Solved

Exchange 2013 and Outlook - Certificate Problems

Posted on 2014-02-14
2
371 Views
Last Modified: 2014-04-05
I'm got a single Exchange 2013 server that I'm trying to configure.  A very simple network, four DCs in two locations connect via VPN.  Clients are using Outlook 2010 and OWA.

Originally, clients were able to connect to the exchange server with Outlook without any problem, they would just see some certificate errors.  Then I installed a publicly accessible certificate from RapidSSL to permit my OWA users to connect without seeing any nasty certificate errors.  The certificate works just fine for the OWA users outside the local network.

However, now this certificate appears to be affecting local users as well.  Users can no longer connect via Outlook.  I cannot even use Outlook at all since it will not let me set it up.   If I put a hosts entry to point the external domain to local exchange server, I can get connectivity between Outlook and Exchange, but I still get many certificate errors.  Without the hosts entry, I cannot configure outlook, even if I put the ip address of the exchange server or the hostname in the "Microsoft Exchange Server:" field.

I've tried to deploy the certificates via Group Policy, but I'm unsure if this is working correctly, or even if I've done it correctly.

Please take a look at the attachments.

Any help would be greatly appreciated.
AddNewAccount1.jpg
AddNewAccount2.jpg
AddNewAccount3.jpg
CertificateError1.jpg
CertificateError2.jpg
ExchangeAdminCenter.jpg
TrustedPublishers.jpg
TrustedRoot.jpg
0
Comment
Question by:encoad
2 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39860479
Exchange 2013 only uses Outlook Anywhere to connect.
That uses SSL, along with the other web services. Therefore you need to setup a split DNS system so that the external host name on your SSL certificate resolves internally, then configure Exchange to use the external host name for internal traffic as well.

I am still completing my Exchange 2013 version, but the 2010 method I have outlined here http://semb.ee/hostnames will work just as well - the script at the end works.

Simon.
0
 

Author Closing Comment

by:encoad
ID: 39980846
Used your new Exchange 2013 page to help configure things.

Thanks!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
how to add IIS SMTP to handle application/Scanner relays into office 365.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now