Solved

Page cannot be displayed on OWA 2007 after replacing cert for one user

Posted on 2014-04-28
5
354 Views
Last Modified: 2014-05-23
Hi, I renewed our certificate with GoDaddy this week.  GoDaddy no longer allows .local domains in their SSL certificates, so the only change, was that the .local domains were removed from this cert.  After installing the new cert, everyone can access OWA internally and externally except one user.  I've tried the following:

I checked the date and time on server and computer
I made sure no proxies were set
I can ping the owa server
I ran an SSL certificate test to make sure intermediaries were installed and it all passed.

When using IE, it says "Page cannot be displayed", when using chrome, it says "cannot connect to the real Mail.*******.com Something is currently interfering with your secure connection to mail.fireguardcorp.com.
0
Comment
Question by:Sean Rhudy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 3

Expert Comment

by:bmurray-vb
ID: 40027941
We started renaming the .local domains.  It's just going that way with the SSL cert requirements.   But, there's other things that can be done.

First  create an internal authoritative domain for solyanik.com in your DNS server (on your domain controller, Administrative Tools -> DNS -> Forward Lookup Zones -> New Zone -> Primary Zone), and then create entries for autodiscover, www, mail, etc in this zone. Use the local IP addresses for these entries. This will become authoritative for inside of your network (and, obviously, ONLY for your internal network, as this DNS zone would not synchronize upstream).

Then do this to make sure all is well on the Exchange server itself  http://support.microsoft.com/kb/940726
0
 
LVL 35

Expert Comment

by:Bembi
ID: 40028000
.local domains are not allowed anymore, so most of the CAs will not issue certs with .local names anymore. So the only way to create such certs is a local CA, which can issue such certs.
But exchange certs do not affect one single user. If you change your exchange mail domain and assign a corresponding cert, the clients should be fine.

The exchange cert is used to encrypt the traffic to the client, only if you use cert based autjentication, a client can be affected if it uses it own cert for authentication.

So the problem with the clients has another reason.

The client need the root certificate of the new cert to resolve it. So check if the root cert of your nes cert is in the client local cert store. If it is not there, the client tries to find the root cert over the internet. If no internet connection for the client is available, the certificate chain can not resolved.

The message from your client doesn't point me to a cert error. So check, if the client can really reach the owa address. It looks more than a configuration issue on the client.

If Outlook is installed on the client, check CTRL right mouse onto the outlook tray icon to see the connection properties.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40028166
Can you ping the Exchange server from the client?

I agree with Bembi. Page Not Displayed is not a certificate related problem. I think that is just purely coincidental.
0
 

Accepted Solution

by:
Sean Rhudy earned 0 total points
ID: 40073635
Rollup 13 caused the issue.  I uinstalled that rollup, and everything worked fine.
0
 

Author Closing Comment

by:Sean Rhudy
ID: 40085858
Rollup update 13 caused the "page cannot be displayed" error.  This is a known issue with this update.
0

Featured Post

Increase Agility with Enabled Toolchains

Connect your existing build, deployment, management, monitoring, and collaboration platforms. From Puppet to Chef, HipChat to Slack, ServiceNow to JIRA, Splunk to New Relic and beyond, hand off data between systems to engage the right people.

Connect with xMatters.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction At 19:33 (UST) on Tuesday 21st September the long awaited email arrived with the subject title of “ANNOUNCING THE AVAILABILITY OF WINDOWS SBS 7 PREVIEW”.  It was time to drop whatever I was doing and dedicate as much bandwidth as possi…
This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Small Business Server 2011. NOTE: This guide has been written using the preview version of SBS2011 therefore some of the screens may …
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question