Solved

sbs 2003 outlook anywhere certificate error

Posted on 2011-02-22
10
757 Views
Last Modified: 2012-05-11
Hi, have set up exchange 2003 outlook anywhere on my laptop and am getting a certificate error when connecting. A few things though, firstly when I open outlook I get a logon prompt for username and password, is that normal?
Anyway I enter the credentials and then get the certificate error suggesting that there is a problem with the proxy server's certificate. The name on the security is invalid or does not match the name of the target site server.mydomain.com.au. It also says that Outlook is unable to connect to the proxy server (Error Code 10).

I have checked the default iss website certificates for RPC and it matches what I have entered into outlook. Any Ideas?

Daz.
0
Comment
Question by:dazcoates
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
10 Comments
 
LVL 7

Expert Comment

by:viveksahu
ID: 34957812
Hi,

I found that if you insert your site (domain.domain.com/exchange) in the trusted sites list you will be able to install the cert. But don't just accept the defaults when you go to install it. The certificate must be placed in the trusted root folder, otherwise it will not work. By default IE places it into the intermediate folder. If you tried installing it already, go into the MMC, add the cert manager, browse to intermediate and drag and drop the cert into the trusted root folder.

follow the below article:

http://support.microsoft.com/kb/923575
0
 
LVL 2

Expert Comment

by:cityhelper
ID: 34957869
The first part of this answer I"m assuming you're using a public certificate that you purchased.  If not, skip to below the ========
I've found tha tyou need to make your certificates for sbs 2003 use a UCC certificate (multiple domains) on it.  I always do:

remote.domain.com
computername (of server)
domain.com
autodiscover.domain.com (because we're on exchange 2007/2010)
computername.domain.local (if your internal domain suffix is .local)

With the names above I can then use as my outlook anywhere proxy https://remote.domain.com

In SBS I also use the Connect to the Internet Wizard to generate the CSR key for the certificate and I install it that way.  I don't manually go through IIS or exchange unless I have to (not on sbs).
That way I make sure that it will work with OWA and RWW.

If I were you I'd try the connect to the internet wizard, (in server management > To Do List > #2) and re-run that only making a new certificate then picking public assuming you're not running a self signed certificate.

=============================================
Having said all of that, if you are using a Self Signed Certificate, have you installed it into the computer you are trying to setup outlook anywhere on?  It will have to be installed on there.
You export the .cer to that computer, then open it on the pc, click Install Certificate, and browse to the Trusted Root Certificates.  You put in there and it will ask if you're sure you want to trust whatever.domain.com and you say yes.   Then it should work.

0
 

Author Comment

by:dazcoates
ID: 34957915
So I've installed it to Trusted Root Certification Authorities and still no go.


0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 
LVL 2

Expert Comment

by:cityhelper
ID: 34957933
So if you actually look at the certificate that you installed, does it say exactly the same thing that outlook has in it in the proxy area for outlook anywhere?  For example if the certificate is mail.domain.com.au  is that what is put into the proxy?

What authentication do you have it on?  I'd try both NTLM and Basic.  (at the bottom of that same page in outlook where you put the domain)
0
 
LVL 2

Expert Comment

by:cityhelper
ID: 34957955
Also, is the certificate expired?  
Do you have others using this configuration and certificate?  

If you don't have any others:
What Id  probably do is re-key a certificate.  You can do that through the Connect to the Internet Wizard (see my above post), then that will give you a brand new certificate.  As you go through that wizard, just keep everything the same except when you get to the certificate part, "make a new certificate" is what you'll want.  

by the way, it's normal to get a password prompt if you're not connected directly to the domain.  you'd want to login with domain\username  and obviously your password...
0
 

Author Comment

by:dazcoates
ID: 34958816
I'm actually at home now and another screen came up mentioning that it was autodiscover.mydomain.com.au, still won't let me in though, any ideas as to what this is now all about?

Cheers, Daz.
0
 

Author Comment

by:dazcoates
ID: 34958840
When creating a new certificate using the connect to the internet wizard, you get to the part where it asks for the web server name, we don't host our domain our ISP does so should it be www.mydomain.com.au or server.mydomain.com.au?

Daz.
0
 

Author Comment

by:dazcoates
ID: 34959029
I've tried re-installing certificates, changed it to www.mydomain.com.au, checked the two certificates side by side and there identical. ???????
0
 

Accepted Solution

by:
dazcoates earned 0 total points
ID: 34959591
Worked it out, i was trying to use 'server.domainname.com.au' it wasn't a FQDN. Changed the certificate to 'owa.domainnamme.com.au' which is and the certificate was accepted and it all logged on nicely.

Thanks to all for your assistance.
0
 

Author Closing Comment

by:dazcoates
ID: 34995298
Oh yes created a certificate for owa.domainname.com.au so it validated.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you unable to connect or configure Hotmail email account in Microsoft Outlook 2010, 2007? Or Outlook.com emails are not downloading to Outlook? Lets’ see the problem and resolve Outlook Connector error syncing folder hierarchy (0x8004102A).
In-place Upgrading Dirsync to Azure AD Connect
This video discusses moving either the default database or any database to a new volume.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

697 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question