limmontreefree
asked on
problem to configure a new Outlook 2007 to my exchange server 2010
Hello I’m having problem to configure a new Outlook 2007 to my exchange server.
I have a TMG 2010 and an Exchange server 2010. In Front of the TMG I Have a Zywall USB 100. I have created my certificates with my own CA. But I haven’t configured the Revocation information.
When I try to configure a new User using Microsoft Outlook 2007 client Outside TMG In another place (not in the office) I get the error:
“The connection to Microsoft exchange is unavailable. Outlook must be online or connected to complete this action”
I have a document explainning better
Hello-I.pdf
I have a TMG 2010 and an Exchange server 2010. In Front of the TMG I Have a Zywall USB 100. I have created my certificates with my own CA. But I haven’t configured the Revocation information.
When I try to configure a new User using Microsoft Outlook 2007 client Outside TMG In another place (not in the office) I get the error:
“The connection to Microsoft exchange is unavailable. Outlook must be online or connected to complete this action”
I have a document explainning better
Hello-I.pdf
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Hello,
Is the problem just happening with new users? Do you have users that are setup and working properly outside your firewall? If you setup a new user inside your firewall are they then able to connect remotely?
JJ
Is the problem just happening with new users? Do you have users that are setup and working properly outside your firewall? If you setup a new user inside your firewall are they then able to connect remotely?
JJ
ASKER
Hello and thanks,
this is the test result.
The Analyzer of connectivity Microsoft is testing Exchange ActiveSync.
Test failure Exchange ActiveSync.
Steps of proof
Attempting resolve the host name mail.client.org in DNS.
It was resolved the host name correctly.
additional Details
IP Addresses returned: 85.85.248.55
Trying the port TCP 443 on the host posta.enkarterrialde.org to ensure that listens or is open.
The port was successfully opened.
Probando the certificate SSL to ensure that is valid.
The SSL certificate failed a or more checks of validation of certificates.
Steps of proof
The Analyzer of connectivity Microsoft is trying obtain the certificate Remote Server SSL mail.client.org on port 443.
The Analyzer of connectivity of Microsoft obtained correctly the SSL certificate remote.
additional Details
Subject of remote certificate: CN = Enkarterrialde, O = intranet.enkarterrialde.or g, C = ES, issuer: CN = Enkarterrialde, DC = Enkarterrialde, DC = local.
Validating the certificate name.
Was validated correctly the certificate name.
additional Details
Was found the host name mail.client.org at the entrance of Alternative Name certificate subject.
Validating trusted certificates for mobile devices of Windows.
Validation Error trusted certificate.
Steps of proof
The Analyzer of connectivity Microsoft is trying generate certificate chains for the certificate CN = ¿¿client, O = intranet.client.org, C = ES.
Could not build a certificate chain for the certificate.
additional Details
Could not generate the certificate chain. Perhaps missing intermediate certificates necessary.
....
I have change some client's data... Can I send a private mail?
Thanks.
this is the test result.
The Analyzer of connectivity Microsoft is testing Exchange ActiveSync.
Test failure Exchange ActiveSync.
Steps of proof
Attempting resolve the host name mail.client.org in DNS.
It was resolved the host name correctly.
additional Details
IP Addresses returned: 85.85.248.55
Trying the port TCP 443 on the host posta.enkarterrialde.org to ensure that listens or is open.
The port was successfully opened.
Probando the certificate SSL to ensure that is valid.
The SSL certificate failed a or more checks of validation of certificates.
Steps of proof
The Analyzer of connectivity Microsoft is trying obtain the certificate Remote Server SSL mail.client.org on port 443.
The Analyzer of connectivity of Microsoft obtained correctly the SSL certificate remote.
additional Details
Subject of remote certificate: CN = Enkarterrialde, O = intranet.enkarterrialde.or
Validating the certificate name.
Was validated correctly the certificate name.
additional Details
Was found the host name mail.client.org at the entrance of Alternative Name certificate subject.
Validating trusted certificates for mobile devices of Windows.
Validation Error trusted certificate.
Steps of proof
The Analyzer of connectivity Microsoft is trying generate certificate chains for the certificate CN = ¿¿client, O = intranet.client.org, C = ES.
Could not build a certificate chain for the certificate.
additional Details
Could not generate the certificate chain. Perhaps missing intermediate certificates necessary.
