Solved

Outlook Anywhere on Sb Server 2011

Posted on 2013-02-01
6
358 Views
Last Modified: 2013-02-04
Hi

I have a Small Business Server 2011 and can access email via web outlook. However, I woud like to setup Outlook Anywhere.

Please can someone point me in the direction of setting it up including sorting the certificate out. Ideally I would like to use a self assigned but I have no idea where to start and what details need entering.

Thanks
0
Comment
Question by:JayHine
  • 3
  • 3
6 Comments
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 38843775
As long as you used the wizards when you first set up SBS, you are set to go. The certificate OA uses is the same one RWA uses. So if you didn't buy and install a 3rd party cert, you will want to use the certificate installer package to install certificate chains on any machine that will be using OA.

With that said, I strongly recommend just buying a certificate. For $10 a year, it'll pay for itself in t amount of time it takes to find t certificate file, copy it to a USB key, and then install it on the first target machine,
0
 

Author Comment

by:JayHine
ID: 38850268
Hi

I have got this working using a Self Assigned Certificate as I want to test it before purchasing a new Certificate and check whether it is something we will use.

The only problem I have currently is that when I logon to Outlook Anywhere I get a "Security Alert". It says the Security Certificate has expired or is not yet valid and The name on the Certificate is invalid or does not match the name of the site.

When I "View Certificate" it has been issued bu "plesk" and has expired.

I have rerun the "domain name wizard on the Server and recreated the Certificate Distribution package. I have installed this on the Laptop. but I still ge tthe error.

How do I get rid of this old Certificate and forcr the Laptop to use the one I have installed from the distribution package.

If I say "Yes" to the error message everything works fine.
0
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 38850319
A certificate issued by plesiosaur is almost always a certificate on your web host. It probably means you have a wildcard DNS record messing its how autodiscover works. Remove any wildcard A Records and make specific records instead (www, etc) and that shoild clear up.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:JayHine
ID: 38850333
but if I edit the wild card on my A record for my domain wont this stop people being able to just type out domain name in the address bar of google etc and our website will come up.

Isnt there a way of removing this certificate or by forcing the Outlook anywhere to use the right certificate?
0
 
LVL 57

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 38850401
First, no, you can't force it. The problem isn't the certificate. Outlook has a hard coded set of queries that it attempts when performing autodiscover. VERY high on that list is, if your email address is me@yourdomain.com, it will attempt https://yourdomain.com/

Now here is the rub. EVEN if your internal certificate has that name (self signed, or you purchase a UCC cert), if you have a wildcard record pointing at another server, outlook will never GET your cert. it does a DNS Lookup, gets the wildcard record, connects to THAT server, gets its SSL cert (the plesk one) and YOU get an error.

Which means there are two choices to resolve your problem.

1) make sure no DNS record answers to just ://yourdomain.com/ ...which means no wildcard records and no blank records. This is usually a non-issue as people put www out of habit by now. You just want to make sure marketing and links include the www as well.

Or

2) if you REALLY want ://yourdomain.com/ to point to your website, you need that website to have a valid UCC cert or wildcard cert so the plain domain name AND www.yourdomain.com works. The autodiscover will pick up the cert which will actually match, thus no error, then get a 404, and fall down to the next lookup method, which would be your internal server.  This is bigger hassle to maintain and significantly more expensive.
0
 

Author Comment

by:JayHine
ID: 38850524
thanks very much for the explanation. I will double check about the wildcard and possinly remove it or live with the error for the time being.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question