Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Outlook Anywhere Certificate Problem - SBS 2008

Posted on 2012-03-20
6
Medium Priority
?
1,316 Views
Last Modified: 2012-04-10
I inherited an SBS 2008 from the client's former IT support tech.  It works pretty well, even though it is obvious that he did most of the configuration manually rather than with the wizards.  I have had to clean up some things.

The issue that has come up is that a remote user who has been able to access his Exchange email via Outlook Anywhere is now receiving a message indicating the certificate cannot be verified.  Also, when I tried to setup a test Outlook Anywhere for the Administor account, I was not able to connect to the server.

I may have inadvertantly caused this by running the Certificate Wizard.  But frankly, I am not real familiar with certificates and could really use some guidence.

I will refer to my environment as:
   Domain: mydomain.com
   Mail server: mail.mydomain.com
   SBS Box: myservername

I have run the Microsoft Remote Connectivity Analyzer.  The analyzer returned with "Certificate trust validation failed".

Here is a summary of the Analyzer steps:

    Remote Conectivity Analyzer
    Outlook Anywhere (RPC over HTTP)

    Email Address: administrator@mydomain.com
    Domain\User name: mydomain\administrator
    Password: xxxx
    Manually specify server settings:
    - RPC proxy server: mail.mydomain.com
    - Exchange server: MDSRVR
    - Mutual authentication principle name (auto fill): msstd.mail.stonegatefoods.com
    - PRPC proxy authentication method: Basic (I also tried Ntlm)

    Test Steps:
    Certificate trust is being validated.
    Certificate trust validation failed.
    Test Steps
    - The host name resolved successfully
    - The port was opened successfully
    Failed: Test SSL certificate to make sure it's valid
    - ExRCA successfully obtained the remote SSL certificate
    - The certificate name was validated successfully

    Certificate trust validation failed
    Test Steps:
       - ExRCA is attempting to build certificate chains for certificate CN=mail.mydomain.com.
       - A certificate chain couldn't be constructed for the certificate.
       -Additional Details
      - The certificate chain couldn't be built. You may be missing required intermediate certificates
 

On the SBS Managem Console, I ran the Trusted Certificate Wizard to view the installed certificate.  It appears that there may be more than one certificate.  I believe there is a self-issued certificate that is the child of a purchased certificate (this is where I am confused).  The date on the child certificate corresponds with the date that the user started receiving the certificate message in Outlook.  So, I think I might have screwed it up without intention.

Here is a summary of the Trusted Certificate Wizard:

Add a Trusted Certificate Wizard.
 Use a certificate that is already installed on the server.
 Choose an installed certificate (NOTE: There was only one certificate listed)
   Issued to: mail.mydomian.com
   Issued by: mydomain-myservername-CA
   Expiration: 3/10/14
   Type: Self-Issued

View Certificate button:
General tab:
   This certificate is intended for the following purpose(s):
       - Ensures the identity of a remote computer
   Shows the same information as above.
   Valid from: 3/10/12 - 3/10/14  (NOTE: The problem started on 3/10)

Certificate Path tab:
   Root: mydomain-myservername-CA (Certificate Status = OK; View Certificate button = Enabled)
         Sub: mail.mydomain.com (Certificate Status = OK; View Certificate button = Disabled)

Selecton the Root Certificate, click the View Certificate button:
   This certificate is intended for the following purpose(s):
       - All issuance policies
       - All application policies
   Issued to: mydomain-myservername-CA
   Issued by: mydomain-myservername-CA
   Valid from: 3/2/11 - 3/2/16

So, I need help resolving this issue so I can test and confirm it by setting up Outlook Anywhere.  I also need to notify the client that things are back to normal, and what he need to do (if anything) to get his mail via Outlook.

This is a burning issue and I appreciate all the help I can get.  As well as insight as to what happened.

Thanks!!
0
Comment
Question by:beyondt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 37746683
So go to Public - Download and get the certificate distribution folder there.   put it on a flash drive...then run on the problem computer and report back if still an issue
0
 

Author Comment

by:beyondt
ID: 37747311
When you say go to public, do you mean the Public folder?
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 37747320
On the server you should see Users > Public > Downloads

If you're browsing from a workstation you should see a share called Public Downloads I believe
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Accepted Solution

by:
beyondt earned 0 total points
ID: 37747987
I found it.
I am working remotely.  Can I run the InstallCertificate.exe from the Public\Downloads folder directly?  Do I need to run it from an external device?
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 37749621
the whole folder needs to be copied to the machine where the cert is needed and then run it there
0
 

Author Closing Comment

by:beyondt
ID: 37826815
I ended up calling Microsoft Support.  I installed teh certificate as suggested, by running the installcertificate.exe file but the certificate would not install.  I had to manually import the certificate by creating a Certificate mmc and importing the cer file into the Trusted Root Certificates folder.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question