Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

OWA settings in Outlook

Posted on 2014-01-31
7
Medium Priority
?
742 Views
Last Modified: 2014-02-09
2 days ago, we changed our exchange SSL certificate from a wildcard type (*.domain.com) to a std UCC certificate. The issue this has caused is for some reason, users OWA settings in Outlook continue to still show the wildcard setting for the Mutual Authentication Principal Name: (msstd:*.domain.com) for existing users. Checked this against against a new user as well and the setting automatically pushed out wrong (still using the wildcard name).
How can I get the settings for OWA to automatically push out correctly to outlook?
0
Comment
Question by:keamalsa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 15

Assisted Solution

by:jerseysam
jerseysam earned 600 total points
ID: 39824382
Have you restarted IIS?

 iisreset /stop

 net stop http

 net start http

iisreset /start


Also did you install the new certificate via EMS? If so then you may need to take the steps summarised in the posts:

https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1248

and

https://sslguru.com/faq/technical-questions/why-does-owa-still-use-the-old-certificate-even-if-it-was-changed.html
0
 

Author Comment

by:keamalsa
ID: 39824530
I did not install with the EMS. I used the Command shell.

I had not restarted IIS or http.

So, I just did on both of our exchange servers.
I immediately went back in to check the OWA settings, but they still have not changed. Arent these setting really in AD on the Domain Controller?
Do I need to wait a period of time before this change is sync'd over to the DCs?
I did open the 1st link you sent anyway and followed it to verify that indeed yes, IIS is using the new certificate. What next?
0
 
LVL 15

Expert Comment

by:jerseysam
ID: 39824592
Have you fully removed the old certificate so it can't be referenced?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:keamalsa
ID: 39824607
No, I have not removed it. What is the best method to remove it?
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 1400 total points
ID: 39824833
Autodiscover isn't affected by the old certificate.
Have you changed the MSSTD value in Exchange?

get-outlookprovider | select identity, certprinciplename

Then to change it run:

Set-OutlookProvider -identity EXPR -CertPrincipalname msstd:host.example.com

Simon.
0
 

Author Comment

by:keamalsa
ID: 39825013
Thanks Simon!!!
Running the get command showed me that the CertPrincipalName still had the old setting.
After running the set command and verifying the change, then waiting for Exchange and AD to replicate, the msstd setting for OWA in outlook has changed to the value we need. Checked OWA using the Microsoft Remote Connectivity Analyzer (set to use Autodiscover), and all is now good. Also closed outlook on a client side computer then re-launched outlook and the msstd Setting is now changed correctly in the OWA settings.
As far as rewarding points, I would give you all except I dont know if I also needed to restart IIS and HTTP as was suggested by "Jerseysam". So If I needed to do both things, I would split the points. If I did not need to restart those services, then I would give you all the points. Please advise.
0
 
LVL 15

Expert Comment

by:jerseysam
ID: 39825115
May have been a combination of both as you say.

Put it to moderators maybe?
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

661 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question