Exchange 2013 and Outlook - Certificate Problems

I'm got a single Exchange 2013 server that I'm trying to configure.  A very simple network, four DCs in two locations connect via VPN.  Clients are using Outlook 2010 and OWA.

Originally, clients were able to connect to the exchange server with Outlook without any problem, they would just see some certificate errors.  Then I installed a publicly accessible certificate from RapidSSL to permit my OWA users to connect without seeing any nasty certificate errors.  The certificate works just fine for the OWA users outside the local network.

However, now this certificate appears to be affecting local users as well.  Users can no longer connect via Outlook.  I cannot even use Outlook at all since it will not let me set it up.   If I put a hosts entry to point the external domain to local exchange server, I can get connectivity between Outlook and Exchange, but I still get many certificate errors.  Without the hosts entry, I cannot configure outlook, even if I put the ip address of the exchange server or the hostname in the "Microsoft Exchange Server:" field.

I've tried to deploy the certificates via Group Policy, but I'm unsure if this is working correctly, or even if I've done it correctly.

Please take a look at the attachments.

Any help would be greatly appreciated.
AddNewAccount1.jpg
AddNewAccount2.jpg
AddNewAccount3.jpg
CertificateError1.jpg
CertificateError2.jpg
ExchangeAdminCenter.jpg
TrustedPublishers.jpg
TrustedRoot.jpg
encoadAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
Exchange 2013 only uses Outlook Anywhere to connect.
That uses SSL, along with the other web services. Therefore you need to setup a split DNS system so that the external host name on your SSL certificate resolves internally, then configure Exchange to use the external host name for internal traffic as well.

I am still completing my Exchange 2013 version, but the 2010 method I have outlined here http://semb.ee/hostnames will work just as well - the script at the end works.

Simon.
0
 
encoadAuthor Commented:
Used your new Exchange 2013 page to help configure things.

Thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.