?
Solved

Exchange 2013 and Outlook - Certificate Problems

Posted on 2014-02-14
2
Medium Priority
?
393 Views
Last Modified: 2014-04-05
I'm got a single Exchange 2013 server that I'm trying to configure.  A very simple network, four DCs in two locations connect via VPN.  Clients are using Outlook 2010 and OWA.

Originally, clients were able to connect to the exchange server with Outlook without any problem, they would just see some certificate errors.  Then I installed a publicly accessible certificate from RapidSSL to permit my OWA users to connect without seeing any nasty certificate errors.  The certificate works just fine for the OWA users outside the local network.

However, now this certificate appears to be affecting local users as well.  Users can no longer connect via Outlook.  I cannot even use Outlook at all since it will not let me set it up.   If I put a hosts entry to point the external domain to local exchange server, I can get connectivity between Outlook and Exchange, but I still get many certificate errors.  Without the hosts entry, I cannot configure outlook, even if I put the ip address of the exchange server or the hostname in the "Microsoft Exchange Server:" field.

I've tried to deploy the certificates via Group Policy, but I'm unsure if this is working correctly, or even if I've done it correctly.

Please take a look at the attachments.

Any help would be greatly appreciated.
AddNewAccount1.jpg
AddNewAccount2.jpg
AddNewAccount3.jpg
CertificateError1.jpg
CertificateError2.jpg
ExchangeAdminCenter.jpg
TrustedPublishers.jpg
TrustedRoot.jpg
0
Comment
Question by:encoad
2 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 2000 total points
ID: 39860479
Exchange 2013 only uses Outlook Anywhere to connect.
That uses SSL, along with the other web services. Therefore you need to setup a split DNS system so that the external host name on your SSL certificate resolves internally, then configure Exchange to use the external host name for internal traffic as well.

I am still completing my Exchange 2013 version, but the 2010 method I have outlined here http://semb.ee/hostnames will work just as well - the script at the end works.

Simon.
0
 

Author Closing Comment

by:encoad
ID: 39980846
Used your new Exchange 2013 page to help configure things.

Thanks!
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Jet database engine errors can crop up out of nowhere to disrupt the working of the Exchange server. Decoding why a particular error occurs goes a long way in determining the right solution for it.
Upgrading from older Exchange server to the latest Exchange server can be tiresome, error-prone and risky, without being a seasoned exchange server administrators. It can become even problematic if you're an organization that runs on tight timeline…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question