cant connect outlook to exchange 2013

I am setting up a brand new exchange server 2013 on server 2012R2. I can send and receive email from owa but cant connect from outlook.
here is the details of my setup.
server 2012 R2, exchange CU5 installed and working ok for sending and receiving email via owa.
client computer is windows 8 pro and joined to domain. office 2013 is installed.
when I try to connect outlook for first time I cant connect. screen shots are attached.
I haven't installed SSl certificate from a provider, still running on the default certificate. Does that cause issue? I am planning to purchase a certificate soon after the server is ready to go online live.
can some one help.?
thanks in advance
Who is Participating?
MacleanConnect With a Mentor System EngineerCommented:
I'd suggest buying the SSL Cert now regardless, it will only expedite having it ready, rather than using self signed, fixing any issues related to it, testing till ok, than buying SSL, and re-testing. Take out a step.

Could you run from Exchange CLI (Exchange Powershell)  the test-outlookwebservices command please?
This will show if you are having issues on any of the services..

It will want to create a default test mailbox. If not sure how to do so, on the Exchange Powershell simply go to the Exchange Scripts directory via cd $exscripts and type in  .\New-TestCasConnectivityUser.PS1

Choose a random PW (Just hit some keys on the board, no need to remember it) and run the test-outlookwebservices again.

Your client is also referencing proxy. Perhaps try disabling proxy on the user PC for testing purposes only, in order to narrow down the possible causes.
Gareth GudgerCommented:
I agree with Maclean. I would get the UC / SAN certificate from a third party provider. Its going to save you a lot of heartache.

The cost of the cert easily offsets your time.

Whole process on namespace, certs and DNS documented here.
Self-signed should work just fine.  

Go to your exchange server and export the trusted root certificate for your exchange server and install it on the workstation.
Start > mmc > File >  add snap-in > certificates > add> computer account > next > local computer > finish > ok
find you exchange server name > right click > all tasks > export > next > next > name it > finish.
Then import it on your workstation pretty much reversing what I just showed you.
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

VirastaRUC Tech Consultant Commented:

Check this article from Technet and its resolved, i am suggesdting this solution based on the screenshots you shared.

Outlook gives an error for Proxy Server Certificate

I guess this will resolve the issue, if not feel free to shout back!
VirastaRUC Tech Consultant Commented:
bijumdamAuthor Commented:
Hi Guys
Thanks for all posts and support,
I think I could resolve the issue, I purchased new SSl certificate and installed, changed iis and SMTP services to new certificate and now outlook connects. Its really strange even self signed certificate didn't work.
Thanks again and I will keep posted if I find any further issue.
Kind regards
bijumdamAuthor Commented:
hi Guys
Just want to let you know Now I am getting a different error on out look. I have new SSl certificate install on server and outlook started working but still getting certificate warning. and on outlook 2013 edition I get proxy server error every time I open outlook. Please see attachments. Outlooks works ok but always error comes in...
can help?
kind regards
MacleanConnect With a Mentor System EngineerCommented:
Looks like you need to load the new certificate onto your firewall appliance.
If using Microsoft ISA or TMG, make sure you replace the existing old cert on the listener, and add the new one.

If you have a different type of solution you would need to refer their information.
Another thing is to test the outlook web services as per my 1st post.
bijumdamAuthor Commented:
Thanks Maclean
Please find the attachment , i am getting that error when trying to  test-outlookwebservices command.
MacleanConnect With a Mentor System EngineerCommented:
Ok, I will need to be inventive here. Judging from first error it could be the PW.

Try the user creation script again, but type in a longer PW, just some numbers, letters and characters in random should do.
Also check if the username "extest_6df7519dae1e4" was created on AD. If yes delete it before running script again.

If script still fails, logon to exchange, and create the mailbox for extest_6df7519dae1e4 yourself by selecting new mailbox, and when prompted for new or existing user, select new user (Drop into default users OU if prompted)

Once done, try the test again.

Is there an internal firewall at all btw? If not, than my earlier remark on TMG/ISA should not apply. We might need to check that all paths on exchange are set correct, but the test-outlookwebservices will help here.
bijumdamAuthor Commented:
yes, did same and disable all firewall, still same error..
Gareth GudgerConnect With a Mentor Commented:
Have you made sure all your Internal URLs are correct? They need to match a name you have on your cert.

Also, configure split-brain DNS. All in this article.
MacleanSystem EngineerCommented:
So when you say you "did the same", you meant you checked if the "extest_6df7519dae1e4" user/mailbox already existed, or you created it manually for testing purposes?
I have had some issues at times in the past creating the account myself, but usually they are simple to fix.

Perhaps have a look at this suggestion. You could open up the PS1 file, copy it for backup, and amend the original as per below suggestion

As Gareth recommends as well check that all your internal links are ok
You can locate this on the server section under virtual directories.
bijumdamAuthor Commented:
I had to create "extest_6df7519dae1e4" manually. It was not there. but even creating manually it showed same error. Ok I will try as you said above. and I made changes according to and all my internal URLs are now same as external including auto discover. but error stays as it was.
So I strongly believe there is something missing in my SSl certificate. I might ask to reissue again with current settings.
one question before I create new CSR.
when creating certificate request in auto discover section intranet it shows as "" ( which is my external domain), but in auto discover internet it is " Autodiscover.mydomain.local," ( "secure" not showing there) is that correct or do i need to change it to external domain as well?
MacleanConnect With a Mentor System EngineerCommented:
Apologies for the delays. Having a busy day at the office.

The issue likely is the cert yes. The test-outlookwebservices is just to assist in confirming that this indeed is the only issue.
But if it is going to create more work, than perhaps we can focus on just the cert, and leave the rest only if problems persist.

As per Gareth his comment, your autodiscovery URL's should be the same on the certificate.

You can either copy the autodiscovery url from the certificate onto your Exchange settings, to ensure they conform to each other, or you can get the newly configured autodiscovery URL's added to the certificate.
If there is no proxy in between which might need this cert for external connectivity than that should be no problem. If there is a proxy, make sure the proxy has the new cert loaded after creation.
The names entered on the exchange need to be accessible internally when doing a ping or nslookup to them via your local DNS.

I always thought that the below url helped explaining what to put into a cert for 2013 quite well. Perhaps it will assist you with this issue if I am unable to respond in a timely fashion. (Part 3 would be where you seem to be at)
Link to 2013 Certificate guide
bijumdamAuthor Commented:
Thanks mate,
I will keep you posted the outcome....
All Courses

From novice to tech pro — start learning today.