reindeerauto
asked on
Re-keyed Exchange 2010 SSL cert now getting Security Alert on PC's
I had to re-key my cert for my exchange server and once completed all pc's are getting a security alert pop-up about the certificate. I have attached the pop-up.
error.png
error.png
Reinstall the rekey'ed certificate and make sure the intermediate certificate is on there. Also make sure the Root CA exists :)
This looks like a self signed certificate, is this a correct assumption ?
If so you have to ensure the root is trusted by all your clients.
You can do this via GPO for domain machines or simply have the clients view and install the chain manually as Vincent indicated.
If so you have to ensure the root is trusted by all your clients.
You can do this via GPO for domain machines or simply have the clients view and install the chain manually as Vincent indicated.
ASKER
I verified the "proper" name was correct, I verified the intermediate is there and not sure how to check the Root CA.
ASKER
There is one in there that is self signed (I did not put it there) and then we have the Re-keyed one that is signed by Godaddy.
The alert you are getting indicates the certificate is not trusted.
The fact it is a .local certificate tells me this one is most probably not a go-daddy certificate.
You will need to distribute the root and CA (if applicable) to the Trusted root and intermediate store of the client computer.
Alternatively you can simply use split dns and have your .local mapped to your .com and bind the .com certificate.
You will then simply have to map your internal exchange urls ecp/autodiscover to match your external and this should go away
The fact it is a .local certificate tells me this one is most probably not a go-daddy certificate.
You will need to distribute the root and CA (if applicable) to the Trusted root and intermediate store of the client computer.
Alternatively you can simply use split dns and have your .local mapped to your .com and bind the .com certificate.
You will then simply have to map your internal exchange urls ecp/autodiscover to match your external and this should go away
Run the following and post it here:
Get-ExchangeCertificate | FL
Post it in a text file please.
Get-ExchangeCertificate | FL
Post it in a text file please.
ASKER
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System.Security.AccessCont rol.Crypto KeyAccessR
ule, System.Security.AccessCont rol.Crypto KeyAccessR ule}
CertificateDomains : {mail.reindeerauto.com, www.mail.reindeerauto.com, autodiscover.reindeerauto. com}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy
.com, Inc.", L=Scottsdale, S=Arizona, C=US
NotAfter : 2/20/2016 2:53:01 PM
NotBefore : 11/3/2014 11:33:22 AM
PublicKeySize : 2048
RootCAType : ThirdParty
SerialNumber : 04610F15142534
Services : IMAP, POP, IIS, SMTP
Status : Valid
Subject : CN=mail.reindeerauto.com, OU=Domain Control Validated
Thumbprint : 4594D9A2A4646BB42AC473C4CC FF27C0998E 631A
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System.Security.AccessCont rol.Crypto KeyAccessR
ule, System.Security.AccessCont rol.Crypto KeyAccessR ule}
CertificateDomains : {RAREXCHANGE, RAREXCHANGE.reindeerauto.l ocal}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=RAREXCHANGE
NotAfter : 2/20/2016 3:41:35 PM
NotBefore : 2/20/2011 3:41:35 PM
PublicKeySize : 2048
RootCAType : None
SerialNumber : 1910EBC470F02689498B24913E ADF4DE
Services : SMTP
Status : Valid
Subject : CN=RAREXCHANGE
Thumbprint : E42817C397B73445289636A876 270155CE09 D988
ule, System.Security.AccessCont
CertificateDomains : {mail.reindeerauto.com, www.mail.reindeerauto.com, autodiscover.reindeerauto.
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy
.com, Inc.", L=Scottsdale, S=Arizona, C=US
NotAfter : 2/20/2016 2:53:01 PM
NotBefore : 11/3/2014 11:33:22 AM
PublicKeySize : 2048
RootCAType : ThirdParty
SerialNumber : 04610F15142534
Services : IMAP, POP, IIS, SMTP
Status : Valid
Subject : CN=mail.reindeerauto.com, OU=Domain Control Validated
Thumbprint : 4594D9A2A4646BB42AC473C4CC
AccessRules : {System.Security.AccessCon
ule, System.Security.AccessCont
CertificateDomains : {RAREXCHANGE, RAREXCHANGE.reindeerauto.l
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=RAREXCHANGE
NotAfter : 2/20/2016 3:41:35 PM
NotBefore : 2/20/2011 3:41:35 PM
PublicKeySize : 2048
RootCAType : None
SerialNumber : 1910EBC470F02689498B24913E
Services : SMTP
Status : Valid
Subject : CN=RAREXCHANGE
Thumbprint : E42817C397B73445289636A876
You did run IISRESET /NOFORCE afterwards right? Are you sure the intermediate certificate is installed on the local computer in the correct location?
ASKER
I just did the IISRESET /NOFORCE, and the service did not restart
ASKER
Ok I reran the IIS command and it stopped and started correctly.
ASKER
Adam,
The local cert is in the Intermediate Certification Authorities
The local cert is in the Intermediate Certification Authorities
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I think I pretty much started on that path 7 posts ago lol.
I guess like me you needed to look at the actual error a second time :~)
I guess like me you needed to look at the actual error a second time :~)
lol @becraig its been a while since I have been on, and I looked at the error today on the ferry into work :) Next time I think I should just pop open my laptop lol.
ASKER
I already have a A record in there for "mail" that points to the exchange server IP plus "mail.reindeerauto.com"
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I had to re-key my SSL cert for exchange due to going from SHA-1 TO SHA-2, once completed I noticed that it was no good this morning. I re-keyed it again and now am having all these problems. This is not a new cert so not sure why it is not working correctly.
ASKER
Could the issue be that there is a "self-signed" certificate on the exchange server along with my signed cert from Godaddy. Will deleting the "self-signed" cert solve the problem that I am having?
ASKER
Also, when I go to OWA it is showing an red X saying "Mismatched address" but if I view the cert it is showing the Godaddy cert.
The issue is just your internal Uri not matching the certificate you need to update them to match since .local domains are no longer secured by major certificate providers (proof of ownership and such)
Run the commands below and share the output (obscure personally identifiable information)
get-AutodiscoverVirtualDir ectory | fl
get-ClientAccessServer | fl
get-webservicesvirtualdire ctory | fl
get-oabvirtualdirectory | fl
get-owavirtualdirectory | fl
get-ecpvirtualdirectory | fl
get-ActiveSyncVirtualDirec tory | fl
This should help to pinpoint the changes needed.
Simon's link is also super helpful as this has been handled on here a lot of times.
Run the commands below and share the output (obscure personally identifiable information)
get-AutodiscoverVirtualDir
get-ClientAccessServer | fl
get-webservicesvirtualdire
get-oabvirtualdirectory | fl
get-owavirtualdirectory | fl
get-ecpvirtualdirectory | fl
get-ActiveSyncVirtualDirec
This should help to pinpoint the changes needed.
Simon's link is also super helpful as this has been handled on here a lot of times.
ASKER
While viewing the details of the cert, I noticed that "basic constraints and Key Usage" both have a yellow triangle with an exclamation point.
I wouldn't be concerned about that, since your screen shot you posted in the original question speaks for it. Your autodiscover SCP object is going to a .local which is not a valid TLD. I would recommend following the direction of becraig, Simon and myself in checking the InternalURL for your CAS services along with changing the AutoDiscover Internal URI which is actually the SCP in Active Directory.
