error code 10 when using Outlook anywhere

I only have this error when trying to connect Outlook 2010 to my Exchange server 2010, I get a certificate error when going to OWA but I can still access it. I know its a cert error but from what I have found is that the error means that the cert doesnt match the site mail.****.com. So I need so input on this since i have never created a cert.
tremontexpertAsked:
Who is Participating?
 
bahigeCommented:
If you use a self-signed cert, then you have to add it to every machine that will be utilizing Outlook Anywhere.  A good way to test it is to go to OWA (if you are using the same site).  If you get an error message, then you have these possible issues:
1.  The cert if not trusted on the machine.  You can install the cert so that the machine trusts it.
2.  The cert is expired and needs to be renewed
3.  The cert name doesn't match the website you are going to.  If the site and Outlook anywhere dns record are mail.company.com, then the SSL cert has to be that as well.  You can name the cert whatever you want (even if you self signed it) but you need to make sure it matches the website name.

When you purchase a cert from Godaddy, a company called Starfield issues the certs.  They give you your cert and then they also give you the Starfield Intermediate cert.  That is the cert that has to go into the intermediate cert store.  The other cert (with your custom name) should get placed into the cert store by the exchange wizard that runs.  Godaddy gives you exact instructions here:
http://help.godaddy.com/article/5346 if you decide to use them.  You don't have to if you have a self signed cert that is trusted on all client machines, is not expired, and matches the external dns name of the Outlook anywhere or OWA site.

Make sense?
0
 
bahigeCommented:
Go to http://www.testexchangeconnectivity.com and run the Outlook Anywhere test from there.
It will help you figure out where the issue is.
0
 
tremontexpertAuthor Commented:
I have ran this test before, I dont understand why you would need an ssl certificate to run Outlook anywhere when im running basic authentication. it saying that the server certificate doesn't match mail.XXX.com, so I guess i need to create a new one? and if so how? I never had to create a new certificate.
Thanks for your help.
0
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

 
bahigeCommented:
Exchange 2010 has an SSL wizard.  You should be able to go into Exchange Management Console -> Click on Server Configuration -> the menu on the right should have an SSL wizard there.  I think it will give you the option to create a self signed one (for free) or create a request and send the request to an SSL certificate issuer like Godaddy.  Using a company like Godaddy, the cert created will be automatically trusted by the computers connecting to the server.  It is more convenient.  Godaddy is about $50/yr for a cert.

This page tells you how to setup Outlook Anywhere with an SSL cert after the cert is setup:
http://technet.microsoft.com/en-us/library/bb123542.aspx
0
 
tremontexpertAuthor Commented:
I went through and got the new cert created and sent through certsrv, completed the cert request in exchange and installed in the trusted root folder....im getting the same error but now the code is 8...WTF...LOL, I thought this feature was suppose to work out of the box? Any input is appreciated!!
0
 
bahigeCommented:
What does this page say:
http://www.testexchangeconnectivity.com
When you do the Outlook Anywhere (RPC over HTTP) test

What did you use to create the cert and what did you call the cert?  If you got the cert from godaddy, you need to place the intermediate cert in your servers intermediate cert store.

What are the exact error codes you are getting?
0
 
tremontexpertAuthor Commented:
I just recreated the cert in exchange and added it to the trusted root cert folder. I was starting to think that you have to have a commercial SSL cert to use this part of exchange. The cert name should be the name of the external site and needs to be added to the trusted root and intermediate cert locations? You cant use a self created cert for this, correct?
0
 
bahigeCommented:
Once you have a good cert installed, you can run this command:
Enable-OutlookAnywhere -Server SERVERNAME -ExternalHostname "mail.company.com" -DefaultAuthenticationMethod "Basic" -SSLOffloading:$False
0
 
bahigeCommented:
Changing the authentication method to NTLM can also help (instead of the command above):

Enable-OutlookAnywhere -Server SERVERNAME -ExternalHostname "mail.company.com" -DefaultAuthenticationMethod "NTLM" -SSLOffloading:$False

NTLM also prevents the users from being asked for a username/password if they use domain machines so that may be nice as well.
0
 
tremontexpertAuthor Commented:
The only thing that stinks is that it takes so long to get an exceptable answer for the question.
0
 
bahigeCommented:
4/2 to 4/5 (for last response) and no one else responded or tried to help you.  I don't thnk that's long at all.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.