[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 141
  • Last Modified:

RPC/HTTPS on Exchange 2010 not working

Hello,

I just get a new customer :-)
I have to set up on his Exchange 2010 SP1 the RPC/HTTPS feature.

A lot of things were not correctly configured. I solved almost everything, but the RPC/HTTPS don't work.

I guess i fix the self signed certificate issu because when i go on the OWA page, it doesn't ask me for a confirmation anymore. :-)

So here the story :
OWA is Ok
Sync with Iphone Ok !
RPC/HTTPS not Ok

When i try to do it on my personnal computer at home, it's not working... but i don't have any error message on the server logs and on the client logs.

outlook just say to me that i need to be connected to the server to work.

Please help me :-)
0
winnidoux
Asked:
winnidoux
  • 5
  • 3
  • 2
1 Solution
 
davorinCommented:
Outlook anywhere does not work with self signed certificate.

http://exchangepedia.com/2007/08/outlook-anywhere-and-exchanges-self-signed-certificate.html

You need to buy a SAN certificate or if you have an option to use some other certificate authority to create one. The certificate auth. cert. and server cert should be trusted on client computers.
0
 
winnidouxAuthor Commented:
Hello Davorin

Is it a joke ?? :-)

I have maybe 90 customers server with self signed certificate and all of them working with RPC/HTTPS without any pb
0
 
winnidouxAuthor Commented:
Hello again,

Of course we install the certificate on all our computers :-)
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
davorinCommented:
Hi,

I don't use self signed cert on any of exchange 2007/2010 installations. At least I don't recall. For SBS installations I'm not sure.

For testing OA connectivity problems you can use https://www.testexchangeconnectivity.com/
But I guess you are familiar with it.

When using non-domain computer to connect over OA before trying to check username you must configure exchange proxy settings.
The procedure is specified here:
http://techwithjim.blogspot.com/2010/12/exchange-outlook-2007-outlook-anywhere.html
It also says, that OA is working using self signed cert, but right now I can not verify that.
0
 
winnidouxAuthor Commented:
thank you for the https://www.testexchangeconnectivity.com/ link
I didn't use for a long time. I forgot it.

I try and tell you

Thanks
0
 
Simon Butler (Sembee)ConsultantCommented:
The self signed certificate is not supported by Microsoft for use with Outlook Anywhere. The self signed certificate should be considered a place holder for a real certificate. While you can make it work, it isn't worth the hassle - the certificate expires and you have to touch every client. When you can purchase a suitable trusted certificate for $60/year, it is just a better choice, and more professional, to use a signed certificate.

Simon.
0
 
winnidouxAuthor Commented:
Hello,

Here the question in not what is the better certificate.. To pay or not to pay.... My client don't want to pay for that.
Now i have to make it works...

For me the self signed certificate is ok... Who can help me to solve this

Thanks
0
 
Simon Butler (Sembee)ConsultantCommented:
The point is - the self signed certificate is not supported for use with Outlook Anywhere.
As I wrote above, how much is your time worth?

Simon.
0
 
winnidouxAuthor Commented:
Hello Simon,

I don't understand what you mean by not supported...
We have plenty of server working like that very well.

Not supported by whom ? Microsoft ? Maybe... But i need to find a solution anyway

Thanks
0
 
Simon Butler (Sembee)ConsultantCommented:
The fact that you have it working on other servers doesn't mean it is a good idea.
This is Microsoft's stance on the self signed certificate:
http://technet.microsoft.com/en-us/library/bb851554(EXCHG.80).aspx - it also applies to Exchange 2010.

Obviously neither you nor the client are getting my point about how much your time is worth, mine is worth a lot more, so I will drop off the question now.

(Basic maths - my time is worth about three times the cost of the SSL certificate per hour, therefore it is more efficient to spend 15 minutes putting in a commercial SSL certificate for $60/year, than spending hours visiting every client to install the self signed certificate, troubleshotting it, repeating the process when a new client is added to the network and generally making lots of work).

Simon.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 5
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now