Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

There is a problem with the proxy server's security certificate, Code error 8

Posted on 2013-01-08
7
14,215 Views
Last Modified: 2013-01-09
Hi Guys I have a Exchange 2010 that has been running for 2 Years and Clients have been connecting to it for 2 years no problems. using Smartphones etc, OWA no problems at all..
The Exchange Certificate Expired on the 5th so as far as i am aware clients using Outook anywhere access, are having issues connecting.
I renewed the Web Services Certificate by doing the following
Get-ExchangeCertificate –Thumbprint “**************************” | New-ExchangeCertificate .. with the correct thumb print key of course.. and selected yes to overwrite.. ok..
I can connect to it from my computer if i setup Outlook anywhere access through Outlook, I can get to OWA access , i can get access from my Samsung Phone and connect and send and receive Email..
This is the first user i am having issues with the rest are still on holidays so i am expecting more of them.. He has Outlook anywhere working for the last 2 years and stopped working when certificate expired, I have tried installing certificate again , doesnt work, if I VPN into the network it works fine and updates his Email..  But the Error he Gets  is the Following:

There is a Problem with the Proxy Server's Security Certificate
The Security Certificate is not from a trusted certifying Authority
Outlook is unable to connect to the proxy Server mail.yourservername.com (Error Code 8)

The Certificate is Self Assigned..Scratching my Head with this not sure if there is an issue there or it is just something on his computer..
Please Help...?
Thanks in advance

Big_Daddy
0
Comment
Question by:big_daddy_pimp
  • 4
  • 2
7 Comments
 
LVL 12

Assisted Solution

by:tgtran
tgtran earned 150 total points
ID: 38757665
You need to have the user to install the new cert's root in "trusted root certificate authorities"

:
1. Click Install Certificate when you are prompted with the Certificate dialog box.
2. Click Next.
3. Click to select the Place all certificate in the following store check box.
4. Click Browse.
5. Click Trusted Root Certification Authorities, and then click OK.
6. Click Next, Finish, OK
0
 
LVL 13

Expert Comment

by:murgroup
ID: 38757666
Self signed certs are funky when it comes to Outlook. Phones usually don't have a problem with them. If your clients are Outlook 2007 or 2010 you will need to install the cert manually on each client machine using the certificates MMC. Yes this sucks so I suggest purchasing a valid SSL cert from Godaddy or other provider. A UCC cert works best but you can make a single cert work.
0
 

Author Comment

by:big_daddy_pimp
ID: 38757696
Thanks GUys I have tried that, when i see the certificate it doesnt have the option to install it..

Big_Daddy
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 13

Accepted Solution

by:
murgroup earned 350 total points
ID: 38757717
I'm not sure what tgtran is talking about but let me see if I can explain better. Do this on the client machine. Make sure Outlook is closed before you begin.

1. copy your self signed cert to a network share or flash drive
2. click start, run and type mmc. click file and add/remove snapin. Choose certificates and click add. Click computer account then local computer. Click OK.
3. In the mmc you will see trusted root and intermediate cert authorities. Hit the arrow next to each and you will see certificates.
4. right click certificates and click all tasks - import.
5. browse to the location where the certificate is stored and install it.

Do this for each store (personal, trusted and intermediate) then try Outlook and see if it connects.

On the server side make sure you applied the certificate correctly in exchange then do an iisreset.

Enable-ExchangeCertificate -Services IMAP, POP, IIS, SMTP -thumbprint yoursslcertthumbprint
0
 
LVL 13

Expert Comment

by:murgroup
ID: 38757720
Also make sure your SSL cert is showing in IIS manager.
0
 
LVL 13

Expert Comment

by:murgroup
ID: 38757794
Also not sure if you're familiar with this site but it should help troubleshoot.

https://www.testexchangeconnectivity.com/#
0
 

Author Comment

by:big_daddy_pimp
ID: 38761426
Thanks Guys appreciate all your help, the testexchangeconnectivity  site has never worked my Server always fails the tests even though it is working fine...
I found my issue, i added the The URL into the trusted sites list in IE and then it allowed me to manually Install the security Certificate and works fine know thank you guys for your input.. It is much appreciated, i went through a few of your suggestions which got me to the answer thankyou all..

Big_Daddy
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
When you have clients or friends from around the world, it becomes a challenge to arrange a meeting or effectively manage your time. This is where Outlook's capability to show 2 time zones in one calendar comes in handy.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question