Avatar of tp-it-team
 asked on

Fixing some client access problems in Exchange 2007

My predecessor ordered an incorrect SSL certificate for our Exchange 2007 server. The problem was that he only included external server name, not the internal, so after installing it, we started getting certificate errors in Outlook.
Please remember that I'm trying my best to guess what he was doing, I have no contact with that person anymore.
So, instead of ordering a correct cert once again, he applied a 'fix', something like this:
I would like to take it back to how it all should be, I have a correct certificate installed now.

In order to reverse that 'fix', I deleted the DNS zone created by my predecessor. I'm not sure if its related or not but now the out of office assistant in outlook doesn't work on PC clients and MAC users are reporting that their email is not working. They are using Outlook for MACs. I maybe wrong but I suspect that it maybe something to do with client access settings on my Exchange.
Here is how it looks like now:

Outlook web access:
Internal: https://exchange.internaldomain.co.uk/owa
External: https://mail.externaldomain.co.uk/owa

For active sync I have only external address in internal field:
External field is empty.

Offline address book distribution is the same:
external url in internal url field and external url field empty.

here is what I have for internal auto discovery:
Name                           : EXCHANGE
AutoDiscoverServiceInternalUri : https://mail.externaldomain.co.uk/autodiscover/autod

External is just
Name       : EXCHANGE
*External* :

I'm not sure IF these settings relate to out of office and mac problem but I guess that config is wrong and was altered so even internal clients are connecting using mail.externaldomain.co.uk as it was the only server name in the certificate. Can you help fixing that mess, please ? Ideally, I would like to get examples of the correct URL's, not just - 'ehh, use internal one in here.'.

Any other ideas or general guidelines on how to rationalize CAS settings will be greatly appreciated.


Avatar of undefined
Last Comment

8/22/2022 - Mon

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

I hope it makes sense, that's how I understand what happened.
We have a default zone in place and that's fine.
Our cert only had external URL for email server, like mail.domain.com so there was a new dns zone mail.domain.com created with a record pointing at our internal mail server. Then, various CAS settings were changed so using that external url would actually point to internal IP. So far I deleted that zone and changed internal auto discovery to point to internal location, not external url. I hope it all makes sense.

OK, that sounds fine.  Can you confirm:
A) You now have a certificate with 'exchangeserver.internaldomain.local' as a Subject Alternative Name &
B) You have run the Exchange Management Shell commandlets to change the internal URLs for the web services to use 'https://exchangeserver.internaldomain.local/blahblahblah'

That's what we're after here.

Can you look at the txt file I attached ?
It's the output of test-outlookwebservices command.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.