Link to home
Create AccountLog in
Avatar of limmontreefree
limmontreefreeFlag for Spain

asked on

problem to configure a new Outlook 2007 to my exchange server 2010

Hello I’m having problem to configure a new Outlook 2007 to my exchange server.

I have a TMG 2010 and an Exchange server 2010. In Front of the TMG I Have a Zywall USB 100. I have created my certificates with my own CA. But I haven’t configured the Revocation information.
When I try to configure a new User using Microsoft Outlook 2007 client Outside TMG In another place (not in the office) I get the error:
“The connection to Microsoft exchange is unavailable. Outlook must be online or connected to complete this action”

I have a document explainning better
Hello-I.pdf
Avatar of Haresh Nikumbh
Haresh Nikumbh
Flag of India image

Exchange Remote Connectivity Analyzer

https://www.testexchangeconnectivity.com/

run this tool and check if it gives any additional information
ASKER CERTIFIED SOLUTION
Avatar of Haresh Nikumbh
Haresh Nikumbh
Flag of India image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Hello,

Is the problem just happening with new users? Do you have users that are setup and working properly outside your firewall? If you setup a new user inside your firewall are they then able to connect remotely?

JJ
Avatar of limmontreefree

ASKER

Hello and thanks,

this is the test result.

The Analyzer of connectivity Microsoft is testing Exchange ActiveSync.
  Test failure Exchange ActiveSync.
 
Steps of proof
 
Attempting resolve the host name mail.client.org in DNS.
  It was resolved the host name correctly.
 
additional Details
  IP Addresses returned: 85.85.248.55
Trying the port TCP 443 on the host posta.enkarterrialde.org to ensure that listens or is open.
  The port was successfully opened.
Probando the certificate SSL to ensure that is valid.
  The SSL certificate failed a or more checks of validation of certificates.
 
Steps of proof
 
The Analyzer of connectivity Microsoft is trying obtain the certificate Remote Server SSL mail.client.org on port 443.
  The Analyzer of connectivity of Microsoft obtained correctly the SSL certificate remote.
 
additional Details
  Subject of remote certificate: CN = Enkarterrialde, O = intranet.enkarterrialde.org, C = ES, issuer: CN = Enkarterrialde, DC = Enkarterrialde, DC = local.
Validating the certificate name.
  Was validated correctly the certificate name.
 
additional Details
  Was found the host name mail.client.org at the entrance of Alternative Name certificate subject.
Validating trusted certificates for mobile devices of Windows.
  Validation Error trusted certificate.
 
Steps of proof
 
The Analyzer of connectivity Microsoft is trying generate certificate chains for the certificate CN = ¿¿client, O = intranet.client.org, C = ES.
  Could not build a certificate chain for the certificate.
 
additional Details
  Could not generate the certificate chain. Perhaps missing intermediate certificates necessary.

....

I have change some client's data... Can I send a private mail?

Thanks.
You won't be able to run the Remote Connectivity Analyzer because you are using a cert from an internal CA. Have you installed the CA's root certificate on all your clients?

JJ
Yes
Well I'm not sure that the problem is the certificate becouse same times I can connect and add a Outlook to Exchange and other times not, but the certificate is the same always.

But ....Here are the analizer results.

If I run the  anaylizer skip trust for SSL all run  well, but when I run analizer witout skiping the SLL trust, I get this result.

this is my own server and is real result , you can see the certificate surfing to https://posta.ados.biz

Connectivity Analyzer Microsoft is testing Exchange ActiveSync.
   Error test Exchange ActiveSync.
    Test Steps
    Attempting to resolve the host name in DNS posta.ados.biz.
   Resolved hostname correctly.
    additional Details
   IP addresses returned: 85.84.96.68
 
  Testing TCP port 443 on host posta.ados.biz to ensure listening or open.
   The port was opened successfully.
  Testing the SSL certificate to make sure it is valid.
   The SSL certificate did not exceed one or more certificate validation checks.
    Test Steps
    Connectivity Analyzer Microsoft is attempting to obtain the SSL certificate from remote server on port 443 posta.ados.biz.
   Connectivity Analyzer Microsoft obtained successfully remote SSL certificate.
    additional Details
   Remote Certificate Subject: CN = ados.biz, issuer: CN = ZUBITEK, DC = zubitek, DC = local.
 
  Validating the certificate name.
   It was successfully validated the certificate name.
    additional Details
   There was the hostname entry posta.ados.biz the subject alternative name of the certificate.
 
  Validating certificate trust for Windows Mobile devices.
   Validation Error trusted certificate.
    Test Steps
    Connectivity Analyzer Microsoft is trying to build certificate chains for certificate CN = ¿¿ados.biz.
   Could not build a certificate chain for the certificate.
    additional Details
Hello JJmcck, the problem is configuring a mail perfil when I try to connect to Exchange From inside the TMG the problem it's happend too.

I haven't tryed to connect inside a latter try it outside.

The  problem is not occasional,  this week I0m having a lot of problem to connect, Some times I get it but  many other times fails.

I want to know where to look for about this.

Thanks.
If you are getting a certificate error with your own ca cert then you have not put your domain's root certificate in your trusted publishers store. Until you do this then outlook will not connect automatically to the mail server.
Hello and Thanks.

I usually put the CA certificate in root certificates trusted entities, but I put the CA certificate where you has told, and the fault still is there.

When I test with https://www.testexchangeconnectivity.com/

------------------

Testing the connectivity RPC / HTTP.
   Error in testing RPC / HTTP.
 
  Test Steps
 
  Attempting to resolve the host name in DNS posta.ados.biz.
   Resolved hostname correctly.
 
  additional Details
   IP addresses returned: 85.84.96.68
 

  Testing TCP port 443 on host posta.ados.biz to ensure listening or open.
   The port was opened successfully.

  Testing the SSL certificate to make sure it is valid.
   The SSL certificate did not exceed one or more certificate validation checks.
 
  Test Steps
 
  Connectivity Analyzer Microsoft is attempting to obtain the SSL certificate from remote server on port 443 posta.ados.biz.
   Connectivity Analyzer Microsoft obtained successfully remote SSL certificate.
 
  additional Details
   Remote Certificate Subject: CN = ados.biz, issuer: CN = ZUBITEK, DC = zubitek, DC = local.
 

  Validating the certificate name.
   It was successfully validated the certificate name.
 
  additional Details
   There was the hostname entry posta.ados.biz the subject alternative name of the certificate.
 

  It is validating the trusted certificate.
   Validation Error trusted certificate.
 
  Test Steps
 
  Connectivity Analyzer Microsoft is trying to build certificate chains for certificate CN = ¿¿ados.biz.
   Could not build a certificate chain for the certificate.
 
  additional Details
   Failed to generate the certificate chain. Perhaps missing intermediate certificates necessary.

-----------------------------------------------

You can see that the error talk about "Perhaps missing intermediate certificates necessary." I think the certificate is incorrect created.

Can you confirm me it.

The test is real and is from  my own excahnge server

I send too the CA certificate .

Thanks
I can not send the CA because the extensión  p7f are not allowed  and If I compress tile still get the error "ext p7f not allowed"
I highly recommend you purchase a commercial cert for your Exchange server. They are not expensive and will make things a lot easier than messing around with trying to get an internal CA to work.

JJ
Yes, I understand what you say, but is not in my hands, the client doesn't want to pay (we have same certificates), and in fact, has spent several years working with this CA and issuing their own certificates.

Also it is a good way to learn.
thanks