Page cannot be displayed on OWA 2007 after replacing cert for one user

Posted on 2014-04-28
Medium Priority
Last Modified: 2014-05-23
Hi, I renewed our certificate with GoDaddy this week.  GoDaddy no longer allows .local domains in their SSL certificates, so the only change, was that the .local domains were removed from this cert.  After installing the new cert, everyone can access OWA internally and externally except one user.  I've tried the following:

I checked the date and time on server and computer
I made sure no proxies were set
I can ping the owa server
I ran an SSL certificate test to make sure intermediaries were installed and it all passed.

When using IE, it says "Page cannot be displayed", when using chrome, it says "cannot connect to the real Mail.*******.com Something is currently interfering with your secure connection to mail.fireguardcorp.com.
Question by:Sean Rhudy

Expert Comment

ID: 40027941
We started renaming the .local domains.  It's just going that way with the SSL cert requirements.   But, there's other things that can be done.

First  create an internal authoritative domain for solyanik.com in your DNS server (on your domain controller, Administrative Tools -> DNS -> Forward Lookup Zones -> New Zone -> Primary Zone), and then create entries for autodiscover, www, mail, etc in this zone. Use the local IP addresses for these entries. This will become authoritative for inside of your network (and, obviously, ONLY for your internal network, as this DNS zone would not synchronize upstream).

Then do this to make sure all is well on the Exchange server itself  http://support.microsoft.com/kb/940726
LVL 35

Expert Comment

ID: 40028000
.local domains are not allowed anymore, so most of the CAs will not issue certs with .local names anymore. So the only way to create such certs is a local CA, which can issue such certs.
But exchange certs do not affect one single user. If you change your exchange mail domain and assign a corresponding cert, the clients should be fine.

The exchange cert is used to encrypt the traffic to the client, only if you use cert based autjentication, a client can be affected if it uses it own cert for authentication.

So the problem with the clients has another reason.

The client need the root certificate of the new cert to resolve it. So check if the root cert of your nes cert is in the client local cert store. If it is not there, the client tries to find the root cert over the internet. If no internet connection for the client is available, the certificate chain can not resolved.

The message from your client doesn't point me to a cert error. So check, if the client can really reach the owa address. It looks more than a configuration issue on the client.

If Outlook is installed on the client, check CTRL right mouse onto the outlook tray icon to see the connection properties.
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40028166
Can you ping the Exchange server from the client?

I agree with Bembi. Page Not Displayed is not a certificate related problem. I think that is just purely coincidental.

Accepted Solution

Sean Rhudy earned 0 total points
ID: 40073635
Rollup 13 caused the issue.  I uinstalled that rollup, and everything worked fine.

Author Closing Comment

by:Sean Rhudy
ID: 40085858
Rollup update 13 caused the "page cannot be displayed" error.  This is a known issue with this update.

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Small Business Server 2011. NOTE: This guide has been written using the preview version of SBS2011 therefore some of the screens may …
Organisation is organized in a pattern to flow the day to day business, every application and system is interdepended on each other and when very important “Exchange Server downtime” happened.
The video will let you know the exact process to import OST/PST files to the cloud based Office 365 mailboxes. Using Kernel Import PST to Office 365 tool, one can quickly import numerous OST/PST files to Office 365. Besides this, the tool also comes…
Watch the video to know the simple way to remove or recover or reset lost or forgotten passwords of Outlook PST file. With Kernel Outlook Password Recovery tool such operation is very easy to perform. It is a freeware with limitation to use with 500…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question