?
Solved

SBS 2011 Outlook over RPC

Posted on 2011-10-19
20
Medium Priority
?
892 Views
Last Modified: 2013-12-02
Hello Experts
   I am new to the server environment and got a chance to deploy my first server in a small environment
Every thing is working like a charm but now i want to configure laptop to be able to connect to exchange without the use of VPN from outside the office

Hence RPC over HTTP

I am using SBS 2011 and the provided certificate from the exchange console (i hope its the right one)
I am using the certificate which says configured for remote.domain.com.au and is not a self signed
Configured as remote.domain.com.au

when i connect the outlook from outside i get error that the certificate is not valid and that its not trusted even if i have installed the certificate

Do i need any extra configuration for the Exchange or the external DNS for this to work
I am sorry to say that but i have very limited support from my colleagues

Thanks a lot for your support in advance
0
Comment
Question by:Sabi Goraya
  • 12
  • 5
  • 2
  • +1
20 Comments
 
LVL 16

Expert Comment

by:Madan Sharma
ID: 36991693
you need to issue SSL certificate from an trusted SSL authority like from geotrust, godaddy or verisign etc with minimum following SAN names:
autodiscover.yourdomain.com
yourowa url or remote.yourdomainname.com
your cas server FQDN
you can easily genrate the CSR using exchange certificate wizard
also need to enable outlook anywhere on your cas server under server configuratin -> Client access-> enable outlook anywhere.
0
 
LVL 4

Author Comment

by:Sabi Goraya
ID: 36991726
Thanks for your response

But i was told that SBS 2011 you can configure without buying a ssl certificate...is that right else i was  given wrong info

Also the console shows the option to disable outlook anyware which i assume means that is enabled

Thanks
0
 
LVL 16

Expert Comment

by:Madan Sharma
ID: 36991764
yes you can configure it without buying an ssl certificate and you can generate your own self signed certificate. but it will only work on the following conditions from your outside network
1. Client should be member of your domain network so that he can trust on your self signed certificate
2. you need to install your certificate generating server's root certificate on client

yes it means your outlook anywhere is enabled and the owa url should be present as in your self signed certificate as SAN to work it properly.

here is the step by step guideline for it http://www.msexchange.org/tutorials/outlook_2003_connect_exchange_2003.html

this guideline is on older version but need to all these steps in your environment with some interface changes
Good Luck
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
LVL 4

Author Comment

by:Sabi Goraya
ID: 36991855
This is the error i am getting after installing the Certificate
I have installed the certificate from the exchange and outlook anyware is enabled

  ConnectCG-513455.flv
0
 
LVL 4

Author Comment

by:Sabi Goraya
ID: 36991875
HI i have attached the available exchange certificates
Please note these are just the default ones which the server created for me
I am using the second certificate for configuration
and the name is resolved by dns without any problem

 Avalable SSL Certificates
0
 
LVL 16

Expert Comment

by:Madan Sharma
ID: 36991921
your error is showing that certificate authority is not trusted. you need to install your certificate authority root certificate on your client pc. do the following steps
1. obtain root certificate from your certificate authority
2. on client go to rum and type mmc
3. clcik on file add/remove snap in
4. select certificate click on add choose local computer and then ok
5. Select trusted root certification do a right click and select all tasks and then import
6. certificate import wizard will open and import your certificate authority root certificate.

0
 
LVL 18

Expert Comment

by:irweazelwallis
ID: 36991945
what URL have you set up for Outlook anywhere

if you are using a single name ccertificate you will need to set up external DNS records for
autodiccover and the outlook anywhere url to point at the same thing

https://www.testexchangeconnectivity.com/

use this MS website to do your tests and it will tell you what it stopping it working

depending on which company signed the Certificate you might need to add the certificate chain to make it trusted
the company your bought the cert from should be able to give you details of that

0
 
LVL 4

Author Comment

by:Sabi Goraya
ID: 36992123
The test suggested by irweazelwallis: tells me that autodiscover.mydomain name is not available

I will add the DNS for that and see if that help

Autodiscover.domainname.com.au is the default address for autodiscover...is it,,,,?

can i find with what address the exchange is configured for autodiscover

Thanks
I have also added some more screen shots following akicute555: 's recomendation
0
 
LVL 4

Author Comment

by:Sabi Goraya
ID: 36992128
Certificate
Certificate1
0
 
LVL 16

Expert Comment

by:Madan Sharma
ID: 36992183
your test will never be success on www.testexchangeconnectivity.com because you are not using SSL from any trusted SSL authority while you are generating it from your local active directory certificate authority.

You need to install your CA root certificate on your client as I already mentioned in my previous post.
You can easiely get the your CA certificate. just open http://yourDCFDQNName/certsrv/ login with your administrator account
click on download CA certificate
once it will be download follow steps from my previous post
0
 
LVL 4

Author Comment

by:Sabi Goraya
ID: 36992339
akicute555:    The address is not opening up
Possibly doesn't exist
Thanks
0
 
LVL 4

Author Comment

by:Sabi Goraya
ID: 36992348
irweazelwallis:   the Autodiscover URL is remote.domain.com.au
Thanks
0
 
LVL 18

Expert Comment

by:irweazelwallis
ID: 36992355
have a look at IIS on the server that has your CA running on it
0
 
LVL 4

Author Comment

by:Sabi Goraya
ID: 36992396
No I can't open it locally on it aswell and there is no directory by that name aswell under default website
Thanks
0
 
LVL 16

Expert Comment

by:Madan Sharma
ID: 36992406
please tell us the procedure how are you getting your certificate from the server ??
0
 
LVL 4

Author Comment

by:Sabi Goraya
ID: 36992541
I went to the exchange console and from there just export the certificate into a file and then install it manually by double clicking on the laptop
Thanks
0
 
LVL 17

Accepted Solution

by:
James H earned 2000 total points
ID: 36992588
0
 
LVL 4

Author Comment

by:Sabi Goraya
ID: 36992606
Thanks spartan
I will try that and get back to u...
Thanks again guys
0
 
LVL 4

Author Comment

by:Sabi Goraya
ID: 36996692
Thanks Guys for Your support
I think i need to understand certificates in detail

Thanks again for your support
0
 
LVL 4

Author Closing Comment

by:Sabi Goraya
ID: 36996705
Thanks Spartan
   
I think i was using the wrong certificate

The certificate which this process installed was for the Server
The ones i showed in the previous post were for the remote.domain.com.au

That's why it wasn't trusting he server

Please do let me know if that's the right understanding so that i know where i went wrong

Thanks
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
Exchange administrators are always vigilant about Exchange crashes and disasters that are possible any time. It is quite essential to identify the symptoms of a possible Exchange issue and be prepared with a proper recovery plan. There are multiple…
how to add IIS SMTP to handle application/Scanner relays into office 365.
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…
Suggested Courses
Course of the Month16 days, 5 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question