Exchange 2010 v14.11.0722.000 on Server 2008 R2 8GB RAM with 20 angry Windows 7 SP1 clients with Outlook 2010.

Exchange 2010 v14.11.0722.000 on Server 2008 R2 8GB RAM with 20 angry Windows 7 SP1 clients with Outlook 2010.
Up front let me state that I am in no way an Exchange expert. The same holds true for IIS. That said, here’s the problem:
 Our SSL certificate was due to expire 12.30.11 (GoDaddy) and everything was functioning perfectly, Outlook client email, all mobile devices (iPhone & Android) and Outlook mail via a VPN connection.  I purchased a new UCC SSL certificate from GoDaddy and with their help installed it. Since that time nothing has functioned normally.
1.Constant password prompts from Outlook 2010 and loss of access to public calendars (meeting rooms)
a.If I export the new security cert. and import it to the client PC via control panel / user accounts / manage your credentials / certificate based credentials the password prompts seem to go away. If the client PC is a laptop the problem reoccurs when they VPN to check email from home.
2.None of the mobile devices will synch with Exchange. On an iPhone for example when I set up the Exchange account the account will verify in the first step then after entering the server name and the second verification I get Exchange Account Unable to verify Account Information.
3.Outlook Web Access seems to function normally.
Any and all assistance you can offer will be gratefully received. As I stated earlier I am a rookie at this. Server and client PC problems I can deal with but this Exchange problem has me fearing for my job. Thank you all in advance.
Richard Treat
P.S. Hopefully the attached screen shots from  will help. First test First test result Second testRemoteConnectivityD.JPG
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Maen Abu-TabanjehNetwork Administrator, Network ConsultantCommented:
first step .. go to domain management , then DNS , if there is A record titled by then delete it and create new SRV recrod _tcp , call it and point to your real IP.
other point of certificate side , you need to included alternative names in new certificate :

alternative names :

these names should be exist on your SSL certificate.

do it and update me

Before you do anything can you remember if you assigned services to the new certificate after you assigned it?

Don't delete or re create anything just yet the connectivity test show an active sync test failing because of a failed password. Are you sure your entering the correct internal domain and username / password?

It's quite possible people's user accounts are now disabled so check a few users to see if this is the case, you can use powershell to find and unlock accounts later.
TreatmefairAuthor Commented:
Jordannet & Radweld,
Thank you both for your reply. Services assigned are IMAP, POP, IIS, SMTP. Jordannet - I annot find a record record titled by Maybe I am looking in the wrong place. Radweld - The test was run on my account and it is not locked out. I ran more the than once with the same result.Also please see screen shots below. Thanks again
Richard DNS Alt names
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Maen Abu-TabanjehNetwork Administrator, Network ConsultantCommented:
you missed something,i mean by domain dns not windows dns,but u r management host,u can find dns management of your domain in the domain host on control panel
TreatmefairAuthor Commented:
I am in the Exchange server control panel\administrative tools\DNS. Am I in the right place (see screenshot) and if so where do I look for record titled
Just one thing. Active sync won't work an admin account, when your trying you mobile devices make sure it's a non admin account.
TreatmefairAuthor Commented:
Steps Taken by me to Resolve Exchange Issues
-Disabled basic and WI from the DWS and left it as "anonymous" and removed redirection
-Removed the Basic authentication from EWS and left as "Windows Integrated"
-Did iisreset
-Tried to browse the DWS and it failed with error "Access Denied"
-Downloaded  all the hotfixes and installed on the server for the SP1 pre-requisites
-Ran the following cmd :
Import-Module ServerManager
Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process- Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,Web-Asp-Net,Web-Client-Auth,Web-Dir-Browsing,Web-Http- Errors,Web-Http-Logging,Web-Http-Redirect,Web-Http-Tracing,Web-ISAPI-Filter,Web-Request-Monitor,Web-Static-Content,Web-WMI,RPC-Over-HTTP-Proxy -Restart
-Rebooted the server
-After the reboot installed the SP1 upgrade and it was successful and then rebooted the server again
-After the reboot tried to open EMC and it failed
-Removed the web.config file from the Default Web site and did IISRESET
-Checked the modules under the Default Web Site and found the kerbauth module present there
-So went ahead and removed the kerbauth module from the Default Web Site and did iisreset
-Tried to browse the Default Web Site this time and we got the default IIS 7 page
-Ran the following cmd:
Remove-AutodiscoverVirtualDirectory -Identity "XXX-EXCH\autodiscover (Default Web Site)"
Remove-webservicesvirtualdirectory -identity "XXX-EXCH\EWS (Default Web Site)"

-Did iisreset
 Download Netmon from below
Microsoft Network Monitor 3.4
1. Did the following on Client’s PC
2. Launch Netmon
 3. Go to View => Select Networks & select your NIC adapter
 4. Go to New => Capture & start the capture by clicking on the Start button
5. Reproduce the password popup issue four times
6. Stop the capture by clicking on the Stop button
 7. Save the capture
8. FTP capture file to Microsoft for evaluation
-For the OWA and ActiveSync issue:
-Ran the following command to remove and recreate the following :
Remove-OwaVirtualDirectory -Identity "XXX-EXCH\OWA (Default Web Site)"
remove-Activesyncvirtualdirectory -identity "XXX-EXCH\Microsoft-server-activesync (Default Web Site)"
-Did iisreset
-OWA (Outlook WEB Application)started working
-Checked on the user properties and found "allow Inheritable permission was removed" so went ahead and applied it
-ActiveSync (iPhones) started working

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TreatmefairAuthor Commented:
Solved it myself & I deserve an "A"
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.