....
I have change some client's data... Can I send a private mail?
Thanks.
You won't be able to run the Remote Connectivity Analyzer because you are using a cert from an internal CA. Have you installed the CA's root certificate on all your clients?
JJ
JJ
ASKER
Yes
ASKER
Well I'm not sure that the problem is the certificate becouse same times I can connect and add a Outlook to Exchange and other times not, but the certificate is the same always.
But ....Here are the analizer results.
If I run the anaylizer skip trust for SSL all run well, but when I run analizer witout skiping the SLL trust, I get this result.
this is my own server and is real result , you can see the certificate surfing to https://posta.ados.biz
Connectivity Analyzer Microsoft is testing Exchange ActiveSync.
Error test Exchange ActiveSync.
Test Steps
Attempting to resolve the host name in DNS posta.ados.biz.
Resolved hostname correctly.
additional Details
IP addresses returned: 85.84.96.68
Testing TCP port 443 on host posta.ados.biz to ensure listening or open.
The port was opened successfully.
Testing the SSL certificate to make sure it is valid.
The SSL certificate did not exceed one or more certificate validation checks.
Test Steps
Connectivity Analyzer Microsoft is attempting to obtain the SSL certificate from remote server on port 443 posta.ados.biz.
Connectivity Analyzer Microsoft obtained successfully remote SSL certificate.
additional Details
Remote Certificate Subject: CN = ados.biz, issuer: CN = ZUBITEK, DC = zubitek, DC = local.
Validating the certificate name.
It was successfully validated the certificate name.
additional Details
There was the hostname entry posta.ados.biz the subject alternative name of the certificate.
Validating certificate trust for Windows Mobile devices.
Validation Error trusted certificate.
Test Steps
Connectivity Analyzer Microsoft is trying to build certificate chains for certificate CN = ¿¿ados.biz.
Could not build a certificate chain for the certificate.
additional Details
But ....Here are the analizer results.
If I run the anaylizer skip trust for SSL all run well, but when I run analizer witout skiping the SLL trust, I get this result.
this is my own server and is real result , you can see the certificate surfing to https://posta.ados.biz
Connectivity Analyzer Microsoft is testing Exchange ActiveSync.
Error test Exchange ActiveSync.
Test Steps
Attempting to resolve the host name in DNS posta.ados.biz.
Resolved hostname correctly.
additional Details
IP addresses returned: 85.84.96.68
Testing TCP port 443 on host posta.ados.biz to ensure listening or open.
The port was opened successfully.
Testing the SSL certificate to make sure it is valid.
The SSL certificate did not exceed one or more certificate validation checks.
Test Steps
Connectivity Analyzer Microsoft is attempting to obtain the SSL certificate from remote server on port 443 posta.ados.biz.
Connectivity Analyzer Microsoft obtained successfully remote SSL certificate.
additional Details
Remote Certificate Subject: CN = ados.biz, issuer: CN = ZUBITEK, DC = zubitek, DC = local.
Validating the certificate name.
It was successfully validated the certificate name.
additional Details
There was the hostname entry posta.ados.biz the subject alternative name of the certificate.
Validating certificate trust for Windows Mobile devices.
Validation Error trusted certificate.
Test Steps
Connectivity Analyzer Microsoft is trying to build certificate chains for certificate CN = ¿¿ados.biz.
Could not build a certificate chain for the certificate.
additional Details
ASKER
Hello JJmcck, the problem is configuring a mail perfil when I try to connect to Exchange From inside the TMG the problem it's happend too.
I haven't tryed to connect inside a latter try it outside.
The problem is not occasional, this week I0m having a lot of problem to connect, Some times I get it but many other times fails.
I want to know where to look for about this.
Thanks.
I haven't tryed to connect inside a latter try it outside.
The problem is not occasional, this week I0m having a lot of problem to connect, Some times I get it but many other times fails.
I want to know where to look for about this.
Thanks.
If you are getting a certificate error with your own ca cert then you have not put your domain's root certificate in your trusted publishers store. Until you do this then outlook will not connect automatically to the mail server.
ASKER
Hello and Thanks.
I usually put the CA certificate in root certificates trusted entities, but I put the CA certificate where you has told, and the fault still is there.
When I test with https://www.testexchangeconnectivity.com/
------------------
Testing the connectivity RPC / HTTP.
