Solved

Installed UCC Cert for Exchange 2007, now Outlook Anywhere not working

Posted on 2011-03-03
9
477 Views
Last Modified: 2012-05-11
As the title suggests, I've installed a UCC certificate for Exchange 2007, replacing a wild card cert.  My internal and external webmail work fine, and ActiveSync clients are connecting with no problems.  But I can't get an Outlook Anywhere client to connect.  I keep getting prompted for a username/password and it won't accept anything.  I've tried fiddling around with every different setting, and at this point I'm at my wits end and need this resolved ASAP.  

Any suggestions, things to try, I've done some research on here and also other exchange forums but I'm stuck.  Thank you.
0
Comment
Question by:Sma11T0wnITGuy
  • 4
  • 4
9 Comments
 
LVL 11

Expert Comment

by:MichaelVH
Comment Utility
Hi there,

what type of authentication have you set for Outlook Anywhere?

You can view the settings with Get-OutlookAnywhere from the shell.

Michael
0
 

Author Comment

by:Sma11T0wnITGuy
Comment Utility
Output from Get-OutlookAnywhere command:

ServerName                      : LSIEXCHANGE
SSLOffloading                   : False
ExternalHostname                : getmymail.lsisolutions.com
ClientAuthenticationMethod      : Ntlm
IISAuthenticationMethods        : {Ntlm}
MetabasePath                    : IIS://LSIEXCHANGE.lsisolutions.com/W3SVC/1/RO
                                  OT/Rpc
Path                            : C:\Windows\System32\RpcProxy
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags         : {}
ExtendedProtectionSPNList       : {}
Server                          : LSIEXCHANGE
AdminDisplayName                :
ExchangeVersion                 : 0.1 (8.0.535.0)
Name                            : Rpc (Default Web Site)
DistinguishedName               : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocol
                                  s,CN=LSIEXCHANGE,CN=Servers,CN=Exchange Admin
                                  istrative Group (FYDIBOHF23SPDLT),CN=Administ
                                  rative Groups,CN=LSI Solutions Inc,CN=Microso
                                  ft Exchange,CN=Services,CN=Configuration,DC=l
                                  sisolutions,DC=com
Identity                        : LSIEXCHANGE\Rpc (Default Web Site)
Guid                            : e07a7d60-fb53-4b20-b535-56ced82af173
ObjectCategory                  : lsisolutions.com/Configuration/Schema/ms-Exch
                                  -Rpc-Http-Virtual-Directory
ObjectClass                     : {top, msExchVirtualDirectory, msExchRpcHttpVi
                                  rtualDirectory}
WhenChanged                     : 3/3/2011 12:41:12 PM
WhenCreated                     : 7/21/2010 9:54:00 AM
OriginatingServer               : lsiadc02.lsisolutions.com
IsValid                         : True


0
 
LVL 11

Expert Comment

by:MichaelVH
Comment Utility
Can you change the authentication from NTLM to basic please?
0
 
LVL 20

Expert Comment

by:SatyaPathak
Comment Utility
did u rty to ran the https://www.testexchangeconnectivity.com/ and check it .
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:Sma11T0wnITGuy
Comment Utility
Michael-Changing the authentication level does not help

Satya-The test is fine until the final step, Testing SSL mutual authentication with the RPC proxy server.  

The certificate common name lsiexchange.lsisolutions.com doesn't validate against the mutual authentication string that was provided: msstd:*.lsisolutions.com
0
 
LVL 11

Accepted Solution

by:
MichaelVH earned 500 total points
Comment Utility
Your outlook still represents the config for the wildcard cert you had before. You should first of all change the Outlookprovider

first check the Outlookprovider "EXPR" to see what setting it has for the certprincipalname. (probably "*.etc")

You should (if it's set to "*.etc") change it like this:

Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:lsiexchange.lsisolutions.com

Grts,

Michael
0
 

Author Comment

by:Sma11T0wnITGuy
Comment Utility
Michael,

I just ran that command, and it looks like I'm able to connect now.  I will try a few other clients as well.  testexchangeconnectivity.com is going through now as well.
0
 

Author Closing Comment

by:Sma11T0wnITGuy
Comment Utility
Michael,

Great work, that fixed it up.  My remotes need to VPN in once to get the settings, but its working beyond that.  Thank you again.
0
 
LVL 11

Expert Comment

by:MichaelVH
Comment Utility
You're most welcome.

I'm glad you got it working again.

Grts,

Michael
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

If you don't know how to downgrade, my instructions below should be helpful.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now