ASKER
[PS] C:\Windows\system32>get-Au todiscover VirtualDir ectory | fl
RunspaceId : dd2a2dd7-2971-47d1-8aac-86 f9c3ef880b
Name : Autodiscover (Default Web Site)
InternalAuthenticationMeth ods : {Basic, Ntlm, WindowsIntegrated}
ExternalAuthenticationMeth ods : {Basic, Ntlm, WindowsIntegrated}
LiveIdSpNegoAuthentication : False
WSSecurityAuthentication : False
LiveIdBasicAuthentication : False
BasicAuthentication : True
DigestAuthentication : False
WindowsAuthentication : True
MetabasePath : IIS://RAREXCHANGE.domain.l ocal/W3SVC /1/ROOT/Au todiscover
Path : E:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Au todiscover
ExtendedProtectionTokenChe cking : None
ExtendedProtectionFlags : {}
ExtendedProtectionSPNList : {}
Server : RAREXCHANGE
InternalUrl :
ExternalUrl :
AdminDisplayName :
ExchangeVersion : 0.10 (14.0.100.0)
DistinguishedName : CN=Autodiscover (Default Web Site),CN=HTTP,CN=Protocols ,CN=RAREXC HANGE,CN=S ervers,CN=
Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Admin istrative Groups,CN=ReindeerA
uto,CN=Microsoft Exchange,CN=Services,CN=Co nfiguratio n,DC=domai n,DC=local
Identity : RAREXCHANGE\Autodiscover (Default Web Site)
Guid : 58f2b2fe-f3a5-4bf5-9a53-9b dad5660d6d
ObjectCategory : domain.local/Configuration /Schema/ms -Exch-Auto -Discover- Virtual-Di rectory
ObjectClass : {top, msExchVirtualDirectory, msExchAutoDiscoverVirtualD irectory}
WhenChanged : 3/4/2011 2:02:59 PM
WhenCreated : 3/4/2011 2:02:44 PM
WhenChangedUTC : 3/4/2011 7:02:59 PM
WhenCreatedUTC : 3/4/2011 7:02:44 PM
OrganizationId :
OriginatingServer : RARDC2.domain.local
IsValid : True
[PS] C:\Windows\system32>get-Cl ientAccess Server | fl
RunspaceId : dd2a2dd7-2971-47d1-8aac-86 f9c3ef880b
Name : RAREXCHANGE
Fqdn : RAREXCHANGE.domain.local
OutlookAnywhereEnabled : True
AutoDiscoverServiceCN : RAREXCHANGE
AutoDiscoverServiceClassNa me : ms-Exchange-AutoDiscover-S ervice
AutoDiscoverServiceInterna lUri : https://mail.domain.com/autodiscover/autodiscover.xml
AutoDiscoverServiceGuid : 77378f46-2c66-4aa9-a6a6-3e 7a48b19596
AutoDiscoverSiteScope : {Default-First-Site-Name}
AlternateServiceAccountCon figuration :
IrmLogEnabled : True
IrmLogMaxAge : 30.00:00:00
IrmLogMaxDirectorySize : 250 MB (262,144,000 bytes)
IrmLogMaxFileSize : 10 MB (10,485,760 bytes)
IrmLogPath : E:\Program Files\Microsoft\Exchange Server\V14\Logging\IRMLogs
MigrationLogLoggingLevel : Information
MigrationLogFilePath :
MigrationLogMaxAge : 180.00:00:00
MigrationLogMaxDirectorySi ze : 10 GB (10,737,418,240 bytes)
MigrationLogMaxFileSize : 100 MB (104,857,600 bytes)
IsValid : True
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=RAREXCHANGE,CN=Servers, CN=Exchang e Administrative Group (FYDIBOHF23SPDLT),CN=
Administrative Groups,CN=domain,CN=Micros oft Exchange,CN=Services,CN=Co nfi
guration,DC=reindeerauto,D C=local
Identity : RAREXCHANGE
Guid : 9d4a4fb0-e2b7-491b-b751-d1 b57b9b6a9f
ObjectCategory : reindeerauto.local/Configu ration/Sch ema/ms-Exc h-Exchange -Server
ObjectClass : {top, server, msExchExchangeServer}
WhenChanged : 11/3/2014 11:40:18 AM
WhenCreated : 1/13/2011 2:19:12 PM
WhenChangedUTC : 11/3/2014 4:40:18 PM
WhenCreatedUTC : 1/13/2011 7:19:12 PM
OrganizationId :
OriginatingServer : RARDC2.domain.local
[PS] C:\Windows\system32>get-we bservicesv irtualdire ctory | fl
RunspaceId : dd2a2dd7-2971-47d1-8aac-86 f9c3ef880b
CertificateAuthentication :
InternalNLBBypassUrl : https://rarexchange.domain.local/ews/exchange.asmx
GzipLevel : High
Name : EWS (Default Web Site)
InternalAuthenticationMeth ods : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
ExternalAuthenticationMeth ods : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
LiveIdSpNegoAuthentication : False
WSSecurityAuthentication : True
LiveIdBasicAuthentication : False
BasicAuthentication : True
DigestAuthentication : False
WindowsAuthentication : True
MetabasePath : IIS://RAREXCHANGE.domain.l ocal/W3SVC /1/ROOT/EW S
Path : E:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\ex chweb\EWS
ExtendedProtectionTokenChe cking : None
ExtendedProtectionFlags : {}
ExtendedProtectionSPNList : {}
Server : RAREXCHANGE
InternalUrl : https://rarexchange.domain.local/EWS/Exchange.asmx
ExternalUrl : https://mail.domain.com/ews/exchange.asmx
AdminDisplayName :
ExchangeVersion : 0.10 (14.0.100.0)
DistinguishedName : CN=EWS (Default Web Site),CN=HTTP,CN=Protocols ,CN=RAREXC HANGE,CN=S ervers,CN= Exchange
Administrative Group (FYDIBOHF23SPDLT),CN=Admin istrative Groups,CN=domain,CN=Mi
crosoft Exchange,CN=Services,CN=Co nfiguratio n,DC=reind eerauto,DC =local
Identity : RAREXCHANGE\EWS (Default Web Site)
Guid : 1ab2a69b-8a6b-435a-9293-92 1cf0e17b89
ObjectCategory : reindeerauto.local/Configu ration/Sch ema/ms-Exc h-Web-Serv ices-Virtu al-Directo ry
ObjectClass : {top, msExchVirtualDirectory, msExchWebServicesVirtualDi rectory}
WhenChanged : 1/13/2011 2:23:43 PM
WhenCreated : 1/13/2011 2:23:34 PM
WhenChangedUTC : 1/13/2011 7:23:43 PM
WhenCreatedUTC : 1/13/2011 7:23:34 PM
OrganizationId :
OriginatingServer : RARDC2.domain.local
IsValid : True
[PS] C:\Windows\system32>get-oa bvirtualdi rectory | fl
RunspaceId : dd2a2dd7-2971-47d1-8aac-86 f9c3ef880b
Name : OAB (Default Web Site)
PollInterval : 480
OfflineAddressBooks : {\Default Offline Address Book}
RequireSSL : False
BasicAuthentication : False
WindowsAuthentication : True
MetabasePath : IIS://RAREXCHANGE.domain.l ocal/W3SVC /1/ROOT/OA B
Path : E:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\OA B
ExtendedProtectionTokenChe cking : None
ExtendedProtectionFlags : {}
ExtendedProtectionSPNList : {}
Server : RAREXCHANGE
InternalUrl : http://mail.domain.com/oab
InternalAuthenticationMeth ods : {WindowsIntegrated}
ExternalUrl : https://mail.domain.com/OAB
ExternalAuthenticationMeth ods : {WindowsIntegrated}
AdminDisplayName :
ExchangeVersion : 0.10 (14.0.100.0)
DistinguishedName : CN=OAB (Default Web Site),CN=HTTP,CN=Protocols ,CN=RAREXC HANGE,CN=S ervers,CN= Exchange
Administrative Group (FYDIBOHF23SPDLT),CN=Admin istrative Groups,CN=ReindeerAuto,CN= Mi
crosoft Exchange,CN=Services,CN=Co nfiguratio n,DC=domai n,DC=local
Identity : RAREXCHANGE\OAB (Default Web Site)
Guid : 672a2aee-c717-47cf-9ce4-0a b169b29349
ObjectCategory : reindeerauto.local/Configu ration/Sch ema/ms-Exc h-OAB-Virt ual-Direct ory
ObjectClass : {top, msExchVirtualDirectory, msExchOABVirtualDirectory}
WhenChanged : 3/29/2011 12:26:12 PM
WhenCreated : 1/13/2011 2:23:08 PM
WhenChangedUTC : 3/29/2011 4:26:12 PM
WhenCreatedUTC : 1/13/2011 7:23:08 PM
OrganizationId :
OriginatingServer : RARDC2.domain.local
IsValid : True
[PS] C:\Windows\system32>get-ow avirtualdi rectory | fl
RunspaceId : dd2a2dd7-2971-47d1-8aac-86 f9c3ef880b
DirectFileAccessOnPublicCo mputersEna bled : True
DirectFileAccessOnPrivateC omputersEn abled : True
WebReadyDocumentViewingOnP ublicCompu tersEnable d : True
WebReadyDocumentViewingOnP rivateComp utersEnabl ed : True
ForceWebReadyDocumentViewi ngFirstOnP ublicCompu ters : False
ForceWebReadyDocumentViewi ngFirstOnP rivateComp uters : False
RemoteDocumentsActionForUn knownServe rs : Block
ActionForUnknownFileAndMIM ETypes : ForceSave
WebReadyFileTypes : {.xlsx, .pptx, .docx, .xls, .rtf, .ppt, .pps, .pdf, .dot, .doc}
WebReadyMimeTypes : {application/vnd.openxmlfo rmats-offi cedocument .presentat ionml.pre
sentation, application/vnd.openxmlfor mats-offic edocument. wordproc
essingml.document, application/vnd.openxmlfor mats-offic edocument.
