Solved

Page cannot be displayed on OWA 2007 after replacing cert for one user

Posted on 2014-04-28
5
351 Views
Last Modified: 2014-05-23
Hi, I renewed our certificate with GoDaddy this week.  GoDaddy no longer allows .local domains in their SSL certificates, so the only change, was that the .local domains were removed from this cert.  After installing the new cert, everyone can access OWA internally and externally except one user.  I've tried the following:

I checked the date and time on server and computer
I made sure no proxies were set
I can ping the owa server
I ran an SSL certificate test to make sure intermediaries were installed and it all passed.

When using IE, it says "Page cannot be displayed", when using chrome, it says "cannot connect to the real Mail.*******.com Something is currently interfering with your secure connection to mail.fireguardcorp.com.
0
Comment
Question by:seanrhudy
5 Comments
 
LVL 3

Expert Comment

by:bmurray-vb
ID: 40027941
We started renaming the .local domains.  It's just going that way with the SSL cert requirements.   But, there's other things that can be done.

First  create an internal authoritative domain for solyanik.com in your DNS server (on your domain controller, Administrative Tools -> DNS -> Forward Lookup Zones -> New Zone -> Primary Zone), and then create entries for autodiscover, www, mail, etc in this zone. Use the local IP addresses for these entries. This will become authoritative for inside of your network (and, obviously, ONLY for your internal network, as this DNS zone would not synchronize upstream).

Then do this to make sure all is well on the Exchange server itself  http://support.microsoft.com/kb/940726
0
 
LVL 35

Expert Comment

by:Bembi
ID: 40028000
.local domains are not allowed anymore, so most of the CAs will not issue certs with .local names anymore. So the only way to create such certs is a local CA, which can issue such certs.
But exchange certs do not affect one single user. If you change your exchange mail domain and assign a corresponding cert, the clients should be fine.

The exchange cert is used to encrypt the traffic to the client, only if you use cert based autjentication, a client can be affected if it uses it own cert for authentication.

So the problem with the clients has another reason.

The client need the root certificate of the new cert to resolve it. So check if the root cert of your nes cert is in the client local cert store. If it is not there, the client tries to find the root cert over the internet. If no internet connection for the client is available, the certificate chain can not resolved.

The message from your client doesn't point me to a cert error. So check, if the client can really reach the owa address. It looks more than a configuration issue on the client.

If Outlook is installed on the client, check CTRL right mouse onto the outlook tray icon to see the connection properties.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40028166
Can you ping the Exchange server from the client?

I agree with Bembi. Page Not Displayed is not a certificate related problem. I think that is just purely coincidental.
0
 

Accepted Solution

by:
seanrhudy earned 0 total points
ID: 40073635
Rollup 13 caused the issue.  I uinstalled that rollup, and everything worked fine.
0
 

Author Closing Comment

by:seanrhudy
ID: 40085858
Rollup update 13 caused the "page cannot be displayed" error.  This is a known issue with this update.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This guide is intended for migrating Windows 2003 Standard with Exchange 2003 to Windows Small Business Server 2008. You will need the following: Exchange Best Practice Analyzer: http://www.microsoft.com/downloads/details.aspx?FamilyID=DBAB201F-…
The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question