Solved

Outlook Anywhere Certificate Problem - SBS 2008

Posted on 2012-03-20
6
1,302 Views
Last Modified: 2012-04-10
I inherited an SBS 2008 from the client's former IT support tech.  It works pretty well, even though it is obvious that he did most of the configuration manually rather than with the wizards.  I have had to clean up some things.

The issue that has come up is that a remote user who has been able to access his Exchange email via Outlook Anywhere is now receiving a message indicating the certificate cannot be verified.  Also, when I tried to setup a test Outlook Anywhere for the Administor account, I was not able to connect to the server.

I may have inadvertantly caused this by running the Certificate Wizard.  But frankly, I am not real familiar with certificates and could really use some guidence.

I will refer to my environment as:
   Domain: mydomain.com
   Mail server: mail.mydomain.com
   SBS Box: myservername

I have run the Microsoft Remote Connectivity Analyzer.  The analyzer returned with "Certificate trust validation failed".

Here is a summary of the Analyzer steps:

    Remote Conectivity Analyzer
    Outlook Anywhere (RPC over HTTP)

    Email Address: administrator@mydomain.com
    Domain\User name: mydomain\administrator
    Password: xxxx
    Manually specify server settings:
    - RPC proxy server: mail.mydomain.com
    - Exchange server: MDSRVR
    - Mutual authentication principle name (auto fill): msstd.mail.stonegatefoods.com
    - PRPC proxy authentication method: Basic (I also tried Ntlm)

    Test Steps:
    Certificate trust is being validated.
    Certificate trust validation failed.
    Test Steps
    - The host name resolved successfully
    - The port was opened successfully
    Failed: Test SSL certificate to make sure it's valid
    - ExRCA successfully obtained the remote SSL certificate
    - The certificate name was validated successfully

    Certificate trust validation failed
    Test Steps:
       - ExRCA is attempting to build certificate chains for certificate CN=mail.mydomain.com.
       - A certificate chain couldn't be constructed for the certificate.
       -Additional Details
      - The certificate chain couldn't be built. You may be missing required intermediate certificates
 

On the SBS Managem Console, I ran the Trusted Certificate Wizard to view the installed certificate.  It appears that there may be more than one certificate.  I believe there is a self-issued certificate that is the child of a purchased certificate (this is where I am confused).  The date on the child certificate corresponds with the date that the user started receiving the certificate message in Outlook.  So, I think I might have screwed it up without intention.

Here is a summary of the Trusted Certificate Wizard:

Add a Trusted Certificate Wizard.
 Use a certificate that is already installed on the server.
 Choose an installed certificate (NOTE: There was only one certificate listed)
   Issued to: mail.mydomian.com
   Issued by: mydomain-myservername-CA
   Expiration: 3/10/14
   Type: Self-Issued

View Certificate button:
General tab:
   This certificate is intended for the following purpose(s):
       - Ensures the identity of a remote computer
   Shows the same information as above.
   Valid from: 3/10/12 - 3/10/14  (NOTE: The problem started on 3/10)

Certificate Path tab:
   Root: mydomain-myservername-CA (Certificate Status = OK; View Certificate button = Enabled)
         Sub: mail.mydomain.com (Certificate Status = OK; View Certificate button = Disabled)

Selecton the Root Certificate, click the View Certificate button:
   This certificate is intended for the following purpose(s):
       - All issuance policies
       - All application policies
   Issued to: mydomain-myservername-CA
   Issued by: mydomain-myservername-CA
   Valid from: 3/2/11 - 3/2/16

So, I need help resolving this issue so I can test and confirm it by setting up Outlook Anywhere.  I also need to notify the client that things are back to normal, and what he need to do (if anything) to get his mail via Outlook.

This is a burning issue and I appreciate all the help I can get.  As well as insight as to what happened.

Thanks!!
0
Comment
Question by:beyondt
  • 3
  • 3
6 Comments
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 37746683
So go to Public - Download and get the certificate distribution folder there.   put it on a flash drive...then run on the problem computer and report back if still an issue
0
 

Author Comment

by:beyondt
ID: 37747311
When you say go to public, do you mean the Public folder?
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 37747320
On the server you should see Users > Public > Downloads

If you're browsing from a workstation you should see a share called Public Downloads I believe
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Accepted Solution

by:
beyondt earned 0 total points
ID: 37747987
I found it.
I am working remotely.  Can I run the InstallCertificate.exe from the Public\Downloads folder directly?  Do I need to run it from an external device?
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 37749621
the whole folder needs to be copied to the machine where the cert is needed and then run it there
0
 

Author Closing Comment

by:beyondt
ID: 37826815
I ended up calling Microsoft Support.  I installed teh certificate as suggested, by running the installcertificate.exe file but the certificate would not install.  I had to manually import the certificate by creating a Certificate mmc and importing the cer file into the Trusted Root Certificates folder.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question