Solved

OWA settings in Outlook

Posted on 2014-01-31
7
731 Views
Last Modified: 2014-02-09
2 days ago, we changed our exchange SSL certificate from a wildcard type (*.domain.com) to a std UCC certificate. The issue this has caused is for some reason, users OWA settings in Outlook continue to still show the wildcard setting for the Mutual Authentication Principal Name: (msstd:*.domain.com) for existing users. Checked this against against a new user as well and the setting automatically pushed out wrong (still using the wildcard name).
How can I get the settings for OWA to automatically push out correctly to outlook?
0
Comment
Question by:keamalsa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 15

Assisted Solution

by:jerseysam
jerseysam earned 150 total points
ID: 39824382
Have you restarted IIS?

 iisreset /stop

 net stop http

 net start http

iisreset /start


Also did you install the new certificate via EMS? If so then you may need to take the steps summarised in the posts:

https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1248

and

https://sslguru.com/faq/technical-questions/why-does-owa-still-use-the-old-certificate-even-if-it-was-changed.html
0
 

Author Comment

by:keamalsa
ID: 39824530
I did not install with the EMS. I used the Command shell.

I had not restarted IIS or http.

So, I just did on both of our exchange servers.
I immediately went back in to check the OWA settings, but they still have not changed. Arent these setting really in AD on the Domain Controller?
Do I need to wait a period of time before this change is sync'd over to the DCs?
I did open the 1st link you sent anyway and followed it to verify that indeed yes, IIS is using the new certificate. What next?
0
 
LVL 15

Expert Comment

by:jerseysam
ID: 39824592
Have you fully removed the old certificate so it can't be referenced?
0
RoboForm Secure Password Management System

RoboForm Everywhere - Superb Browser Support
Windows / Apple / IOS / Android / Linux / Chrome OS
Use different complex passwords everywhere
Best Secure Password Management by far
Synchronize all of your devices instantly
Safe, Secure & Highly Recommended!

 

Author Comment

by:keamalsa
ID: 39824607
No, I have not removed it. What is the best method to remove it?
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 350 total points
ID: 39824833
Autodiscover isn't affected by the old certificate.
Have you changed the MSSTD value in Exchange?

get-outlookprovider | select identity, certprinciplename

Then to change it run:

Set-OutlookProvider -identity EXPR -CertPrincipalname msstd:host.example.com

Simon.
0
 

Author Comment

by:keamalsa
ID: 39825013
Thanks Simon!!!
Running the get command showed me that the CertPrincipalName still had the old setting.
After running the set command and verifying the change, then waiting for Exchange and AD to replicate, the msstd setting for OWA in outlook has changed to the value we need. Checked OWA using the Microsoft Remote Connectivity Analyzer (set to use Autodiscover), and all is now good. Also closed outlook on a client side computer then re-launched outlook and the msstd Setting is now changed correctly in the OWA settings.
As far as rewarding points, I would give you all except I dont know if I also needed to restart IIS and HTTP as was suggested by "Jerseysam". So If I needed to do both things, I would split the points. If I did not need to restart those services, then I would give you all the points. Please advise.
0
 
LVL 15

Expert Comment

by:jerseysam
ID: 39825115
May have been a combination of both as you say.

Put it to moderators maybe?
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing attempts can come in all forms, shapes and sizes. No matter how familiar you think you are with them, always remember to take extra precaution when opening an email with attachments or links.
Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question