spreadsheetml.sheet, application/vnd.ms-powerpo int, application/x
-mspowerpoint, application/vnd.ms-excel, application/x-msexcel, a
pplication/msword, application/pdf}
WebReadyDocumentViewingFor AllSupport edTypes : True
WebReadyDocumentViewingSup portedMime Types : {application/msword, application/vnd.ms-excel, application/x-msex
cel, application/vnd.ms-powerpo int, application/x-mspowerpoint , a
pplication/pdf, application/vnd.openxmlfor mats-offic edocument. wor
dprocessingml.document, application/vnd.openxmlfor mats-offic edocu
ment.spreadsheetml.sheet, application/vnd.openxmlfor mats-offic edo
cument.presentationml.pres entation}
WebReadyDocumentViewingSup portedFile Types : {.doc, .dot, .rtf, .xls, .ppt, .pps, .pdf, .docx, .xlsx, .pptx}
AllowedFileTypes : {.rpmsg, .xlsx, .xlsm, .xlsb, .tiff, .pptx, .pptm, .ppsx, .ppsm,
.docx, .docm, .zip, .xls, .wmv, .wma, .wav...}
AllowedMimeTypes : {image/jpeg, image/png, image/gif, image/bmp}
ForceSaveFileTypes : {.vsmacros, .ps2xml, .ps1xml, .mshxml, .gadget, .psc2, .psc1, .as
px, .wsh, .wsf, .wsc, .vsw, .vst, .vss, .vbs, .vbe...}
ForceSaveMimeTypes : {Application/x-shockwave-f lash, Application/octet-stream, Applica
tion/futuresplash, Application/x-director}
BlockedFileTypes : {.vsmacros, .msh2xml, .msh1xml, .ps2xml, .ps1xml, .mshxml, .gadge
t, .mhtml, .psc2, .psc1, .msh2, .msh1, .aspx, .xml, .wsh, .wsf...
}
BlockedMimeTypes : {application/x-javascript, application/javascript, application/ms
access, x-internet-signup, text/javascript, application/xml, appl
ication/prg, application/hta, text/scriplet, text/xml}
RemoteDocumentsAllowedServ ers : {}
RemoteDocumentsBlockedServ ers : {}
RemoteDocumentsInternalDom ainSuffixL ist : {}
FolderPathname :
Url : {}
LogonFormat : FullDomain
ClientAuthCleanupLevel : High
FilterWebBeaconsAndHtmlFor ms : UserFilterChoice
NotificationInterval : 120
DefaultTheme :
UserContextTimeout : 60
ExchwebProxyDestination :
VirtualDirectoryType :
OwaVersion : Exchange2010
ServerName : RAREXCHANGE
InstantMessagingCertificat eThumbprin t :
InstantMessagingServerName :
RedirectToOptimalOWAServer : True
DefaultClientLanguage : 0
LogonAndErrorLanguage : 0
UseGB18030 : False
UseISO885915 : False
OutboundCharset : AutoDetect
GlobalAddressListEnabled : True
OrganizationEnabled : True
ExplicitLogonEnabled : True
OWALightEnabled : True
DelegateAccessEnabled : True
IRMEnabled : True
CalendarEnabled : True
ContactsEnabled : True
TasksEnabled : True
JournalEnabled : True
NotesEnabled : True
RemindersAndNotificationsE nabled : True
PremiumClientEnabled : True
SpellCheckerEnabled : True
SearchFoldersEnabled : True
SignaturesEnabled : True
ThemeSelectionEnabled : True
JunkEmailEnabled : True
UMIntegrationEnabled : True
WSSAccessOnPublicComputers Enabled : True
WSSAccessOnPrivateComputer sEnabled : True
ChangePasswordEnabled : True
UNCAccessOnPublicComputers Enabled : True
UNCAccessOnPrivateComputer sEnabled : True
ActiveSyncIntegrationEnabl ed : True
AllAddressListsEnabled : True
RulesEnabled : True
PublicFoldersEnabled : True
SMimeEnabled : True
RecoverDeletedItemsEnabled : True
InstantMessagingEnabled : True
TextMessagingEnabled : True
ForceSaveAttachmentFilteri ngEnabled : False
SilverlightEnabled : True
CalendarPublishingEnabled : True
InstantMessagingType : None
Exchange2003Url :
FailbackUrl :
LegacyRedirectType : Silent
Name : owa (Default Web Site)
InternalAuthenticationMeth ods : {Basic, Fba}
MetabasePath : IIS://RAREXCHANGE.domain.l ocal/W3SVC /1/ROOT/ow a
BasicAuthentication : True
WindowsAuthentication : False
DigestAuthentication : False
FormsAuthentication : True
LiveIdAuthentication : False
DefaultDomain :
GzipLevel : High
WebSite : Default Web Site
DisplayName : owa
Path : E:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\ow a
ExtendedProtectionTokenChe cking : None
ExtendedProtectionFlags : {}
ExtendedProtectionSPNList : {}
Server : RAREXCHANGE
InternalUrl : https://rarexchange.domain.local/owa
ExternalUrl : https://mail.domain.com/owa
ExternalAuthenticationMeth ods : {Fba}
AdminDisplayName :
ExchangeVersion : 0.10 (14.0.100.0)
DistinguishedName : CN=owa (Default Web Site),CN=HTTP,CN=Protocols ,CN=RAREXC HANGE,CN=
Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Adm
inistrative Groups,CN=domain,CN=Micros oft Exchange,CN=Servi
ces,CN=Configuration,DC=re indeerauto ,DC=local
Identity : RAREXCHANGE\owa (Default Web Site)
Guid : 53cabee1-4091-41dc-8de0-2d 6e2fc68fcd
ObjectCategory : reindeerauto.local/Configu ration/Sch ema/ms-Exc h-OWA-Virt ual-Direc
tory
ObjectClass : {top, msExchVirtualDirectory, msExchOWAVirtualDirectory}
WhenChanged : 1/13/2011 2:23:16 PM
WhenCreated : 1/13/2011 2:23:06 PM
WhenChangedUTC : 1/13/2011 7:23:16 PM
WhenCreatedUTC : 1/13/2011 7:23:06 PM
OrganizationId :
OriginatingServer : RARDC2.domain.local
IsValid : True
[PS] C:\Windows\system32>get-ec pvirtualdi rectory | fl
RunspaceId : dd2a2dd7-2971-47d1-8aac-86 f9c3ef880b
Name : ecp (Default Web Site)
InternalAuthenticationMeth ods : {Basic, Fba}
MetabasePath : IIS://RAREXCHANGE.domain.l ocal/W3SVC /1/ROOT/ec p
BasicAuthentication : True
WindowsAuthentication : False
DigestAuthentication : False
FormsAuthentication : True
LiveIdAuthentication : False
DefaultDomain :
GzipLevel : High
WebSite : Default Web Site
DisplayName : ecp
Path : E:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\ec p
ExtendedProtectionTokenChe cking : None
ExtendedProtectionFlags : {}
ExtendedProtectionSPNList : {}
Server : RAREXCHANGE
InternalUrl : https://rarexchange.domain.local/ecp
ExternalUrl : https://mail.domain.com/ecp
ExternalAuthenticationMeth ods : {Fba}
AdminDisplayName :
ExchangeVersion : 0.10 (14.0.100.0)
DistinguishedName : CN=ecp (Default Web Site),CN=HTTP,CN=Protocols ,CN=RAREXC HANGE,CN=S ervers,CN= Exchange
Administrative Group (FYDIBOHF23SPDLT),CN=Admin istrative Groups,CN=ReindeerAuto,CN= Mi
crosoft Exchange,CN=Services,CN=Co nfiguratio n,DC=domai n,DC=local
Identity : RAREXCHANGE\ecp (Default Web Site)
Guid : 53a97647-05f9-43ed-8275-9c fdad35b81a
ObjectCategory : reindeerauto.local/Configu ration/Sch ema/ms-Exc h-ECP-Virt ual-Direct ory
ObjectClass : {top, msExchVirtualDirectory, msExchECPVirtualDirectory}
WhenChanged : 1/13/2011 2:23:16 PM
WhenCreated : 1/13/2011 2:23:10 PM
