?
Solved

After upgrading from Exchange 2003 to 2010, users have outlook certificate continues error

Posted on 2014-01-08
10
Medium Priority
?
479 Views
Last Modified: 2014-01-13
Hello everyone,

I have upgraded a client's exchange 2003 to 2010 and now outlook users receive Certificate error message every time they open Outlook 2007.

the client is not using public certificate and they are not intending to deploy one anytime soon. but there's about 1000 users who are domain joined and they have the Certification Authority certificate installed properly.

One thing I did notice which is when I create a new Outlook profile for any user, I get the Certificate warning just once and then next time it disappear.

but with the old account no matter how many times I accept the Certificate warning, if I close it and open outlook again i'll get the warning.

Is there anyway to do something to fix this without needing to manually go to those 1000 PCs and fix it?

Thanks
0
Comment
Question by:Mohammed Hamada
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
  • +1
10 Comments
 
LVL 13

Expert Comment

by:Alex Green
ID: 39764869
Sounds like an autodiscover issue

http://blogs.technet.com/b/exchdxb/archive/2012/05/10/troublshooting-autodiscover-exchange-2007-2010.aspx

Run through that, i'm sure the autoconfig isn't going to work properly
0
 
LVL 24

Author Comment

by:Mohammed Hamada
ID: 39764883
Hi Alexgreen

The article says that autodiscover service could cause the issues listed below which I have none of them currently. the only problem I have is the non-trusted certificate warning.

As I said if I configured a new profile within outlook, the users will receive a warning just one time and then it wont show up again.

So I'm suspecting a problem with the old Outlook profile/cache thing to do with maybe?

Problems with Autodiscover service or how it’s configured can causes issues such as:

Cannot view free/busy information.
Cannot download Offline Address Book (OAB) / receive error code: 0x8004010F.
The Out Of Office assistant is not working.
Prompt for a user name and password during the Autodiscover process.
Outlook anywhere stop working.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 2000 total points
ID: 39764929
You need to get the SSL prompt, then look at the certificate and see what it is connecting to.
Then find the host name that is configured incorrectly and correct it.

Although for a 1000 user platform, I cannot believe they are not using a trusted SSL certificate. Is there NO OWA access, ActiveSync or any kind of remote access? When a suitable SSL certificate is less than $60/year (less than the cost of a CAL for Exchange and Windows) it really doesn't make any sense to not do it.

Simon.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 13

Expert Comment

by:Alex Green
ID: 39765177
Since you migrated them from one server to another it will use the autodiscover feature to configure their outlook clients when you initially move them over. Which would mean that it would have to use the certificate to start the process.
0
 
LVL 24

Author Comment

by:Mohammed Hamada
ID: 39765217
HI Simon,

Yes, I didn't believe that as well! they said they can get it but due to bureaucracy in the procedure it might take up to a month or two to pass the purchase order.

regardless, I have find out the issue! the problem was that the Internal FQDN of the Exchange 2010 server was not included in the certificate SAN and therefore it was giving the error.

I have created another new cert that's not wildcard and included all the possible FQDN for the servers that I could think of.

The customer is using 2 different Domain names. the internal domain is different from the external one.

Now after I imported the cert and assigned it to the services, I seem to have a problem with the OWA when viewing the Calendar, Contacts, Task or Public Folders.

An unexpected error occurred and your request couldn't be handled

on Outlook desktop client . this issue doesn't occur! I can view the calendar, Tasks, Public Folders, global address list without any issue.

I have moved the OAB and updated the mail policy. could this be related to them not to the certificate?
 
I am attaching a snapshot of the error.
error.jpg
0
 
LVL 9

Expert Comment

by:ash007
ID: 39765309
Please update Exchange  CAS server with latest Rollup
0
 
LVL 24

Author Comment

by:Mohammed Hamada
ID: 39766321
I solved the problem by turning off the OWA redirection on IIS, and yes it seems that i'm on a very old version of SP1. I will upgrade to SP2 today and see what happens.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39766790
Skip SP2 and go straight to SP3 with the latest rollup.

Simon.
0
 
LVL 24

Author Comment

by:Mohammed Hamada
ID: 39775202
I just have one more question, after migrating about 500 users successfully and among them some who had errors but I choose to skip those errors.

Some of those users kept getting prompted to enter their username and password on outlook 2007! I tried everything possible to get rid of this error but it seems it might be related to the user's outlook profile getting corrupted maybe?

When I try to create a new outlook profile with another user the autodiscover worked. but when I tested the same user it didn't work even though I tried it on the same PC.

Could this be related to the errors skipped while migrating?
0
 
LVL 24

Author Closing Comment

by:Mohammed Hamada
ID: 39776497
You're right Simon, the certificate had something wrong in it. I was using a wildcard certificate which had only the Public domain name of Exchange. but Customer had migrated their old domain to a new domain and internally they are using a different domain.

After looking closely at the Certificate, the Exchange server's FQDN was not included in the certificate which caused users to get warning.

thanks
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
In this article I discuss my selections of the Top Four free Outlook OST File Viewers available. Open, view and read even damaged OST files by using these tools. They all provide a clear preview of all data such as emails, notes, tasks, calendars, e…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses
Course of the Month10 days, 12 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question