Solved

OWA settings in Outlook

Posted on 2014-01-31
7
736 Views
Last Modified: 2014-02-09
2 days ago, we changed our exchange SSL certificate from a wildcard type (*.domain.com) to a std UCC certificate. The issue this has caused is for some reason, users OWA settings in Outlook continue to still show the wildcard setting for the Mutual Authentication Principal Name: (msstd:*.domain.com) for existing users. Checked this against against a new user as well and the setting automatically pushed out wrong (still using the wildcard name).
How can I get the settings for OWA to automatically push out correctly to outlook?
0
Comment
Question by:keamalsa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 15

Assisted Solution

by:jerseysam
jerseysam earned 150 total points
ID: 39824382
Have you restarted IIS?

 iisreset /stop

 net stop http

 net start http

iisreset /start


Also did you install the new certificate via EMS? If so then you may need to take the steps summarised in the posts:

https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1248

and

https://sslguru.com/faq/technical-questions/why-does-owa-still-use-the-old-certificate-even-if-it-was-changed.html
0
 

Author Comment

by:keamalsa
ID: 39824530
I did not install with the EMS. I used the Command shell.

I had not restarted IIS or http.

So, I just did on both of our exchange servers.
I immediately went back in to check the OWA settings, but they still have not changed. Arent these setting really in AD on the Domain Controller?
Do I need to wait a period of time before this change is sync'd over to the DCs?
I did open the 1st link you sent anyway and followed it to verify that indeed yes, IIS is using the new certificate. What next?
0
 
LVL 15

Expert Comment

by:jerseysam
ID: 39824592
Have you fully removed the old certificate so it can't be referenced?
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:keamalsa
ID: 39824607
No, I have not removed it. What is the best method to remove it?
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 350 total points
ID: 39824833
Autodiscover isn't affected by the old certificate.
Have you changed the MSSTD value in Exchange?

get-outlookprovider | select identity, certprinciplename

Then to change it run:

Set-OutlookProvider -identity EXPR -CertPrincipalname msstd:host.example.com

Simon.
0
 

Author Comment

by:keamalsa
ID: 39825013
Thanks Simon!!!
Running the get command showed me that the CertPrincipalName still had the old setting.
After running the set command and verifying the change, then waiting for Exchange and AD to replicate, the msstd setting for OWA in outlook has changed to the value we need. Checked OWA using the Microsoft Remote Connectivity Analyzer (set to use Autodiscover), and all is now good. Also closed outlook on a client side computer then re-launched outlook and the msstd Setting is now changed correctly in the OWA settings.
As far as rewarding points, I would give you all except I dont know if I also needed to restart IIS and HTTP as was suggested by "Jerseysam". So If I needed to do both things, I would split the points. If I did not need to restart those services, then I would give you all the points. Please advise.
0
 
LVL 15

Expert Comment

by:jerseysam
ID: 39825115
May have been a combination of both as you say.

Put it to moderators maybe?
0

Featured Post

Database Solutions Engineer FAQs

In this series, we will discuss common questions received as a database Solutions Engineer at Percona. In this role, we speak with a wide array of MySQL and MongoDB users responsible for both extremely large and complex environments to smaller single-server environments.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
This article describes how to import Lotus Notes Contacts into Outlook 2016, 2013, 2010 and 2007 etc. with a few manual steps. You can easily export and migrate Lotus Notes contacts into Microsoft Outlook without having to use any third party tools.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question