Solved

Help Users cannot connect to new exchnage Internally

Posted on 2014-11-03
16
8 Views
Last Modified: 2016-06-15
Hi All just setup a new domain with exchange 2013 users are using office 2010.

on opening outlook it starts to configure email, we get a cert error but that is because we have not installed one yet.

it cannot seem to resolve the user name, I thought you could use the standard cert, could this be the issue??
0
Comment
Question by:pepps11976
  • 8
  • 6
16 Comments
 
LVL 10

Expert Comment

by:Ganesh Kumar A
ID: 40419160
By default Exchange 2013 autodiscover needs UCC, you also can use SAN Wildcard certificate but it depends based on the multiple domains. Recommended is public UCC certificate. You can go with any UCC certificate providers like digicert, godaddy, etc.,. If the autodiscover works well, then you wont be facing issue with the client communication with Exchange 2013.

To identify the connectivity and certificate issues : https://testconnectivity.microsoft.com/ run this and post the error you see.
0
 
LVL 19

Accepted Solution

by:
Adam Farage earned 500 total points
ID: 40419173
Exchange 2013 requires AutoDiscover as Anand said. Since the clients are internal you would setup the namespace for AutoDiscover using the Active Directory SCP object, you can do that by doing the following:

Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverInternalUri https://autodiscover.company.com/autodiscover/autodiscover.xml

From there you would do two things:

1) make sure the autodiscover FQDN is within the SSL certificate assigned to the Exchange server (IIS) and then restart IIS using IISRESET /NOFORCE
2) make sure DNS for the autodiscover.company.com domain is pointed to either a load balancer (if one exists) or the Exchange CAS role


That should resolve your issue. AutoDiscover is automatically turned on in Exchange 2013 as it is *required* for client connectivity. The steps above will help you configure it.
0
 

Author Comment

by:pepps11976
ID: 40419215
Ok so just to clarify

my exchange server is called exchange which is on a domain so exchange.domain-uk.com

if I purchase a wildcard cert for domain-uk.com, internal users will be able to connect? or do I still need to creat an A record pointing to the server.

is there not a quick workaround just to get these guys working?
0
 
LVL 19

Expert Comment

by:Adam Farage
ID: 40419271
What I posted above is are the steps required. I would recommend reviewing them but you have the certificate portion done which is great. If you do not setup Autodiscover correctly this error will show.

I would also check to make sure that IIS is assigned to your certificate.

get-ExchangeCertificate |fl
0
 

Author Comment

by:pepps11976
ID: 40419374
Ok I purchased a wild card cert from go daddy

I clicked complete in the ECP console browsed to the .crt location but when I try to install I get the following

Error
Sorry but I am pretty new to Exchange and have users screaming at me at the moment any more help much appreciated
0
 
LVL 19

Expert Comment

by:Adam Farage
ID: 40419418
Run the following in Exchange management shell:
Get-ExchangeCertificate -Thumbprint 414CF234B784F320036BEFCF0EE4A26DA9C715C6 | FL

Open in new window


Post the results here for review into a text file (its easier for us to view).
0
 

Author Comment

by:pepps11976
ID: 40419442
that errors I have attached

Cert.txt
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 19

Expert Comment

by:Adam Farage
ID: 40419455
ive seen this before :)

Try repairing the certificate store:

certutil -repairstore my "YourSerialNumber"

Open in new window


That serial number should be the thumbprint. Once you are done rerun the import request and try the command I gave you above. Also try "Get-ExchangeCertificate | FL" and post the output.

**edit**

Much better instructions: https://support.comodo.com/index.php?/Knowledgebase/Article/View/624/0/privatekeymissing-when-running-enable-exchangecertificate

I ran into the SAME EXACT issue when I did this on my first Exchange 2013 deployment. I think something with Exchange / Server 2012 is funky.
0
 

Author Comment

by:pepps11976
ID: 40419575
Arrggggg

I managed to install the Cert however users were still getting certificate issue, now I can no longer access EAC I logon in and just get a white page, I have read this can be cause by certs.

Please helpp
0
 
LVL 19

Expert Comment

by:Adam Farage
ID: 40419576
Run IISRESET /NOFORCE or restart the Exchange servers..
0
 

Author Comment

by:pepps11976
ID: 40419594
I have restarted twice but still no luck
0
 

Author Comment

by:pepps11976
ID: 40419601
I found this but how do I know what cert to delete?

http://www.techieshelp.com/exchange-2013-eac-ecp-blank-screen/
0
 

Author Comment

by:pepps11976
ID: 40419606
certerror.jpg
these are my certs but im not sure which one to delete
0
 
LVL 19

Expert Comment

by:Adam Farage
ID: 40419624
On the blank ECP screen (in the browser) look at the certificate. That is most likely the one that needs to go.
0
 

Author Comment

by:pepps11976
ID: 40419637
ok I have deleted the cert now I cannot even log into ecp, meaning I get page cannot be displayed not even a login box anymore
0

Featured Post

Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now