Help Users cannot connect to new exchnage Internally

Hi All just setup a new domain with exchange 2013 users are using office 2010.

on opening outlook it starts to configure email, we get a cert error but that is because we have not installed one yet.

it cannot seem to resolve the user name, I thought you could use the standard cert, could this be the issue??
pepps11976Asked:
Who is Participating?
 
Adam FarageEnterprise ArchCommented:
Exchange 2013 requires AutoDiscover as Anand said. Since the clients are internal you would setup the namespace for AutoDiscover using the Active Directory SCP object, you can do that by doing the following:

Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverInternalUri https://autodiscover.company.com/autodiscover/autodiscover.xml

From there you would do two things:

1) make sure the autodiscover FQDN is within the SSL certificate assigned to the Exchange server (IIS) and then restart IIS using IISRESET /NOFORCE
2) make sure DNS for the autodiscover.company.com domain is pointed to either a load balancer (if one exists) or the Exchange CAS role


That should resolve your issue. AutoDiscover is automatically turned on in Exchange 2013 as it is *required* for client connectivity. The steps above will help you configure it.
0
 
Ganesh Kumar ASr Infrastructure SpecialistCommented:
By default Exchange 2013 autodiscover needs UCC, you also can use SAN Wildcard certificate but it depends based on the multiple domains. Recommended is public UCC certificate. You can go with any UCC certificate providers like digicert, godaddy, etc.,. If the autodiscover works well, then you wont be facing issue with the client communication with Exchange 2013.

To identify the connectivity and certificate issues : https://testconnectivity.microsoft.com/ run this and post the error you see.
0
 
pepps11976Author Commented:
Ok so just to clarify

my exchange server is called exchange which is on a domain so exchange.domain-uk.com

if I purchase a wildcard cert for domain-uk.com, internal users will be able to connect? or do I still need to creat an A record pointing to the server.

is there not a quick workaround just to get these guys working?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Adam FarageEnterprise ArchCommented:
What I posted above is are the steps required. I would recommend reviewing them but you have the certificate portion done which is great. If you do not setup Autodiscover correctly this error will show.

I would also check to make sure that IIS is assigned to your certificate.

get-ExchangeCertificate |fl
0
 
pepps11976Author Commented:
Ok I purchased a wild card cert from go daddy

I clicked complete in the ECP console browsed to the .crt location but when I try to install I get the following

Error
Sorry but I am pretty new to Exchange and have users screaming at me at the moment any more help much appreciated
0
 
Adam FarageEnterprise ArchCommented:
Run the following in Exchange management shell:
Get-ExchangeCertificate -Thumbprint 414CF234B784F320036BEFCF0EE4A26DA9C715C6 | FL

Open in new window


Post the results here for review into a text file (its easier for us to view).
0
 
pepps11976Author Commented:
that errors I have attached

Cert.txt
0
 
Adam FarageEnterprise ArchCommented:
ive seen this before :)

Try repairing the certificate store:

certutil -repairstore my "YourSerialNumber"

Open in new window


That serial number should be the thumbprint. Once you are done rerun the import request and try the command I gave you above. Also try "Get-ExchangeCertificate | FL" and post the output.

**edit**

Much better instructions: https://support.comodo.com/index.php?/Knowledgebase/Article/View/624/0/privatekeymissing-when-running-enable-exchangecertificate

I ran into the SAME EXACT issue when I did this on my first Exchange 2013 deployment. I think something with Exchange / Server 2012 is funky.
0
 
pepps11976Author Commented:
Arrggggg

I managed to install the Cert however users were still getting certificate issue, now I can no longer access EAC I logon in and just get a white page, I have read this can be cause by certs.

Please helpp
0
 
Adam FarageEnterprise ArchCommented:
Run IISRESET /NOFORCE or restart the Exchange servers..
0
 
pepps11976Author Commented:
I have restarted twice but still no luck
0
 
pepps11976Author Commented:
I found this but how do I know what cert to delete?

http://www.techieshelp.com/exchange-2013-eac-ecp-blank-screen/
0
 
pepps11976Author Commented:
certerror.jpg
these are my certs but im not sure which one to delete
0
 
Adam FarageEnterprise ArchCommented:
On the blank ECP screen (in the browser) look at the certificate. That is most likely the one that needs to go.
0
 
pepps11976Author Commented:
ok I have deleted the cert now I cannot even log into ecp, meaning I get page cannot be displayed not even a login box anymore
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.