Solved

Page cannot be displayed on OWA 2007 after replacing cert for one user

Posted on 2014-04-28
5
349 Views
Last Modified: 2014-05-23
Hi, I renewed our certificate with GoDaddy this week.  GoDaddy no longer allows .local domains in their SSL certificates, so the only change, was that the .local domains were removed from this cert.  After installing the new cert, everyone can access OWA internally and externally except one user.  I've tried the following:

I checked the date and time on server and computer
I made sure no proxies were set
I can ping the owa server
I ran an SSL certificate test to make sure intermediaries were installed and it all passed.

When using IE, it says "Page cannot be displayed", when using chrome, it says "cannot connect to the real Mail.*******.com Something is currently interfering with your secure connection to mail.fireguardcorp.com.
0
Comment
Question by:seanrhudy
5 Comments
 
LVL 3

Expert Comment

by:bmurray-vb
ID: 40027941
We started renaming the .local domains.  It's just going that way with the SSL cert requirements.   But, there's other things that can be done.

First  create an internal authoritative domain for solyanik.com in your DNS server (on your domain controller, Administrative Tools -> DNS -> Forward Lookup Zones -> New Zone -> Primary Zone), and then create entries for autodiscover, www, mail, etc in this zone. Use the local IP addresses for these entries. This will become authoritative for inside of your network (and, obviously, ONLY for your internal network, as this DNS zone would not synchronize upstream).

Then do this to make sure all is well on the Exchange server itself  http://support.microsoft.com/kb/940726
0
 
LVL 35

Expert Comment

by:Bembi
ID: 40028000
.local domains are not allowed anymore, so most of the CAs will not issue certs with .local names anymore. So the only way to create such certs is a local CA, which can issue such certs.
But exchange certs do not affect one single user. If you change your exchange mail domain and assign a corresponding cert, the clients should be fine.

The exchange cert is used to encrypt the traffic to the client, only if you use cert based autjentication, a client can be affected if it uses it own cert for authentication.

So the problem with the clients has another reason.

The client need the root certificate of the new cert to resolve it. So check if the root cert of your nes cert is in the client local cert store. If it is not there, the client tries to find the root cert over the internet. If no internet connection for the client is available, the certificate chain can not resolved.

The message from your client doesn't point me to a cert error. So check, if the client can really reach the owa address. It looks more than a configuration issue on the client.

If Outlook is installed on the client, check CTRL right mouse onto the outlook tray icon to see the connection properties.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40028166
Can you ping the Exchange server from the client?

I agree with Bembi. Page Not Displayed is not a certificate related problem. I think that is just purely coincidental.
0
 

Accepted Solution

by:
seanrhudy earned 0 total points
ID: 40073635
Rollup 13 caused the issue.  I uinstalled that rollup, and everything worked fine.
0
 

Author Closing Comment

by:seanrhudy
ID: 40085858
Rollup update 13 caused the "page cannot be displayed" error.  This is a known issue with this update.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now