Error in testing RPC / HTTP.
Test Steps
Attempting to resolve the host name in DNS posta.ados.biz.
Resolved hostname correctly.
additional Details
IP addresses returned: 85.84.96.68
Testing TCP port 443 on host posta.ados.biz to ensure listening or open.
The port was opened successfully.
Testing the SSL certificate to make sure it is valid.
The SSL certificate did not exceed one or more certificate validation checks.
Test Steps
Connectivity Analyzer Microsoft is attempting to obtain the SSL certificate from remote server on port 443 posta.ados.biz.
Connectivity Analyzer Microsoft obtained successfully remote SSL certificate.
additional Details
Remote Certificate Subject: CN = ados.biz, issuer: CN = ZUBITEK, DC = zubitek, DC = local.
Validating the certificate name.
It was successfully validated the certificate name.
additional Details
There was the hostname entry posta.ados.biz the subject alternative name of the certificate.
It is validating the trusted certificate.
Validation Error trusted certificate.
Test Steps
Connectivity Analyzer Microsoft is trying to build certificate chains for certificate CN = ¿¿ados.biz.
Could not build a certificate chain for the certificate.
additional Details
Failed to generate the certificate chain. Perhaps missing intermediate certificates necessary.
-------------------------- ---------- ---------- -
You can see that the error talk about "Perhaps missing intermediate certificates necessary." I think the certificate is incorrect created.
Can you confirm me it.
The test is real and is from my own excahnge server
I send too the CA certificate .
Thanks
I usually put the CA certificate in root certificates trusted entities, but I put the CA certificate where you has told, and the fault still is there.
When I test with https://www.testexchangeconnectivity.com/
------------------
Testing the connectivity RPC / HTTP.
Error in testing RPC / HTTP.
Test Steps
Attempting to resolve the host name in DNS posta.ados.biz.
Resolved hostname correctly.
additional Details
IP addresses returned: 85.84.96.68
Testing TCP port 443 on host posta.ados.biz to ensure listening or open.
The port was opened successfully.
Testing the SSL certificate to make sure it is valid.
The SSL certificate did not exceed one or more certificate validation checks.
Test Steps
Connectivity Analyzer Microsoft is attempting to obtain the SSL certificate from remote server on port 443 posta.ados.biz.
Connectivity Analyzer Microsoft obtained successfully remote SSL certificate.
additional Details
Remote Certificate Subject: CN = ados.biz, issuer: CN = ZUBITEK, DC = zubitek, DC = local.
Validating the certificate name.
It was successfully validated the certificate name.
additional Details
There was the hostname entry posta.ados.biz the subject alternative name of the certificate.
It is validating the trusted certificate.
Validation Error trusted certificate.
Test Steps
Connectivity Analyzer Microsoft is trying to build certificate chains for certificate CN = ¿¿ados.biz.
Could not build a certificate chain for the certificate.
additional Details
Failed to generate the certificate chain. Perhaps missing intermediate certificates necessary.
--------------------------
You can see that the error talk about "Perhaps missing intermediate certificates necessary." I think the certificate is incorrect created.
Can you confirm me it.
The test is real and is from my own excahnge server
I send too the CA certificate .
Thanks
ASKER
I can not send the CA because the extensión p7f are not allowed and If I compress tile still get the error "ext p7f not allowed"
ASKER
I think I have the problem described there.
Any Help?
http://social.technet.microsoft.com/Forums/en-US/0e774b67-7546-4b0e-8608-5c518b656e4b/certificate-chain-could-not-be-built-you-may-be-missing-required-intermediate-certificates
Any Help?
http://social.technet.microsoft.com/Forums/en-US/0e774b67-7546-4b0e-8608-5c518b656e4b/certificate-chain-could-not-be-built-you-may-be-missing-required-intermediate-certificates
I highly recommend you purchase a commercial cert for your Exchange server. They are not expensive and will make things a lot easier than messing around with trying to get an internal CA to work.
JJ
JJ
ASKER
Yes, I understand what you say, but is not in my hands, the client doesn't want to pay (we have same certificates), and in fact, has spent several years working with this CA and issuing their own certificates.
Also it is a good way to learn.
Also it is a good way to learn.
ASKER
thanks
https://www.testexchangeconnectivity.com/
run this tool and check if it gives any additional information