Exchange 2010 SSL certificate misconfiguration is causing all kinds of problems.
Posted on 2011-05-12
If it's not broke, don't fix it...well, I definitely fixed it.
Recently I purchased a SSL certificate for my Exchange 2010 server. Once I had installed it I noticed that 2 things were not working correctly; users were able to check their mail without being required to visit https (no redirection), and I was getting a certificate warning when my Outlook 2007 users would first open the program.
Through my course of attempted repairs, I was able to manipulate IIS and Exchange to force the redirect to https from http when using OWA. I then worked on fixing the mismatched certificate warning for Outlook users. Well, my process for this involved changing the URLs and I used some powershell commands and I was finally able to get the certificate warning to go away. Unfortunately, it was the start of other problems. After that occurred, Outlook users were required to enter in their credentials to use Outlook, which they had previously never done. If they selected the "remember my password" check box, they were still required to enter in their credentials the next time they opened up Outlook. Then I was informed that OWA presents users with an error when they try to delete a message.
In desperation I decided to attempt to reset things back to the way they were before the certificate and while I was able to change the previously changed URLs and remove the certificate and the automatic redirect, Outlook still prompts users for a password and OWA still prevents users from deleting messages.
My environment is: Windows Server 2008 R2, Exchange 2010 SP1, IIS 7. My clients are all using Windows 7 Professional with IE8. My original self-signed cert had the server name as "mail" and the certificate was change to "mail.wpcadets.org". Even though the new SSL cert is exported off the server it is still prompting users to enter in credentials for "mail.wpcadets.org", which is nearly the opposite problem I had in the beginning.
Thanks in advance.