WhenChangedUTC : 1/13/2011 7:23:16 PM
WhenCreatedUTC : 1/13/2011 7:23:10 PM
OrganizationId :
OriginatingServer : RARDC2.domain.local
IsValid : True
[PS] C:\Windows\system32>get-Ac tiveSyncVi rtualDirec tory | fl
RunspaceId : dd2a2dd7-2971-47d1-8aac-86 f9c3ef880b
MobileClientFlags : BadItemReportingEnabled, SendWatsonReport
MobileClientCertificatePro visioningE nabled : False
BadItemReportingEnabled : True
SendWatsonReport : True
MobileClientCertificateAut horityURL :
MobileClientCertTemplateNa me :
ActiveSyncServer : https://mail.reindeerauto.com/Microsoft-Server-ActiveSync
RemoteDocumentsActionForUn knownServe rs : Allow
RemoteDocumentsAllowedServ ers : {}
RemoteDocumentsBlockedServ ers : {}
RemoteDocumentsInternalDom ainSuffixL ist : {}
MetabasePath : IIS://RAREXCHANGE.domain.l ocal/W3SVC /1/ROOT/Mi crosoft-Se rver-Activ eS
ync
BasicAuthEnabled : True
WindowsAuthEnabled : True
CompressionEnabled : True
ClientCertAuth : Ignore
WebsiteName : Default Web Site
WebSiteSSLEnabled : True
VirtualDirectoryName : Microsoft-Server-ActiveSyn c
ProxyVdirExtendedProtectio nTokenChec king : None
ProxyVdirExtendedProtectio nFlags : {}
ProxyVdirExtendedProtectio nSPNList : {}
Path :
Server : RAREXCHANGE
InternalUrl : https://rarexchange.domain.local/Microsoft-Server-ActiveSync
InternalAuthenticationMeth ods : {}
ExternalUrl : https://mail.domain.com/Microsoft-Server-ActiveSync
ExternalAuthenticationMeth ods : {}
AdminDisplayName :
ExchangeVersion : 0.10 (14.0.100.0)
Name : Microsoft-Server-ActiveSyn c (Default Web Site)
DistinguishedName : CN=Microsoft-Server-Active Sync (Default Web Site),CN=HTTP,CN=Protocols ,CN=
RAREXCHANGE,CN=Servers,CN= Exchange Administrative Group (FYDIBOHF23SPDLT),
CN=Administrative Groups,CN=domain,CN=Micros oft Exchange,CN=Services
,CN=Configuration,DC=reind eerauto,DC =local
Identity : RAREXCHANGE\Microsoft-Serv er-ActiveS ync (Default Web Site)
Guid : 5f3004fd-3026-429e-bb12-0b 2735a83450
ObjectCategory : reindeerauto.local/Configu ration/Sch ema/ms-Exc h-Mobile-V irtual-Dir ectory
ObjectClass : {top, msExchVirtualDirectory, msExchMobileVirtualDirecto ry}
WhenChanged : 1/27/2011 12:00:52 PM
WhenCreated : 1/13/2011 2:23:31 PM
WhenChangedUTC : 1/27/2011 5:00:52 PM
WhenCreatedUTC : 1/13/2011 7:23:31 PM
OrganizationId :
OriginatingServer : RARDC2.domain.local
IsValid : True
RunspaceId : dd2a2dd7-2971-47d1-8aac-86
Name : Autodiscover (Default Web Site)
InternalAuthenticationMeth
ExternalAuthenticationMeth
LiveIdSpNegoAuthentication
WSSecurityAuthentication : False
LiveIdBasicAuthentication : False
BasicAuthentication : True
DigestAuthentication : False
WindowsAuthentication : True
MetabasePath : IIS://RAREXCHANGE.domain.l
Path : E:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Au
ExtendedProtectionTokenChe
ExtendedProtectionFlags : {}
ExtendedProtectionSPNList : {}
Server : RAREXCHANGE
InternalUrl :
ExternalUrl :
AdminDisplayName :
ExchangeVersion : 0.10 (14.0.100.0)
DistinguishedName : CN=Autodiscover (Default Web Site),CN=HTTP,CN=Protocols
Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Admin
uto,CN=Microsoft Exchange,CN=Services,CN=Co
Identity : RAREXCHANGE\Autodiscover (Default Web Site)
Guid : 58f2b2fe-f3a5-4bf5-9a53-9b
ObjectCategory : domain.local/Configuration
ObjectClass : {top, msExchVirtualDirectory, msExchAutoDiscoverVirtualD
WhenChanged : 3/4/2011 2:02:59 PM
WhenCreated : 3/4/2011 2:02:44 PM
WhenChangedUTC : 3/4/2011 7:02:59 PM
WhenCreatedUTC : 3/4/2011 7:02:44 PM
OrganizationId :
OriginatingServer : RARDC2.domain.local
IsValid : True
[PS] C:\Windows\system32>get-Cl
RunspaceId : dd2a2dd7-2971-47d1-8aac-86
Name : RAREXCHANGE
Fqdn : RAREXCHANGE.domain.local
OutlookAnywhereEnabled : True
AutoDiscoverServiceCN : RAREXCHANGE
AutoDiscoverServiceClassNa
AutoDiscoverServiceInterna
AutoDiscoverServiceGuid : 77378f46-2c66-4aa9-a6a6-3e
AutoDiscoverSiteScope : {Default-First-Site-Name}
AlternateServiceAccountCon
IrmLogEnabled : True
IrmLogMaxAge : 30.00:00:00
IrmLogMaxDirectorySize : 250 MB (262,144,000 bytes)
IrmLogMaxFileSize : 10 MB (10,485,760 bytes)
IrmLogPath : E:\Program Files\Microsoft\Exchange Server\V14\Logging\IRMLogs
MigrationLogLoggingLevel : Information
MigrationLogFilePath :
MigrationLogMaxAge : 180.00:00:00
MigrationLogMaxDirectorySi
MigrationLogMaxFileSize : 100 MB (104,857,600 bytes)
IsValid : True
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=RAREXCHANGE,CN=Servers,
Administrative Groups,CN=domain,CN=Micros
guration,DC=reindeerauto,D
Identity : RAREXCHANGE
Guid : 9d4a4fb0-e2b7-491b-b751-d1
ObjectCategory : reindeerauto.local/Configu
ObjectClass : {top, server, msExchExchangeServer}
WhenChanged : 11/3/2014 11:40:18 AM
WhenCreated : 1/13/2011 2:19:12 PM
WhenChangedUTC : 11/3/2014 4:40:18 PM
WhenCreatedUTC : 1/13/2011 7:19:12 PM
OrganizationId :
OriginatingServer : RARDC2.domain.local
[PS] C:\Windows\system32>get-we
RunspaceId : dd2a2dd7-2971-47d1-8aac-86
CertificateAuthentication :
InternalNLBBypassUrl : https://rarexchange.domain.local/ews/exchange.asmx
GzipLevel : High
Name : EWS (Default Web Site)
InternalAuthenticationMeth
ExternalAuthenticationMeth
LiveIdSpNegoAuthentication
WSSecurityAuthentication : True
LiveIdBasicAuthentication : False
BasicAuthentication : True
DigestAuthentication : False
WindowsAuthentication : True
MetabasePath : IIS://RAREXCHANGE.domain.l
Path : E:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\ex
ExtendedProtectionTokenChe
ExtendedProtectionFlags : {}
ExtendedProtectionSPNList : {}
Server : RAREXCHANGE
InternalUrl : https://rarexchange.domain.local/EWS/Exchange.asmx
ExternalUrl : https://mail.domain.com/ews/exchange.asmx
AdminDisplayName :
ExchangeVersion : 0.10 (14.0.100.0)
DistinguishedName : CN=EWS (Default Web Site),CN=HTTP,CN=Protocols
Administrative Group (FYDIBOHF23SPDLT),CN=Admin
crosoft Exchange,CN=Services,CN=Co
Identity : RAREXCHANGE\EWS (Default Web Site)
Guid : 1ab2a69b-8a6b-435a-9293-92
ObjectCategory : reindeerauto.local/Configu
ObjectClass : {top, msExchVirtualDirectory, msExchWebServicesVirtualDi
WhenChanged : 1/13/2011 2:23:43 PM
WhenCreated : 1/13/2011 2:23:34 PM
WhenChangedUTC : 1/13/2011 7:23:43 PM
WhenCreatedUTC : 1/13/2011 7:23:34 PM
OrganizationId :
OriginatingServer : RARDC2.domain.local
