Solved

Exchange 2013 and Outlook - Certificate Problems

Posted on 2014-02-14
2
367 Views
Last Modified: 2014-04-05
I'm got a single Exchange 2013 server that I'm trying to configure.  A very simple network, four DCs in two locations connect via VPN.  Clients are using Outlook 2010 and OWA.

Originally, clients were able to connect to the exchange server with Outlook without any problem, they would just see some certificate errors.  Then I installed a publicly accessible certificate from RapidSSL to permit my OWA users to connect without seeing any nasty certificate errors.  The certificate works just fine for the OWA users outside the local network.

However, now this certificate appears to be affecting local users as well.  Users can no longer connect via Outlook.  I cannot even use Outlook at all since it will not let me set it up.   If I put a hosts entry to point the external domain to local exchange server, I can get connectivity between Outlook and Exchange, but I still get many certificate errors.  Without the hosts entry, I cannot configure outlook, even if I put the ip address of the exchange server or the hostname in the "Microsoft Exchange Server:" field.

I've tried to deploy the certificates via Group Policy, but I'm unsure if this is working correctly, or even if I've done it correctly.

Please take a look at the attachments.

Any help would be greatly appreciated.
AddNewAccount1.jpg
AddNewAccount2.jpg
AddNewAccount3.jpg
CertificateError1.jpg
CertificateError2.jpg
ExchangeAdminCenter.jpg
TrustedPublishers.jpg
TrustedRoot.jpg
0
Comment
Question by:encoad
2 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39860479
Exchange 2013 only uses Outlook Anywhere to connect.
That uses SSL, along with the other web services. Therefore you need to setup a split DNS system so that the external host name on your SSL certificate resolves internally, then configure Exchange to use the external host name for internal traffic as well.

I am still completing my Exchange 2013 version, but the 2010 method I have outlined here http://semb.ee/hostnames will work just as well - the script at the end works.

Simon.
0
 

Author Closing Comment

by:encoad
ID: 39980846
Used your new Exchange 2013 page to help configure things.

Thanks!
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video discusses moving either the default database or any database to a new volume.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now