OWA settings in Outlook

2 days ago, we changed our exchange SSL certificate from a wildcard type (*.domain.com) to a std UCC certificate. The issue this has caused is for some reason, users OWA settings in Outlook continue to still show the wildcard setting for the Mutual Authentication Principal Name: (msstd:*.domain.com) for existing users. Checked this against against a new user as well and the setting automatically pushed out wrong (still using the wildcard name).
How can I get the settings for OWA to automatically push out correctly to outlook?
keamalsaSystem AdministratorAsked:
Who is Participating?
 
Simon Butler (Sembee)ConsultantCommented:
Autodiscover isn't affected by the old certificate.
Have you changed the MSSTD value in Exchange?

get-outlookprovider | select identity, certprinciplename

Then to change it run:

Set-OutlookProvider -identity EXPR -CertPrincipalname msstd:host.example.com

Simon.
0
 
jerseysamCommented:
Have you restarted IIS?

 iisreset /stop

 net stop http

 net start http

iisreset /start


Also did you install the new certificate via EMS? If so then you may need to take the steps summarised in the posts:

https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1248

and

https://sslguru.com/faq/technical-questions/why-does-owa-still-use-the-old-certificate-even-if-it-was-changed.html
0
 
keamalsaSystem AdministratorAuthor Commented:
I did not install with the EMS. I used the Command shell.

I had not restarted IIS or http.

So, I just did on both of our exchange servers.
I immediately went back in to check the OWA settings, but they still have not changed. Arent these setting really in AD on the Domain Controller?
Do I need to wait a period of time before this change is sync'd over to the DCs?
I did open the 1st link you sent anyway and followed it to verify that indeed yes, IIS is using the new certificate. What next?
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
jerseysamCommented:
Have you fully removed the old certificate so it can't be referenced?
0
 
keamalsaSystem AdministratorAuthor Commented:
No, I have not removed it. What is the best method to remove it?
0
 
keamalsaSystem AdministratorAuthor Commented:
Thanks Simon!!!
Running the get command showed me that the CertPrincipalName still had the old setting.
After running the set command and verifying the change, then waiting for Exchange and AD to replicate, the msstd setting for OWA in outlook has changed to the value we need. Checked OWA using the Microsoft Remote Connectivity Analyzer (set to use Autodiscover), and all is now good. Also closed outlook on a client side computer then re-launched outlook and the msstd Setting is now changed correctly in the OWA settings.
As far as rewarding points, I would give you all except I dont know if I also needed to restart IIS and HTTP as was suggested by "Jerseysam". So If I needed to do both things, I would split the points. If I did not need to restart those services, then I would give you all the points. Please advise.
0
 
jerseysamCommented:
May have been a combination of both as you say.

Put it to moderators maybe?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.