IsValid : True
[PS] C:\Windows\system32>get-oa
RunspaceId : dd2a2dd7-2971-47d1-8aac-86
Name : OAB (Default Web Site)
PollInterval : 480
OfflineAddressBooks : {\Default Offline Address Book}
RequireSSL : False
BasicAuthentication : False
WindowsAuthentication : True
MetabasePath : IIS://RAREXCHANGE.domain.l
Path : E:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\OA
ExtendedProtectionTokenChe
ExtendedProtectionFlags : {}
ExtendedProtectionSPNList : {}
Server : RAREXCHANGE
InternalUrl : http://mail.domain.com/oab
InternalAuthenticationMeth
ExternalUrl : https://mail.domain.com/OAB
ExternalAuthenticationMeth
AdminDisplayName :
ExchangeVersion : 0.10 (14.0.100.0)
DistinguishedName : CN=OAB (Default Web Site),CN=HTTP,CN=Protocols
Administrative Group (FYDIBOHF23SPDLT),CN=Admin
crosoft Exchange,CN=Services,CN=Co
Identity : RAREXCHANGE\OAB (Default Web Site)
Guid : 672a2aee-c717-47cf-9ce4-0a
ObjectCategory : reindeerauto.local/Configu
ObjectClass : {top, msExchVirtualDirectory, msExchOABVirtualDirectory}
WhenChanged : 3/29/2011 12:26:12 PM
WhenCreated : 1/13/2011 2:23:08 PM
WhenChangedUTC : 3/29/2011 4:26:12 PM
WhenCreatedUTC : 1/13/2011 7:23:08 PM
OrganizationId :
OriginatingServer : RARDC2.domain.local
IsValid : True
[PS] C:\Windows\system32>get-ow
RunspaceId : dd2a2dd7-2971-47d1-8aac-86
DirectFileAccessOnPublicCo
DirectFileAccessOnPrivateC
WebReadyDocumentViewingOnP
WebReadyDocumentViewingOnP
ForceWebReadyDocumentViewi
ForceWebReadyDocumentViewi
RemoteDocumentsActionForUn
ActionForUnknownFileAndMIM
WebReadyFileTypes : {.xlsx, .pptx, .docx, .xls, .rtf, .ppt, .pps, .pdf, .dot, .doc}
WebReadyMimeTypes : {application/vnd.openxmlfo
sentation, application/vnd.openxmlfor
essingml.document, application/vnd.openxmlfor
spreadsheetml.sheet, application/vnd.ms-powerpo
-mspowerpoint, application/vnd.ms-excel, application/x-msexcel, a
pplication/msword, application/pdf}
WebReadyDocumentViewingFor
WebReadyDocumentViewingSup
cel, application/vnd.ms-powerpo
pplication/pdf, application/vnd.openxmlfor
dprocessingml.document, application/vnd.openxmlfor
ment.spreadsheetml.sheet, application/vnd.openxmlfor
cument.presentationml.pres
WebReadyDocumentViewingSup
AllowedFileTypes : {.rpmsg, .xlsx, .xlsm, .xlsb, .tiff, .pptx, .pptm, .ppsx, .ppsm,
.docx, .docm, .zip, .xls, .wmv, .wma, .wav...}
AllowedMimeTypes : {image/jpeg, image/png, image/gif, image/bmp}
ForceSaveFileTypes : {.vsmacros, .ps2xml, .ps1xml, .mshxml, .gadget, .psc2, .psc1, .as
px, .wsh, .wsf, .wsc, .vsw, .vst, .vss, .vbs, .vbe...}
ForceSaveMimeTypes : {Application/x-shockwave-f
tion/futuresplash, Application/x-director}
BlockedFileTypes : {.vsmacros, .msh2xml, .msh1xml, .ps2xml, .ps1xml, .mshxml, .gadge
t, .mhtml, .psc2, .psc1, .msh2, .msh1, .aspx, .xml, .wsh, .wsf...
}
BlockedMimeTypes : {application/x-javascript,
access, x-internet-signup, text/javascript, application/xml, appl
ication/prg, application/hta, text/scriplet, text/xml}
RemoteDocumentsAllowedServ
RemoteDocumentsBlockedServ
RemoteDocumentsInternalDom
FolderPathname :
Url : {}
LogonFormat : FullDomain
ClientAuthCleanupLevel : High
FilterWebBeaconsAndHtmlFor
NotificationInterval : 120
DefaultTheme :
UserContextTimeout : 60
ExchwebProxyDestination :
VirtualDirectoryType :
OwaVersion : Exchange2010
ServerName : RAREXCHANGE
InstantMessagingCertificat
InstantMessagingServerName
RedirectToOptimalOWAServer
DefaultClientLanguage : 0
LogonAndErrorLanguage : 0
UseGB18030 : False
UseISO885915 : False
OutboundCharset : AutoDetect
GlobalAddressListEnabled : True
OrganizationEnabled : True
ExplicitLogonEnabled : True
OWALightEnabled : True
DelegateAccessEnabled : True
IRMEnabled : True
CalendarEnabled : True
ContactsEnabled : True
TasksEnabled : True
JournalEnabled : True
NotesEnabled : True
RemindersAndNotificationsE
PremiumClientEnabled : True
SpellCheckerEnabled : True
SearchFoldersEnabled : True
SignaturesEnabled : True
ThemeSelectionEnabled : True
JunkEmailEnabled : True
UMIntegrationEnabled : True
WSSAccessOnPublicComputers
WSSAccessOnPrivateComputer
ChangePasswordEnabled : True
UNCAccessOnPublicComputers
UNCAccessOnPrivateComputer
ActiveSyncIntegrationEnabl
AllAddressListsEnabled : True
RulesEnabled : True
PublicFoldersEnabled : True
SMimeEnabled : True
RecoverDeletedItemsEnabled
InstantMessagingEnabled : True
TextMessagingEnabled : True
ForceSaveAttachmentFilteri
SilverlightEnabled : True
CalendarPublishingEnabled : True
InstantMessagingType : None
Exchange2003Url :
FailbackUrl :
LegacyRedirectType : Silent
Name : owa (Default Web Site)
InternalAuthenticationMeth
MetabasePath : IIS://RAREXCHANGE.domain.l
BasicAuthentication : True
WindowsAuthentication : False
DigestAuthentication : False
FormsAuthentication : True
LiveIdAuthentication : False
DefaultDomain :
GzipLevel : High
WebSite : Default Web Site
DisplayName : owa
Path : E:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\ow
ExtendedProtectionTokenChe
ExtendedProtectionFlags : {}
ExtendedProtectionSPNList : {}
Server : RAREXCHANGE
InternalUrl : https://rarexchange.domain.local/owa
ExternalUrl : https://mail.domain.com/owa
ExternalAuthenticationMeth
AdminDisplayName :
ExchangeVersion : 0.10 (14.0.100.0)
DistinguishedName : CN=owa (Default Web Site),CN=HTTP,CN=Protocols
Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Adm
inistrative Groups,CN=domain,CN=Micros
ces,CN=Configuration,DC=re
Identity : RAREXCHANGE\owa (Default Web Site)
Guid : 53cabee1-4091-41dc-8de0-2d
ObjectCategory : reindeerauto.local/Configu
tory
ObjectClass : {top, msExchVirtualDirectory, msExchOWAVirtualDirectory}
WhenChanged : 1/13/2011 2:23:16 PM
WhenCreated : 1/13/2011 2:23:06 PM
WhenChangedUTC : 1/13/2011 7:23:16 PM
WhenCreatedUTC : 1/13/2011 7:23:06 PM
OrganizationId :
OriginatingServer : RARDC2.domain.local
IsValid : True
[PS] C:\Windows\system32>get-ec
RunspaceId : dd2a2dd7-2971-47d1-8aac-86
Name : ecp (Default Web Site)
InternalAuthenticationMeth
MetabasePath : IIS://RAREXCHANGE.domain.l
BasicAuthentication : True
WindowsAuthentication : False
DigestAuthentication : False
FormsAuthentication : True
LiveIdAuthentication : False
DefaultDomain :
GzipLevel : High
WebSite : Default Web Site
DisplayName : ecp
Path : E:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\ec
