Solved

Help Users cannot connect to new exchnage Internally

Posted on 2014-11-03
16
23 Views
Last Modified: 2016-06-15
Hi All just setup a new domain with exchange 2013 users are using office 2010.

on opening outlook it starts to configure email, we get a cert error but that is because we have not installed one yet.

it cannot seem to resolve the user name, I thought you could use the standard cert, could this be the issue??
0
Comment
Question by:pepps11976
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 6
16 Comments
 
LVL 12

Expert Comment

by:Ganesh Kumar A
ID: 40419160
By default Exchange 2013 autodiscover needs UCC, you also can use SAN Wildcard certificate but it depends based on the multiple domains. Recommended is public UCC certificate. You can go with any UCC certificate providers like digicert, godaddy, etc.,. If the autodiscover works well, then you wont be facing issue with the client communication with Exchange 2013.

To identify the connectivity and certificate issues : https://testconnectivity.microsoft.com/ run this and post the error you see.
0
 
LVL 19

Accepted Solution

by:
Adam Farage earned 500 total points
ID: 40419173
Exchange 2013 requires AutoDiscover as Anand said. Since the clients are internal you would setup the namespace for AutoDiscover using the Active Directory SCP object, you can do that by doing the following:

Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverInternalUri https://autodiscover.company.com/autodiscover/autodiscover.xml

From there you would do two things:

1) make sure the autodiscover FQDN is within the SSL certificate assigned to the Exchange server (IIS) and then restart IIS using IISRESET /NOFORCE
2) make sure DNS for the autodiscover.company.com domain is pointed to either a load balancer (if one exists) or the Exchange CAS role


That should resolve your issue. AutoDiscover is automatically turned on in Exchange 2013 as it is *required* for client connectivity. The steps above will help you configure it.
0
 

Author Comment

by:pepps11976
ID: 40419215
Ok so just to clarify

my exchange server is called exchange which is on a domain so exchange.domain-uk.com

if I purchase a wildcard cert for domain-uk.com, internal users will be able to connect? or do I still need to creat an A record pointing to the server.

is there not a quick workaround just to get these guys working?
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 
LVL 19

Expert Comment

by:Adam Farage
ID: 40419271
What I posted above is are the steps required. I would recommend reviewing them but you have the certificate portion done which is great. If you do not setup Autodiscover correctly this error will show.

I would also check to make sure that IIS is assigned to your certificate.

get-ExchangeCertificate |fl
0
 

Author Comment

by:pepps11976
ID: 40419374
Ok I purchased a wild card cert from go daddy

I clicked complete in the ECP console browsed to the .crt location but when I try to install I get the following

Error
Sorry but I am pretty new to Exchange and have users screaming at me at the moment any more help much appreciated
0
 
LVL 19

Expert Comment

by:Adam Farage
ID: 40419418
Run the following in Exchange management shell:
Get-ExchangeCertificate -Thumbprint 414CF234B784F320036BEFCF0EE4A26DA9C715C6 | FL

Open in new window


Post the results here for review into a text file (its easier for us to view).
0
 

Author Comment

by:pepps11976
ID: 40419442
that errors I have attached

Cert.txt
0
 
LVL 19

Expert Comment

by:Adam Farage
ID: 40419455
ive seen this before :)

Try repairing the certificate store:

certutil -repairstore my "YourSerialNumber"

Open in new window


That serial number should be the thumbprint. Once you are done rerun the import request and try the command I gave you above. Also try "Get-ExchangeCertificate | FL" and post the output.

**edit**

Much better instructions: https://support.comodo.com/index.php?/Knowledgebase/Article/View/624/0/privatekeymissing-when-running-enable-exchangecertificate

I ran into the SAME EXACT issue when I did this on my first Exchange 2013 deployment. I think something with Exchange / Server 2012 is funky.
0
 

Author Comment

by:pepps11976
ID: 40419575
Arrggggg

I managed to install the Cert however users were still getting certificate issue, now I can no longer access EAC I logon in and just get a white page, I have read this can be cause by certs.

Please helpp
0
 
LVL 19

Expert Comment

by:Adam Farage
ID: 40419576
Run IISRESET /NOFORCE or restart the Exchange servers..
0
 

Author Comment

by:pepps11976
ID: 40419594
I have restarted twice but still no luck
0
 

Author Comment

by:pepps11976
ID: 40419601
I found this but how do I know what cert to delete?

http://www.techieshelp.com/exchange-2013-eac-ecp-blank-screen/
0
 

Author Comment

by:pepps11976
ID: 40419606
certerror.jpg
these are my certs but im not sure which one to delete
0
 
LVL 19

Expert Comment

by:Adam Farage
ID: 40419624
On the blank ECP screen (in the browser) look at the certificate. That is most likely the one that needs to go.
0
 

Author Comment

by:pepps11976
ID: 40419637
ok I have deleted the cert now I cannot even log into ecp, meaning I get page cannot be displayed not even a login box anymore
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question