Outlook Anywhere, Autodiscover, Certificates

Posted on 2011-10-19
Last Modified: 2012-05-12
Trying to get Outlook Anywhere and Autodiscover to work.

Output from is attached.

During the discover process the certificate that is located on our firewall (GTA) is found, and not the certificate that we purchased and installed on the new (and the old) exchange server.

Errors out on name not in the cert

Internet->gta firewall->barracuda 300 spam firewall->Exchange Server 2010 running in co-exist mode with exchange 2003

Anyone with experience in setting up something similar?

Where to start the process of getting this to work?

Question by:Vince Glisson
    LVL 11

    Expert Comment

    did you but a UCC certificate or a single name certificate?  For exchange to work properly you will need the UCC certificate with all the SAN names in your organization.  such as - - - etc...
    LVL 10

    Author Comment

    by:Vince Glisson
    UCC with legacy and autodiscover
    LVL 6

    Expert Comment

    Follow this artcile step by step
    LVL 2

    Accepted Solution

    So is gta or barracuda publishing the namespace externally?  You have to have a valid certificate for those names on anything a client is going to actually hit.  If you are having clients hit gta or something before Client Access then you in a sense have an unsecure chain.    Autodiscover for instance does your external DNS record and wherever that points it, it attempts to establish a secure connection to that namespace ''.  If there isn't a secure answer (server has a cert with that namespace as the subject or SAN) then it won't be a secure connection and you'll get cert errors.

    As an example if you have ISA/TMG
    autodiscover does DNS look up for
    DNS points to TMG/ISA
    TMG/ISA has a web publishing rule that is attached to a web listener
    web listener has a valid SSL certificate with in it
    request is forwarded to CAS
    CAS has a valid SSL certificate with

    if TMG/ISA did not have that certificate it would be broken.

    You can either fix your certs on gta/barracuda or Nat those connections directly to the client access server(obviously not super secure)
    LVL 10

    Author Comment

    by:Vince Glisson
    On the barracuda i attempted to upload the certificate from the Adavanced tab --> Secure Aministration page, choosing Trusted CA, it then asks for the certificate and the private key (2 seperate files to upload)

    The only two files i received from godaddy have extensions of .p7b and .crt.

    I have not be able to upload either of these to the barracuda 300.

    Is there a file that contains the private key that i am missing?

    LVL 10

    Author Comment

    by:Vince Glisson

    The GTA has an internal cert that the autodiscover process is hitting, the name on the GTA cert is not in the UCC cert we purchased nor do i want it in there as we will be switching from GTA to another firewall vendor next year. I beleive i need to allow the request to go through the firewall (on 443) so it hits the server that has the name that matches the autodiscover process.



    Featured Post

    Are your corporate email signatures appalling?

    Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

    Join & Write a Comment

    Email statistics and Mailbox database quotas You might have an interest in attaining information such as mailbox details, mailbox statistics and mailbox database details from Exchange server. At that point, knowing how to retrieve this information …
    Sometimes Outlook might have problems sending a message. There may be various causes- corrupted PST, AV scanner etc. The message, instead of going to the Sent Items folder, sits in the Outbox indefinitely. To remove it you can use a free tool cal…
    In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now