Solved

When I open outlook on a workstation, I get a security alert, need help to resolve this also 2 of the workstations in the domain shown as offline

Posted on 2014-10-27
11
85 Views
Last Modified: 2014-11-06
I have a small network with SBS 2011 with 5 workstations. Using outlook 2010 for email. Everything has been working fine and suddenly I have started getting the pop up when start Outlook on any of the workstations - "Security alert" remote.konidas.com.au -InformationSecurity alert
I have tried "view certificate" and install as trusted certificate, but it does nothing. At this stage I do not want to purchase commercial certificate. I want to create self assigned certificate as mostly the email are used in-house.

 Security alertCan someone give me some guidance please to fix this?

Also 2 of the workstations always show offline status on SBS console even if they are online. They are receiving email and able to connect to server directories. I have even accounts and reconnected them. I need some assistance in this please.
0
Comment
Question by:Shaun-1
  • 6
  • 5
11 Comments
 
LVL 10

Expert Comment

by:Maclean
ID: 40407722
A certificate from a trusted provider is so cheap that it easily outweighs any reasons for not implementing it.
The time spend trying to get things working with self signed certs will be more costly than getting it done the way it was meant to be from starters. I think its approx $80-90 USD per year average, compare that vs hourly wages and time spend on getting self signed working, and one would easily reap the benefits straight away unless your time has no cost attached to it :)

There are even some free SSL providers online such as StartSSL.

What you need to do when using self signed is write a group policy that imports the self signed root certificates into the trusted store.

http://technet.microsoft.com/en-us/library/cc770315(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc733026.aspx

The second problem that the cert shows is that your URL is incorrectly configured on the certificate.
The below article describes how to rectify this

http://support2.microsoft.com/kb/940726
0
 

Author Comment

by:Shaun-1
ID: 40407766
What was the reason for it work OK before without this issue? What I could have done to make it to wake up?
I have another installation similar to this, I may have to get ready for that as well? I will try and follow the links above to solve the issue.
0
 
LVL 10

Expert Comment

by:Maclean
ID: 40407776
Did you recently change from a paid SSL cert to a self signed one?
If changes are made to the certificate, but the IIS Service is not restarted on Exchange, than it can take some time before the change becomes obvious to the clients.

But there are more potential variables which could impact this. I would go through the system and application logs to find if anything obvious was changed in the past week.
0
 

Author Comment

by:Shaun-1
ID: 40407789
The installation of sbs 2011was done by someone else. I have just inherited it. As far as I am aware we never had a paid certificate. While following the procedure,

"Follow the instructions in the Certificate Import Wizard to find and import the certificate"
I have no certificate, so tried to create one led me to Exchange Management Console here I do not see server configuration, I guess it has got something to do permissions, I have logged in as Administrator? What else?
Anything to do with OUTLOOK 2010 installation on server?
0
 
LVL 10

Expert Comment

by:Maclean
ID: 40411921
Outlook 2010 should preferably not be installed on the Exchange Server if this is what you are implying.
It is not a recommended scenario. although I cannot locate a reason explaining why this is not recommended. by Microsoft, and what the impact of that could be. "If in doubt, don't" would be my rule of thumb.

Your certificate should be visible on either your IIS console under certificates on the Exchange server (See here ), or you can browse to the mmc.msc snap in (See here )

Found a MS article showing where on exchange you can locate certificate details as well

http://technet.microsoft.com/en-us/library/dd335060(v=exchg.141).aspx

If not familiar with Exchange I would recommend having a full server snapshot just in case anything goes wrong and you are required to revert changes.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:Shaun-1
ID: 40414707
Hmm! looks like I have a bit of work to do.
0
 
LVL 10

Expert Comment

by:Maclean
ID: 40414735
Yes, for this reason having a $80-90 dollar signed certificate from GoDaddy or other, would be a better and more secure option, which should save you more time and money than trying fix it with less secure self signed certificates
0
 

Author Comment

by:Shaun-1
ID: 40414864
Do you mean I do not need to go through all the hassles? Could you please forward me a link which I can follow to successfully install a SSL certificate on server SBS 2011?
0
 
LVL 10

Expert Comment

by:Maclean
ID: 40414957
Step 1: https://support.godaddy.com/help/article/6086/generating-a-certificate-signing-request-csr-exchange-server-2010?countrysite=nz

Step 2: https://support.godaddy.com/help/article/5863/installing-an-ssl-certificate-in-microsoft-exchange-server-2010

You just need to make sure that you have all the proper server names used for in & external mail access such as e.g. webmail.domain.com This is more clearly displayed in the below article.

But again, if not sure what you are about to do, it might pay checking with a experienced MS Exchange technician to help out. Would hate for things to go wrong.
http://exchangeserverpro.com/configure-an-ssl-certificate-for-exchange-server-2010/
0
 

Accepted Solution

by:
Shaun-1 earned 0 total points
ID: 40417627
Thank you for your guidance. It was very helpful.
0
 

Author Closing Comment

by:Shaun-1
ID: 40425782
I am going to try and implement the solution given when it is possible. It is good when someone with experience is providing guidance to choose the right path.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now