Outlook Anywhere - SBS 2011 & Outlook 2013

dbasplus
dbasplus used Ask the Experts™
on
I'm trying to set up Outlook Anywhere for some remote users we have. They will be running Outlook 2013 on their workstations. Our server is running SBS 2011 (which contains Exchange 2010), and everything internally is working fine.

Outlook Web Access works fine, but the users are required to use the full version of Outlook on a regular basis.

I've followed the steps in this article - http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_27725666.html - but still can't get it to work. I suspect the main difference is that I'm using Outlook 2013 which I don't think was available when that article was published.

We are using the SBS 2011 self-signed certificate which has been installed on the workstations. The workstations have never been part of the domain (and are unlikely to be as they are physically located in another state).

The error message I'm getting is "Cannot start Microsoft Outlook. Cannot open the Outlook window. The set of folders cannot be opened. The attempt to log on to Microsoft Exchange has failed."

Can anyone help please?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Co-Owner
Top Expert 2011
Commented:
Your problem is the self-signed certificate.  Install a proper 3rd party SSL certificate and it will work happily (or install the self-signed cert to the client).

Extract from http://technet.microsoft.com/en-us/library/dd351044(v=exchg.150).aspx

Outlook Anywhere won't work with a self-signed certificate on the Client Access server. Self-signed certificates must be manually copied to the trusted root certificate store on the client computer or mobile device. When a client connects to a server over SSL and the server presents a self-signed certificate, the client will be prompted to verify that the certificate was issued by a trusted authority. The client must explicitly trust the issuing authority. If the client confirms the trust, then SSL communications can continue.

Alan

Author

Commented:
Will get a 3rd party certificate later (before allowing all the users to start using it), but by the sounds of it I should be able to prove that it technically works with just the self-signed certificate, correct? This was already installed on the client by using the "Install Certificate Package" - would this have done everything I need, or do I need to do a further step? Certificates aren't my strong point I must admit.
Alan HardistyCo-Owner
Top Expert 2011

Commented:
I've only ever installed 3rd party certs with the public FQDN in them and it's always worked 1st time.

Never tried it with the self-issued cert and if the name of the cert is something.internaldomain.local, then it won't work because it can't be resolved in DNS.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
Ok I might have to bite the bullet and buy one then.

Any suggestions as to where I can find instructions for the process for obtaining/installing the certificate on the server & workstations?
Just go to Godaddy.

They're easy to obtain(cheap) and easy to install.
They have step by step animation flash..

Because they are 3rd party ,you don't need to install on anything but server.

Also a no brainer on smart devices.

Word of advice,when you request SSL common name ,use
remote.yourdomain.com and mail.yourdomain.com

yourdomain meaning your registered domain name.

two ways to do it,you can generate from the SSL wizard in SBS or use IIS to generate cert.
Gareth GudgerSolution Architect
Most Valuable Expert 2014
Top Expert 2014

Commented:
Will need autodiscover in there as well.

You will need to purchase a UC / SAN certificate.

Do a quick Google search for GoDsddy.com Promo Codes for additional savings. They usually offer multi-years discounts as well.

This article is focused on migrating from Exchange 2003 to 2010, but it does discuss designing an Exchange namespace, how to configure split brain DNS, and how to generate and apply a certificate.
http://supertekboy.com/2014/04/07/migrating-exchange-2003-2010-part-iii/

Author

Commented:
Seem to have got it working now with a 3rd party certificate. I didn't end up getting a UC/SAN certificate as we don't need autodiscover, but I will keep it in mind for the future.

I did use the RPCnofrontend fixup tool to make sure that the registry settings on the server were correct.

Thanks for your help!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial