SBS 2011 Outlook over RPC
Hello Experts
I am new to the server environment and got a chance to deploy my first server in a small environment
Every thing is working like a charm but now i want to configure laptop to be able to connect to exchange without the use of VPN from outside the office
Hence RPC over HTTP
I am using SBS 2011 and the provided certificate from the exchange console (i hope its the right one)
I am using the certificate which says configured for remote.domain.com.au and is not a self signed
Configured as remote.domain.com.au
when i connect the outlook from outside i get error that the certificate is not valid and that its not trusted even if i have installed the certificate
Do i need any extra configuration for the Exchange or the external DNS for this to work
I am sorry to say that but i have very limited support from my colleagues
Thanks a lot for your support in advance
I am new to the server environment and got a chance to deploy my first server in a small environment
Every thing is working like a charm but now i want to configure laptop to be able to connect to exchange without the use of VPN from outside the office
Hence RPC over HTTP
I am using SBS 2011 and the provided certificate from the exchange console (i hope its the right one)
I am using the certificate which says configured for remote.domain.com.au and is not a self signed
Configured as remote.domain.com.au
when i connect the outlook from outside i get error that the certificate is not valid and that its not trusted even if i have installed the certificate
Do i need any extra configuration for the Exchange or the external DNS for this to work
I am sorry to say that but i have very limited support from my colleagues
Thanks a lot for your support in advance
ASKER
Thanks for your response
But i was told that SBS 2011 you can configure without buying a ssl certificate...is that right else i was given wrong info
Also the console shows the option to disable outlook anyware which i assume means that is enabled
Thanks
But i was told that SBS 2011 you can configure without buying a ssl certificate...is that right else i was given wrong info
Also the console shows the option to disable outlook anyware which i assume means that is enabled
Thanks
yes you can configure it without buying an ssl certificate and you can generate your own self signed certificate. but it will only work on the following conditions from your outside network
1. Client should be member of your domain network so that he can trust on your self signed certificate
2. you need to install your certificate generating server's root certificate on client
yes it means your outlook anywhere is enabled and the owa url should be present as in your self signed certificate as SAN to work it properly.
here is the step by step guideline for it http://www.msexchange.org/tutorials/outlook_2003_connect_exchange_2003.html
this guideline is on older version but need to all these steps in your environment with some interface changes
Good Luck
1. Client should be member of your domain network so that he can trust on your self signed certificate
2. you need to install your certificate generating server's root certificate on client
yes it means your outlook anywhere is enabled and the owa url should be present as in your self signed certificate as SAN to work it properly.
here is the step by step guideline for it http://www.msexchange.org/tutorials/outlook_2003_connect_exchange_2003.html
this guideline is on older version but need to all these steps in your environment with some interface changes
Good Luck
ASKER
This is the error i am getting after installing the Certificate
I have installed the certificate from the exchange and outlook anyware is enabled
ConnectCG-513455.flv
I have installed the certificate from the exchange and outlook anyware is enabled
ConnectCG-513455.flv
ASKER
HI i have attached the available exchange certificates
Please note these are just the default ones which the server created for me
I am using the second certificate for configuration
and the name is resolved by dns without any problem
Please note these are just the default ones which the server created for me
I am using the second certificate for configuration
and the name is resolved by dns without any problem
your error is showing that certificate authority is not trusted. you need to install your certificate authority root certificate on your client pc. do the following steps
1. obtain root certificate from your certificate authority
2. on client go to rum and type mmc
3. clcik on file add/remove snap in
4. select certificate click on add choose local computer and then ok
5. Select trusted root certification do a right click and select all tasks and then import
6. certificate import wizard will open and import your certificate authority root certificate.
1. obtain root certificate from your certificate authority
2. on client go to rum and type mmc
3. clcik on file add/remove snap in
4. select certificate click on add choose local computer and then ok
5. Select trusted root certification do a right click and select all tasks and then import
6. certificate import wizard will open and import your certificate authority root certificate.
what URL have you set up for Outlook anywhere
if you are using a single name ccertificate you will need to set up external DNS records for
autodiccover and the outlook anywhere url to point at the same thing
https://www.testexchangeconnectivity.com/
use this MS website to do your tests and it will tell you what it stopping it working
depending on which company signed the Certificate you might need to add the certificate chain to make it trusted
the company your bought the cert from should be able to give you details of that
if you are using a single name ccertificate you will need to set up external DNS records for
autodiccover and the outlook anywhere url to point at the same thing
https://www.testexchangeconnectivity.com/
use this MS website to do your tests and it will tell you what it stopping it working
depending on which company signed the Certificate you might need to add the certificate chain to make it trusted
the company your bought the cert from should be able to give you details of that
ASKER
The test suggested by irweazelwallis: tells me that autodiscover.mydomain name is not available
I will add the DNS for that and see if that help
Autodiscover.domainname.co
can i find with what address the exchange is configured for autodiscover
Thanks
I have also added some more screen shots following akicute555: 's recomendation
I will add the DNS for that and see if that help
Autodiscover.domainname.co
can i find with what address the exchange is configured for autodiscover
Thanks
I have also added some more screen shots following akicute555: 's recomendation
ASKER
your test will never be success on www.testexchangeconnectivity.com because you are not using SSL from any trusted SSL authority while you are generating it from your local active directory certificate authority.
You need to install your CA root certificate on your client as I already mentioned in my previous post.
You can easiely get the your CA certificate. just open http://yourDCFDQNName/certsrv/ login with your administrator account
click on download CA certificate
once it will be download follow steps from my previous post
You need to install your CA root certificate on your client as I already mentioned in my previous post.
You can easiely get the your CA certificate. just open http://yourDCFDQNName/certsrv/ login with your administrator account
click on download CA certificate
once it will be download follow steps from my previous post
ASKER
akicute555: The address is not opening up
Possibly doesn't exist
Thanks
Possibly doesn't exist
Thanks
ASKER
irweazelwallis: the Autodiscover URL is remote.domain.com.au
Thanks
Thanks
have a look at IIS on the server that has your CA running on it
ASKER
No I can't open it locally on it aswell and there is no directory by that name aswell under default website
Thanks
Thanks
please tell us the procedure how are you getting your certificate from the server ??
ASKER
I went to the exchange console and from there just export the certificate into a file and then install it manually by double clicking on the laptop
Thanks
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks spartan
I will try that and get back to u...
Thanks again guys
I will try that and get back to u...
Thanks again guys
ASKER
Thanks Guys for Your support
I think i need to understand certificates in detail
Thanks again for your support
I think i need to understand certificates in detail
Thanks again for your support
ASKER
Thanks Spartan
I think i was using the wrong certificate
The certificate which this process installed was for the Server
The ones i showed in the previous post were for the remote.domain.com.au
That's why it wasn't trusting he server
Please do let me know if that's the right understanding so that i know where i went wrong
Thanks
I think i was using the wrong certificate
The certificate which this process installed was for the Server
The ones i showed in the previous post were for the remote.domain.com.au
That's why it wasn't trusting he server
Please do let me know if that's the right understanding so that i know where i went wrong
Thanks
autodiscover.yourdomain.co
yourowa url or remote.yourdomainname.com
your cas server FQDN
you can easily genrate the CSR using exchange certificate wizard
also need to enable outlook anywhere on your cas server under server configuratin -> Client access-> enable outlook anywhere.