[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Page cannot be displayed on OWA 2007 after replacing cert for one user

Posted on 2014-04-28
5
Medium Priority
?
358 Views
Last Modified: 2014-05-23
Hi, I renewed our certificate with GoDaddy this week.  GoDaddy no longer allows .local domains in their SSL certificates, so the only change, was that the .local domains were removed from this cert.  After installing the new cert, everyone can access OWA internally and externally except one user.  I've tried the following:

I checked the date and time on server and computer
I made sure no proxies were set
I can ping the owa server
I ran an SSL certificate test to make sure intermediaries were installed and it all passed.

When using IE, it says "Page cannot be displayed", when using chrome, it says "cannot connect to the real Mail.*******.com Something is currently interfering with your secure connection to mail.fireguardcorp.com.
0
Comment
Question by:Sean Rhudy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 3

Expert Comment

by:bmurray-vb
ID: 40027941
We started renaming the .local domains.  It's just going that way with the SSL cert requirements.   But, there's other things that can be done.

First  create an internal authoritative domain for solyanik.com in your DNS server (on your domain controller, Administrative Tools -> DNS -> Forward Lookup Zones -> New Zone -> Primary Zone), and then create entries for autodiscover, www, mail, etc in this zone. Use the local IP addresses for these entries. This will become authoritative for inside of your network (and, obviously, ONLY for your internal network, as this DNS zone would not synchronize upstream).

Then do this to make sure all is well on the Exchange server itself  http://support.microsoft.com/kb/940726
0
 
LVL 35

Expert Comment

by:Bembi
ID: 40028000
.local domains are not allowed anymore, so most of the CAs will not issue certs with .local names anymore. So the only way to create such certs is a local CA, which can issue such certs.
But exchange certs do not affect one single user. If you change your exchange mail domain and assign a corresponding cert, the clients should be fine.

The exchange cert is used to encrypt the traffic to the client, only if you use cert based autjentication, a client can be affected if it uses it own cert for authentication.

So the problem with the clients has another reason.

The client need the root certificate of the new cert to resolve it. So check if the root cert of your nes cert is in the client local cert store. If it is not there, the client tries to find the root cert over the internet. If no internet connection for the client is available, the certificate chain can not resolved.

The message from your client doesn't point me to a cert error. So check, if the client can really reach the owa address. It looks more than a configuration issue on the client.

If Outlook is installed on the client, check CTRL right mouse onto the outlook tray icon to see the connection properties.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40028166
Can you ping the Exchange server from the client?

I agree with Bembi. Page Not Displayed is not a certificate related problem. I think that is just purely coincidental.
0
 

Accepted Solution

by:
Sean Rhudy earned 0 total points
ID: 40073635
Rollup 13 caused the issue.  I uinstalled that rollup, and everything worked fine.
0
 

Author Closing Comment

by:Sean Rhudy
ID: 40085858
Rollup update 13 caused the "page cannot be displayed" error.  This is a known issue with this update.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This guide is intended for migrating Windows 2003 Standard with Exchange 2003 to Windows Small Business Server 2008. You will need the following: Exchange Best Practice Analyzer: http://www.microsoft.com/downloads/details.aspx?FamilyID=DBAB201F-…
This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Small Business Server 2011. NOTE: This guide has been written using the preview version of SBS2011 therefore some of the screens may …
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question