ExtendedProtectionTokenChe
ExtendedProtectionFlags : {}
ExtendedProtectionSPNList : {}
Server : RAREXCHANGE
InternalUrl : https://rarexchange.domain.local/ecp
ExternalUrl : https://mail.domain.com/ecp
ExternalAuthenticationMeth
AdminDisplayName :
ExchangeVersion : 0.10 (14.0.100.0)
DistinguishedName : CN=ecp (Default Web Site),CN=HTTP,CN=Protocols
Administrative Group (FYDIBOHF23SPDLT),CN=Admin
crosoft Exchange,CN=Services,CN=Co
Identity : RAREXCHANGE\ecp (Default Web Site)
Guid : 53a97647-05f9-43ed-8275-9c
ObjectCategory : reindeerauto.local/Configu
ObjectClass : {top, msExchVirtualDirectory, msExchECPVirtualDirectory}
WhenChanged : 1/13/2011 2:23:16 PM
WhenCreated : 1/13/2011 2:23:10 PM
WhenChangedUTC : 1/13/2011 7:23:16 PM
WhenCreatedUTC : 1/13/2011 7:23:10 PM
OrganizationId :
OriginatingServer : RARDC2.domain.local
IsValid : True
[PS] C:\Windows\system32>get-Ac
RunspaceId : dd2a2dd7-2971-47d1-8aac-86
MobileClientFlags : BadItemReportingEnabled, SendWatsonReport
MobileClientCertificatePro
BadItemReportingEnabled : True
SendWatsonReport : True
MobileClientCertificateAut
MobileClientCertTemplateNa
ActiveSyncServer : https://mail.reindeerauto.com/Microsoft-Server-ActiveSync
RemoteDocumentsActionForUn
RemoteDocumentsAllowedServ
RemoteDocumentsBlockedServ
RemoteDocumentsInternalDom
MetabasePath : IIS://RAREXCHANGE.domain.l
ync
BasicAuthEnabled : True
WindowsAuthEnabled : True
CompressionEnabled : True
ClientCertAuth : Ignore
WebsiteName : Default Web Site
WebSiteSSLEnabled : True
VirtualDirectoryName : Microsoft-Server-ActiveSyn
ProxyVdirExtendedProtectio
ProxyVdirExtendedProtectio
ProxyVdirExtendedProtectio
Path :
Server : RAREXCHANGE
InternalUrl : https://rarexchange.domain.local/Microsoft-Server-ActiveSync
InternalAuthenticationMeth
ExternalUrl : https://mail.domain.com/Microsoft-Server-ActiveSync
ExternalAuthenticationMeth
AdminDisplayName :
ExchangeVersion : 0.10 (14.0.100.0)
Name : Microsoft-Server-ActiveSyn
DistinguishedName : CN=Microsoft-Server-Active
RAREXCHANGE,CN=Servers,CN=
CN=Administrative Groups,CN=domain,CN=Micros
,CN=Configuration,DC=reind
Identity : RAREXCHANGE\Microsoft-Serv
Guid : 5f3004fd-3026-429e-bb12-0b
ObjectCategory : reindeerauto.local/Configu
ObjectClass : {top, msExchVirtualDirectory, msExchMobileVirtualDirecto
WhenChanged : 1/27/2011 12:00:52 PM
WhenCreated : 1/13/2011 2:23:31 PM
WhenChangedUTC : 1/27/2011 5:00:52 PM
WhenCreatedUTC : 1/13/2011 7:23:31 PM
OrganizationId :
OriginatingServer : RARDC2.domain.local
IsValid : True
I don't know why people insist on saying about checking the settings of the Autodiscover virtual directory, because that isn't used internally. The URLs on the virtual directory do not matter one bit.
This is a very common problem, and the fact that you have rekeyed means it is a NEW certificate. It might have the same names on it, but it is subject to the new rules and if issued with the new intermediate certificates those need to be installed as well.
The link I have provided above, resolves the problem. it is the same configuration I use on all of my builds.
Simon.
This is a very common problem, and the fact that you have rekeyed means it is a NEW certificate. It might have the same names on it, but it is subject to the new rules and if issued with the new intermediate certificates those need to be installed as well.
The link I have provided above, resolves the problem. it is the same configuration I use on all of my builds.
Simon.
ASKER
Ok so I understand this is only affecting me internally, my OWA from external link is working correctly. My issue is my OWA link internally and issues with my autodiscover I believe. I think I am lost a bit on what the actual issue is, I am reading the link you posted Simon and to be honest I am not sure what changes to make.
@Simon, I said check the CAS services virtual directories + the AutoDiscoverServiceInterna lUri (e.g: AD SCP object). It could be (not saying it is) EWS trying to pull the InternalURL and hitting an SSL error.
He should be fixing all of his internalURL to match his external, fix the AutoDiscover SCP and setting up an internal forward lookup zone (internal meaning DNS)
:) I haven't lost my touch yet.
He should be fixing all of his internalURL to match his external, fix the AutoDiscover SCP and setting up an internal forward lookup zone (internal meaning DNS)
:) I haven't lost my touch yet.
Here are the three internal urls that would probably error based on the new cert:
InternalUrl : https://rarexchange.domain.local/owa
InternalUrl : https://rarexchange.domain.local/ecp
InternalUrl : https://rarexchange.domain.local/Microsoft-Server-ActiveSync
InternalUrl : https://rarexchange.domain.local/owa
InternalUrl : https://rarexchange.domain.local/ecp
InternalUrl : https://rarexchange.domain.local/Microsoft-Server-ActiveSync
Esp EWS, since that would be used the most from the Outlook client side (availability service).
ASKER
So you are saying I need to change all my internal URL's to match the external URL's (e.g: https://mail.reindeerauto.com/owa)? Also I have a forward lookup zone for "domain.com" and "domain.local", both have A records that point to the external URL. If I change the internal URL's won't that screw everything up internally for my users?
Your semi correct. You need to change the internalurl to match the externalurl, and then setup a forward lookup zone for domain.com. Within there you point mail and autodiscover to the CAS (if its a single CAS deployment) of the load balancer VIP (for a HA CAS deployment). This wont screw anything up. Do NOT point this externally from the internal forward lookup zone.
Once that is done remove the old A records for mail and autodiscover if they exist in the .local lookup zone.
Once that is done remove the old A records for mail and autodiscover if they exist in the .local lookup zone.
ASKER
Would it just be easier for me to Re-key the cert using "Rarexchange.domain.local" as the common name? Would that solve all my problems with the least amount of changes?
Nope. The .local domain is not a public *TLD* so you cannot get a publicly trusted certificate for it. I would recommend following the guidance here as once you have this setup properly you are set.
