Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1324
  • Last Modified:

Outlook Anywhere Certificate Problem - SBS 2008

I inherited an SBS 2008 from the client's former IT support tech.  It works pretty well, even though it is obvious that he did most of the configuration manually rather than with the wizards.  I have had to clean up some things.

The issue that has come up is that a remote user who has been able to access his Exchange email via Outlook Anywhere is now receiving a message indicating the certificate cannot be verified.  Also, when I tried to setup a test Outlook Anywhere for the Administor account, I was not able to connect to the server.

I may have inadvertantly caused this by running the Certificate Wizard.  But frankly, I am not real familiar with certificates and could really use some guidence.

I will refer to my environment as:
   Domain: mydomain.com
   Mail server: mail.mydomain.com
   SBS Box: myservername

I have run the Microsoft Remote Connectivity Analyzer.  The analyzer returned with "Certificate trust validation failed".

Here is a summary of the Analyzer steps:

    Remote Conectivity Analyzer
    Outlook Anywhere (RPC over HTTP)

    Email Address: administrator@mydomain.com
    Domain\User name: mydomain\administrator
    Password: xxxx
    Manually specify server settings:
    - RPC proxy server: mail.mydomain.com
    - Exchange server: MDSRVR
    - Mutual authentication principle name (auto fill): msstd.mail.stonegatefoods.com
    - PRPC proxy authentication method: Basic (I also tried Ntlm)

    Test Steps:
    Certificate trust is being validated.
    Certificate trust validation failed.
    Test Steps
    - The host name resolved successfully
    - The port was opened successfully
    Failed: Test SSL certificate to make sure it's valid
    - ExRCA successfully obtained the remote SSL certificate
    - The certificate name was validated successfully

    Certificate trust validation failed
    Test Steps:
       - ExRCA is attempting to build certificate chains for certificate CN=mail.mydomain.com.
       - A certificate chain couldn't be constructed for the certificate.
       -Additional Details
      - The certificate chain couldn't be built. You may be missing required intermediate certificates
 

On the SBS Managem Console, I ran the Trusted Certificate Wizard to view the installed certificate.  It appears that there may be more than one certificate.  I believe there is a self-issued certificate that is the child of a purchased certificate (this is where I am confused).  The date on the child certificate corresponds with the date that the user started receiving the certificate message in Outlook.  So, I think I might have screwed it up without intention.

Here is a summary of the Trusted Certificate Wizard:

Add a Trusted Certificate Wizard.
 Use a certificate that is already installed on the server.
 Choose an installed certificate (NOTE: There was only one certificate listed)
   Issued to: mail.mydomian.com
   Issued by: mydomain-myservername-CA
   Expiration: 3/10/14
   Type: Self-Issued

View Certificate button:
General tab:
   This certificate is intended for the following purpose(s):
       - Ensures the identity of a remote computer
   Shows the same information as above.
   Valid from: 3/10/12 - 3/10/14  (NOTE: The problem started on 3/10)

Certificate Path tab:
   Root: mydomain-myservername-CA (Certificate Status = OK; View Certificate button = Enabled)
         Sub: mail.mydomain.com (Certificate Status = OK; View Certificate button = Disabled)

Selecton the Root Certificate, click the View Certificate button:
   This certificate is intended for the following purpose(s):
       - All issuance policies
       - All application policies
   Issued to: mydomain-myservername-CA
   Issued by: mydomain-myservername-CA
   Valid from: 3/2/11 - 3/2/16

So, I need help resolving this issue so I can test and confirm it by setting up Outlook Anywhere.  I also need to notify the client that things are back to normal, and what he need to do (if anything) to get his mail via Outlook.

This is a burning issue and I appreciate all the help I can get.  As well as insight as to what happened.

Thanks!!
0
beyondt
Asked:
beyondt
  • 3
  • 3
1 Solution
 
Cris HannaCommented:
So go to Public - Download and get the certificate distribution folder there.   put it on a flash drive...then run on the problem computer and report back if still an issue
0
 
beyondtAuthor Commented:
When you say go to public, do you mean the Public folder?
0
 
Cris HannaCommented:
On the server you should see Users > Public > Downloads

If you're browsing from a workstation you should see a share called Public Downloads I believe
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
beyondtAuthor Commented:
I found it.
I am working remotely.  Can I run the InstallCertificate.exe from the Public\Downloads folder directly?  Do I need to run it from an external device?
0
 
Cris HannaCommented:
the whole folder needs to be copied to the machine where the cert is needed and then run it there
0
 
beyondtAuthor Commented:
I ended up calling Microsoft Support.  I installed teh certificate as suggested, by running the installcertificate.exe file but the certificate would not install.  I had to manually import the certificate by creating a Certificate mmc and importing the cer file into the Trusted Root Certificates folder.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now