Solved

Exchange 2013 and Outlook - Certificate Problems

Posted on 2014-02-14
2
377 Views
Last Modified: 2014-04-05
I'm got a single Exchange 2013 server that I'm trying to configure.  A very simple network, four DCs in two locations connect via VPN.  Clients are using Outlook 2010 and OWA.

Originally, clients were able to connect to the exchange server with Outlook without any problem, they would just see some certificate errors.  Then I installed a publicly accessible certificate from RapidSSL to permit my OWA users to connect without seeing any nasty certificate errors.  The certificate works just fine for the OWA users outside the local network.

However, now this certificate appears to be affecting local users as well.  Users can no longer connect via Outlook.  I cannot even use Outlook at all since it will not let me set it up.   If I put a hosts entry to point the external domain to local exchange server, I can get connectivity between Outlook and Exchange, but I still get many certificate errors.  Without the hosts entry, I cannot configure outlook, even if I put the ip address of the exchange server or the hostname in the "Microsoft Exchange Server:" field.

I've tried to deploy the certificates via Group Policy, but I'm unsure if this is working correctly, or even if I've done it correctly.

Please take a look at the attachments.

Any help would be greatly appreciated.
AddNewAccount1.jpg
AddNewAccount2.jpg
AddNewAccount3.jpg
CertificateError1.jpg
CertificateError2.jpg
ExchangeAdminCenter.jpg
TrustedPublishers.jpg
TrustedRoot.jpg
0
Comment
Question by:encoad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39860479
Exchange 2013 only uses Outlook Anywhere to connect.
That uses SSL, along with the other web services. Therefore you need to setup a split DNS system so that the external host name on your SSL certificate resolves internally, then configure Exchange to use the external host name for internal traffic as well.

I am still completing my Exchange 2013 version, but the 2010 method I have outlined here http://semb.ee/hostnames will work just as well - the script at the end works.

Simon.
0
 

Author Closing Comment

by:encoad
ID: 39980846
Used your new Exchange 2013 page to help configure things.

Thanks!
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In-place Upgrading Dirsync to Azure AD Connect
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question