*edit*
Sorry - I did not mean TLDR (iPhone auto correct, gotta love it), I meant TLD (for top level domain). If the domain is not available to the public for verification of ownership, then it cannot be on a public SSL certificate.
*edit*
Sorry - I did not mean TLDR (iPhone auto correct, gotta love it), I meant TLD (for top level domain). If the domain is not available to the public for verification of ownership, then it cannot be on a public SSL certificate.
ASKER
Adam & Simon,
Ok I understand all the changes that need to be made to the URL's, not sure what changed with the new cert but whatever. My question is about the A records and what needs to be added/deleted or changed.
Now in DNS forward lookup zone, "domain.com" I have an A record for "mail" which points to my exchange server IP with FQDN "mail.domain.com".
Forward lookup zone, "domain.local" I have an A record for "autodiscover" that points to my exchange server IP with FQDN "autodiscover.domain.local ".
Ok I understand all the changes that need to be made to the URL's, not sure what changed with the new cert but whatever. My question is about the A records and what needs to be added/deleted or changed.
Now in DNS forward lookup zone, "domain.com" I have an A record for "mail" which points to my exchange server IP with FQDN "mail.domain.com".
Forward lookup zone, "domain.local" I have an A record for "autodiscover" that points to my exchange server IP with FQDN "autodiscover.domain.local
Please match your external and internal URL to the Certificate.
On your DNS server create a forward lookup zone to match the URL and create an A record to point to your exchange server's internal IP.
Reset your IIS.
On your DNS server create a forward lookup zone to match the URL and create an A record to point to your exchange server's internal IP.
Reset your IIS.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you all for your help, here are the changes I am going to make. Sorry for being a pain, this is live and I do not want downtime. Here are the steps I am going to follow, if I am missing something please let me know.
1.I am changing InternalURL of OWA, ECP, Active Sync, OAB and Client Receiver Connector to "https://mail.domain.com/".
2. Changing autodiscover to "To change the autodiscover endpoint it is Set-ClientAccessServer <servername> -AutoDiscoverServiceIntern alUri https://autodiscover.domain.com/autodiscover/autodiscover.xml"
3. and Webservices URL to "Get-WebServicesVirtualDir ectory | Set-WebServicesVirtualDire ctory -InternalUrl https://mail.example.net/ews/exchange.asmx -ExternalUrl https://mail.domain.com/ews/exchange.asmx"
4. Then "Afterwards in the forward lookup zone for domain.com add an A record going to autodiscover.domain.com and remove the old record in the forward lookup zone for domain.local."
1.I am changing InternalURL of OWA, ECP, Active Sync, OAB and Client Receiver Connector to "https://mail.domain.com/".
2. Changing autodiscover to "To change the autodiscover endpoint it is Set-ClientAccessServer <servername> -AutoDiscoverServiceIntern
3. and Webservices URL to "Get-WebServicesVirtualDir
4. Then "Afterwards in the forward lookup zone for domain.com add an A record going to autodiscover.domain.com and remove the old record in the forward lookup zone for domain.local."
Looks right.
No!!!
if your external name is mail.domain.com
autodiscover-->autodiscove ry.mail.do main.com
OWA,ECP, etc.-->mail.domain.com
webservices-->mail.domain. com
You mentioned a .net
You should have in your DNS a forward zone called domain.com with the following domains:
mail with an A record to your server
autodiscover with an A record to your server
owa with an A record to your server
Or you can a forward zone for each one like:
mail.domain.com with an A record to your server
owa.domain.com with an A record to your server
autodiscover.domain.com with an A record to your server
if your external name is mail.domain.com
autodiscover-->autodiscove
OWA,ECP, etc.-->mail.domain.com
webservices-->mail.domain.
You mentioned a .net
You should have in your DNS a forward zone called domain.com with the following domains:
mail with an A record to your server
autodiscover with an A record to your server
owa with an A record to your server
Or you can a forward zone for each one like:
mail.domain.com with an A record to your server
owa.domain.com with an A record to your server
autodiscover.domain.com with an A record to your server
He isn't using OWA as a namespace, and I think the .net was a typo right?
ASKER
We do use OWA, and yes the .net was a type. When I make the DNS entry I want the FQDN to be "mail.domain.com" and the IP points to the exchange server? correct?
Yea. The endpoints within the DNS A record should point to the same location.
ASKER
Ok I followed this link, http://exchange.sembee.info/2010/install/clientaccesshostnames.asp and then created the A records to point to the exchange server. I reset the IIS and flushed the DNS, but we are still getting the certificate pop-up when we open Outlook.
run the following:
Get-ExchangeCertificate | FL
Post the output here.
Also pull the autodiscover SCP again as I am curious to see what it is:
Get-ClientAccessServer | Select AutoDiscoverServiceInterna lUri
Get-ExchangeCertificate | FL
Post the output here.
Also pull the autodiscover SCP again as I am curious to see what it is:
Get-ClientAccessServer | Select AutoDiscoverServiceInterna
ASKER
Here is the Output.
[PS] C:\Windows\system32>Get-Ex changeCert ificate | FL
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System.Security.AccessCont rol.Crypto KeyAccessR
ule, System.Security.AccessCont rol.Crypto KeyAccessR ule}
CertificateDomains : {mail.reindeerauto.com, www.mail.reindeerauto.com, autodiscover.reindeerauto. com}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy
.com, Inc.", L=Scottsdale, S=Arizona, C=US
NotAfter : 2/20/2016 2:53:01 PM
NotBefore : 11/3/2014 11:33:22 AM
PublicKeySize : 2048
RootCAType : ThirdParty
SerialNumber : 04610F15142534
Services : IMAP, POP, IIS, SMTP
Status : Valid
Subject : CN=mail.reindeerauto.com, OU=Domain Control Validated
Thumbprint : 4594D9A2A4646BB42AC473C4CC FF27C0998E 631A
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System.Security.AccessCont rol.Crypto KeyAccessR
ule, System.Security.AccessCont rol.Crypto KeyAccessR ule}
CertificateDomains : {RAREXCHANGE, RAREXCHANGE.reindeerauto.l ocal}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=RAREXCHANGE
NotAfter : 2/20/2016 3:41:35 PM
NotBefore : 2/20/2011 3:41:35 PM
PublicKeySize : 2048
RootCAType : None
SerialNumber : 1910EBC470F02689498B24913E ADF4DE
Services : SMTP
Status : Valid
Subject : CN=RAREXCHANGE
Thumbprint : E42817C397B73445289636A876 270155CE09 D988
[PS] C:\Windows\system32> Get-ClientAccessServer | Select AutoDiscoverServiceInterna lUri
AutoDiscoverServiceInterna lUri
-------------------------- ----
https://autodiscover.mail.reindeerauto.com/autodiscover/autodiscover.xml
[PS] C:\Windows\system32>Get-Ex
AccessRules : {System.Security.AccessCon
ule, System.Security.AccessCont
CertificateDomains : {mail.reindeerauto.com, www.mail.reindeerauto.com, autodiscover.reindeerauto.
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy
.com, Inc.", L=Scottsdale, S=Arizona, C=US
NotAfter : 2/20/2016 2:53:01 PM
NotBefore : 11/3/2014 11:33:22 AM
PublicKeySize : 2048
RootCAType : ThirdParty
SerialNumber : 04610F15142534
Services : IMAP, POP, IIS, SMTP
Status : Valid
Subject : CN=mail.reindeerauto.com, OU=Domain Control Validated
Thumbprint : 4594D9A2A4646BB42AC473C4CC
AccessRules : {System.Security.AccessCon
ule, System.Security.AccessCont
CertificateDomains : {RAREXCHANGE, RAREXCHANGE.reindeerauto.l
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=RAREXCHANGE
NotAfter : 2/20/2016 3:41:35 PM
NotBefore : 2/20/2011 3:41:35 PM
PublicKeySize : 2048
RootCAType : None
SerialNumber : 1910EBC470F02689498B24913E
Services : SMTP
Status : Valid
Subject : CN=RAREXCHANGE
Thumbprint : E42817C397B73445289636A876
[PS] C:\Windows\system32> Get-ClientAccessServer | Select AutoDiscoverServiceInterna
AutoDiscoverServiceInterna
--------------------------
https://autodiscover.mail.reindeerauto.com/autodiscover/autodiscover.xml
SSL is right, autodiscover is not..
