you get to the part where it asks for the web server name, we don't host our domain our ISP does so should it be www.mydomain.com.au or server.mydomain.com.au?

Daz.
0
 

Author Comment

by:dazcoates
ID: 34959029
I've tried re-installing certificates, changed it to www.mydomain.com.au, checked the two certificates side by side and there identical. ???????
0
 

Accepted Solution

by:
dazcoates earned 0 total points
ID: 34959591
Worked it out, i was trying to use 'server.domainname.com.au' it wasn't a FQDN. Changed the certificate to 'owa.domainnamme.com.au' which is and the certificate was accepted and it all logged on nicely.

Thanks to all for your assistance.
0
 

Author Closing Comment

by:dazcoates
ID: 34995298
Oh yes created a certificate for owa.domainname.com.au so it validated.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Microsoft Exchange Server gives you the ability to roll back a corrupt database, but still preserve any data written to that database since the last successful backup. Unfortunately the documentation on how to do this when recovering using imaging b…
The article is for all the Exchange users seeking smooth and effective EDB to PST conversion. Exchange Server is the most widely used platform for messaging with collaborative sharing, Exchange online, secure working environment, etc.
Planning to migrate your EDB file(s) to a new or an existing Outlook PST file? This video will guide you how to convert EDB file(s) to PST. Besides this, it also describes, how one can easily search any item(s) from multiple folders or mailboxes…
If you are looking for an automated tool which can generate reports for Outlook emails and other items from PST file, then you can go for Kernel PST Reporter tool. The reports which are created by this tool are helpful to analyze and understand PST …

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question