[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Certificate setup for Outlook anywhere Exchange 2010

Posted on 2012-08-30
11
Medium Priority
?
796 Views
Last Modified: 2012-09-04
Hi There,

I would like to setup Outlook anywhere on a Exchange 2010 SP2 to allow remote workers access to their mailboxes.

RPC over HTTP proxy component was installed via Server Manager and we also have a SSL certificate installed as autodiscover.domain.com

I was following the article http://technet.microsoft.com/en-us/library/bb123542.aspx but I would like some help in regards to external host name (step 3) on EMC in order to get the Outlook anywhere installed correct as I am not very familiar with certificates.

Do I need to change/add any records on external DNS?

Thanks,
Rod
0
Comment
Question by:Rodrigo Carrilho
  • 6
  • 5
11 Comments
 
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 38351347
Hi,

Welcome to EE.

You will have to setup an host and mx record using the domain provider control panel.
The host record will be mail.domain.com which will point to IP address of your firewall if any.
the MX record will be created something like smtp.domain.com which will point to the host record that you have created. MX is used to tell other mail servers over internet that your exchange mail server is located on the IP address defined in host record.

While generating the certificate from a CA you will be providing the host record as one of the SAN (subject alternative names).

while setting up outlook anywhere you will be using mail.domain.com as your external host name.
0
 

Author Comment

by:Rodrigo Carrilho
ID: 38351453
Hi wasim-shaikh,

Thank you for your message. Just to make sure we are on the same page.

You wrote: "You will have to setup an host and mx record using the domain provider control panel."?

Do you mean I will have to setup a host record, like an A record?

I have already a MX record in place in order to get incoming emails.

current MX record: mx.domain.com pref: 10 IP: firewall IP

Shall I create another MX record "mail.domain.com" and point to the same IP address or just create a A record "mail.domain.com" and point to firewall IP?

In re: to generating the certificate do you have any article/step-by-step to recommend? OS is MS 2008 R2 SP1

Thanks,
Rod
0
 
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 38352256
generally the host record i.e., A record is used to reach the outlook web access OWA..

SSL is purchased from a CA like digicert, verisign etc.

check http://www.digicert.com/csr-creation-microsoft-exchange-2010.htm, you can go through the video guide.
or
http://exchangeserverpro.com/configure-an-ssl-certificate-for-exchange-server-2010
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:Rodrigo Carrilho
ID: 38352399
Thanks for the links

Shall I create another MX record "mail.domain.com" and point to the same IP address or just create a A record "mail.domain.com" and point to firewall IP?
0
 

Author Comment

by:Rodrigo Carrilho
ID: 38353365
I forgot to mention the SSL certificate was purchase from GoDaddy.com in the past to secure OWA connections, but looking at EMC under Exchange Certificates I can see a red cross and the following:

Self signed: No
Error: The certificate status could not be determined because the revocation check failed.
Services: None
Expire Date: 25/06/2015

How this will affect the Outlook anywhere setup?
0
 
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 38353825
no need to create a new mx,as you already have it.
to reach OWA you will have to create a host (A) record which will point to firewall IP, and in firewall the traffic will be 443 going to the client access server (CAS)

so that means, when user will type https://mail.domain.com/owa the user will be presented with OWA page for logging in.
whereas, when other mail servers want to send an email to your exchange, they will look for MX record, which you already have.

I am not sure if the ssl that you got from godaddy is for exchange 2010 i.e., SAN certificate.

If it is not, follow the setups mentioned in the link posted before. that will generate a request, use that request file on godaddy certificate page. for more info you can contact godaddy and they will be able to guide you.
there is a link on godaddy on how to steps.. http://support.godaddy.com/help/article/5863/installing-an-ssl-certificate-in-microsoft-exchange-server-2010
0
 

Author Comment

by:Rodrigo Carrilho
ID: 38361043
Thanks.

I have added the A record on external DNS and generated a new request using the link you provided.

Do I need to re-key the certificate or just add a SAN to the existing certificate?
0
 
LVL 12

Accepted Solution

by:
Vaseem Mohammed earned 2000 total points
ID: 38361085
The new request that you have generated from exchange server need to be provided to your certificate provider, they will give you the cert that you will be installing on your exchange server using the wizard.
0
 

Author Comment

by:Rodrigo Carrilho
ID: 38361288
I have generated a new request from EMC and from my certificate provider (Godaddy) selected re-key option. Downloaded and installed new certificate on EMC but the new host name is not included on the certificate.

I have opened a support case with them. Let's wait for their reply.
0
 

Author Comment

by:Rodrigo Carrilho
ID: 38362607
all done now! Thank you.

Do I need to remove the previous certificate installed on Exchange?
0
 
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 38363447
you mean the one thats showing "red x" in EMC? go ahead.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Take a look at these 6 Outlook Email management tools which can augment the working and performance of Microsoft Outlook to give you a more rewarding emailing experience.
Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…
Suggested Courses
Course of the Month19 days, 17 hours left to enroll

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question