[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 765
  • Last Modified:

Exchange 2010 SSL certificate misconfiguration is causing all kinds of problems.

If it's not broke, don't fix it...well, I definitely fixed it.

Recently I purchased a SSL certificate for my Exchange 2010 server.  Once I had installed it I noticed that 2 things were not working correctly; users were able to check their mail without being required to visit https (no redirection), and I was getting a certificate warning when my Outlook 2007 users would first open the program.

Through my course of attempted repairs, I was able to manipulate IIS and Exchange to force the redirect to https from http when using OWA.  I then worked on fixing the mismatched certificate warning for Outlook users.  Well, my process for this involved changing the URLs and I used some powershell commands and I was finally able to get the certificate warning to go away.  Unfortunately, it was the start of other problems.  After that occurred, Outlook users were required to enter in their credentials to use Outlook, which they had previously never done.  If they selected the "remember my password" check box, they were still required to enter in their credentials the next time they opened up Outlook.  Then I was informed that OWA presents users with an error when they try to delete a message.

In desperation I decided to attempt to reset things back to the way they were before the certificate and while I was able to change the previously changed URLs and remove the certificate and the automatic redirect, Outlook still prompts users for a password and OWA still prevents users from deleting messages.

My environment is: Windows Server 2008 R2, Exchange 2010 SP1, IIS 7.  My clients are all using Windows 7 Professional with IE8.  My original self-signed cert had the server name as "mail" and the certificate was change to "mail.wpcadets.org".  Even though the new SSL cert is exported off the server it is still prompting users to enter in credentials for "mail.wpcadets.org", which is nearly the opposite problem I had in the beginning.

Thanks in advance.
0
Evan Hines
Asked:
Evan Hines
  • 2
  • 2
  • 2
1 Solution
 
askurat1Commented:
0
 
Evan HinesAuthor Commented:
Thanks askurat1!

I had previously seen and followed the instructions from the Microsoft link you provided.  What I decided to do with it this time was to use those commands to help reset my server back to where I started.  So I modified those commands to place those internal URLs back to http://mail.wpcadets.local and that worked.  At that point I was back where I had started without using my new SSL cert, but at least all the annoyances I recently introduced were eliminated.

After that point I imported my SSL cert and only assigned it to IIS, leaving my original self-signed cert incharge of IMAP, POP, and SMTP.  Then I attempted to use the instructions on the other link you provided and while it worked, I also found that it didn't capture all the possibilities for what I would like to redirect.  For example, I would like to redirect http://mail.wpcadets.org to https://mail.wpcadets.org/owa.  After some trial and error I believe I have things working the way I would like it.  Following is a screen shot of the IIS redirects, SSL settings and Error pages I used to make it work the way I would like it to.
A quick view of the Redirect, SSL and Custom Error pages used
If anyone has any suggestions on correcting these settings in IIS to make Exchange work the way it is supposed to, please share.  Things seem to be working fine now, but I very easily could have made a configuration mistake without realizing it.
0
 
praveenkumare_spCommented:
went through your configuration.

the only thing that looking odd to me is OWA redirection.

i have seen that it might cause a loop. but removing that might also remove redirection on exchange.

i am not in a place where i could test that out.


apart from that every thing looks great :)
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
askurat1Commented:
Mine are a little different. If you follow this link it works perfectly: http://kb.matthewtrotter.com/index.php/article/configuring-owa-redirect-on-iis-75-and-exchange-2010
 IIS Settings
By using these settings  when I go to mail.domain.com it redirects me to https://mail.domain.com/owa
0
 
Evan HinesAuthor Commented:
I did end up removing the redirect from OWA as it did cause some problems.  It seems that the only real difference between my setup and is my Redirect on Exchange and Exchweb.  Are they there for backwards compatibility for previous versions of Exchange?  That is one of those things I didn't know if I should redirect those pages or not.  It didn't seem to have any pages in those directories and other Exchange installs I've seen seem to redirect those pages to the OWA directory anyway, so that is why I set mine up like that.

I've just had one work day without any issues with this configuration (aside from the OWA redirection), so I'm going to say it's fixed.  Thanks everyone!
0
 
praveenkumare_spCommented:
This problem must be cloased accepting my solution as aboell has said that he is closing the thread saying "I did end up removing the redirect from OWA as it did cause some problems"

and in my answer 35752045 , i have said the "only thing that looking odd to me is OWA redirection."


let me know if you have more queries
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 2
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now