Run this command just like I have it written below:
That will fix it! :)
Run this command just like I have it written below:
Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://autodiscover.reindeerauto.com/autodiscover/autodiscover.xml
That will fix it! :)
NOTE: The AutoDiscoverServiceInterna lUri is actually within AD, so it might not update immediately but when AD replicates. Just keep that in mind.
ASKER
Ok I ran the command, anything I need to do now or just wait for AD to replicate?
that's it basically. I would restart Outlook now and see if it clears up.
Update? I am curious now :)
ASKER
Still getting the pop-up
Post the pop up here.. and then run the Outlook Test E-mail AutoConfiguration also...
Ctrl - Right Click the Outlook icon in the system tray
Select Test E-mail AutoConfiguration
Run the test and screen shot it for us here
I refuse the throw in the towel, as I know this should work as we all described.
Ctrl - Right Click the Outlook icon in the system tray
Select Test E-mail AutoConfiguration
Run the test and screen shot it for us here
I refuse the throw in the towel, as I know this should work as we all described.
ASKER
<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>Bob Albertson</DisplayName>
<LegacyDN>/o=ReindeerAuto/ ou=Exchang e Administrative Group (FYDIBOHF23SPDLT)/cn=Recip ients/cn=B ob Albertson03b739f2</LegacyD N>
<AutoDiscoverSMTPAddress>b ob.alberts on@reindee rauto.com< /AutoDisco verSMTPAdd ress>
<DeploymentId>eaf9eea2-c84 3-4696-9fa 7-b68c3b61 a646</Depl oymentId>
</User>
<Account>
<AccountType>email</Accoun tType>
<Action>settings</Action>
<Protocol>
<Type>EXCH</Type>
<Server>RAREXCHANGE.reinde erauto.loc al</Server >
<ServerDN>/o=ReindeerAuto/ ou=Exchang e Administrative Group (FYDIBOHF23SPDLT)/cn=Confi guration/c n=Servers/ cn=RAREXCH ANGE</Serv erDN>
<ServerVersion>738180DA</S erverVersi on>
<MdbDN>/o=ReindeerAuto/ou= Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Confi guration/c n=Servers/ cn=RAREXCH ANGE/cn=Mi crosoft Private MDB</MdbDN>
<PublicFolderServer>RAREXC HANGE.rein deerauto.l ocal</Publ icFolderSe rver>
<AD>RARDC2.reindeerauto.lo cal</AD>
<ASUrl>https://rarexchange.reindeerauto.local/EWS/Exchange.asmx</ASUrl>
<EwsUrl>https://rarexchange.reindeerauto.local/EWS/Exchange.asmx</EwsUrl>
<EcpUrl>https://mail.reindeerauto.com/ecp/</EcpUrl>
<EcpUrl-um>?p=customize/vo icemail.as px&exs vurl=1</Ec pUrl-um>
<EcpUrl-aggr>?p=personalse ttings/Ema ilSubscrip tions.slab &exsvu rl=1</EcpU rl-aggr>
<EcpUrl-mt>PersonalSetting s/Delivery Report.asp x?exsvurl= 1&IsOW A=<IsOW A>& MsgID=< MsgID>& amp;Mbx=&l t;Mbx>< /EcpUrl-mt >
<EcpUrl-ret>?p=organize/re tentionpol icytags.sl ab&exs vurl=1</Ec pUrl-ret>
<EcpUrl-sms>?p=sms/textmes saging.sla b&exsv url=1</Ecp Url-sms>
<OOFUrl>https://rarexchange.reindeerauto.local/EWS/Exchange.asmx</OOFUrl>
<UMUrl>https://rarexchange.reindeerauto.local/EWS/UM2007Legacy.asmx</UMUrl>
<OABUrl>http://mail.reindeerauto.com/oab/be6cb01e-4706-4fe5-83a4-1ecbbfebfb57/</OABUrl>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>mail.reindeerauto. com</Serve r>
<SSL>On</SSL>
<AuthPackage>Basic</AuthPa ckage>
<ASUrl>https://mail.reindeerauto.com/ews/exchange.asmx</ASUrl>
<EwsUrl>https://mail.reindeerauto.com/ews/exchange.asmx</EwsUrl>
<EcpUrl>https://mail.reindeerauto.com/ecp/</EcpUrl>
<EcpUrl-um>?p=customize/vo icemail.as px&exs vurl=1</Ec pUrl-um>
<EcpUrl-aggr>?p=personalse ttings/Ema ilSubscrip tions.slab &exsvu rl=1</EcpU rl-aggr>
<EcpUrl-mt>PersonalSetting s/Delivery Report.asp x?exsvurl= 1&IsOW A=<IsOW A>& MsgID=< MsgID>& amp;Mbx=&l t;Mbx>< /EcpUrl-mt >
<EcpUrl-ret>?p=organize/re tentionpol icytags.sl ab&exs vurl=1</Ec pUrl-ret>
<EcpUrl-sms>?p=sms/textmes saging.sla b&exsv url=1</Ecp Url-sms>
<OOFUrl>https://mail.reindeerauto.com/ews/exchange.asmx</OOFUrl>
<UMUrl>https://mail.reindeerauto.com/ews/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://mail.reindeerauto.com/OAB/be6cb01e-4706-4fe5-83a4-1ecbbfebfb57/</OABUrl>
</Protocol>
<Protocol>
<Type>WEB</Type>
<Internal>
<OWAUrl AuthenticationMethod="Basi c, Fba">https://mail.reindeerauto.com/owa/</OWAUrl>
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://rarexchange.reindeerauto.local/EWS/Exchange.asmx</ASUrl>
</Protocol>
</Internal>
<External>
<OWAUrl AuthenticationMethod="Fba" >https://mail.reindeerauto.com/owa/</OWAUrl>
<Protocol>
<Type>EXPR</Type>
<ASUrl>https://mail.reindeerauto.com/ews/exchange.asmx</ASUrl>
</Protocol>
</External>
</Protocol>
</Account>
</Response>
</Autodiscover>
Untitled.jpg
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>Bob Albertson</DisplayName>
<LegacyDN>/o=ReindeerAuto/
<AutoDiscoverSMTPAddress>b
<DeploymentId>eaf9eea2-c84
</User>
<Account>
<AccountType>email</Accoun
<Action>settings</Action>
<Protocol>
<Type>EXCH</Type>
<Server>RAREXCHANGE.reinde
<ServerDN>/o=ReindeerAuto/
<ServerVersion>738180DA</S
<MdbDN>/o=ReindeerAuto/ou=
<PublicFolderServer>RAREXC
<AD>RARDC2.reindeerauto.lo
<ASUrl>https://rarexchange.reindeerauto.local/EWS/Exchange.asmx</ASUrl>
<EwsUrl>https://rarexchange.reindeerauto.local/EWS/Exchange.asmx</EwsUrl>
<EcpUrl>https://mail.reindeerauto.com/ecp/</EcpUrl>
<EcpUrl-um>?p=customize/vo
<EcpUrl-aggr>?p=personalse
<EcpUrl-mt>PersonalSetting
<EcpUrl-ret>?p=organize/re
<EcpUrl-sms>?p=sms/textmes
<OOFUrl>https://rarexchange.reindeerauto.local/EWS/Exchange.asmx</OOFUrl>
<UMUrl>https://rarexchange.reindeerauto.local/EWS/UM2007Legacy.asmx</UMUrl>
<OABUrl>http://mail.reindeerauto.com/oab/be6cb01e-4706-4fe5-83a4-1ecbbfebfb57/</OABUrl>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>mail.reindeerauto.
<SSL>On</SSL>
<AuthPackage>Basic</AuthPa
<ASUrl>https://mail.reindeerauto.com/ews/exchange.asmx</ASUrl>
<EwsUrl>https://mail.reindeerauto.com/ews/exchange.asmx</EwsUrl>
<EcpUrl>https://mail.reindeerauto.com/ecp/</EcpUrl>
<EcpUrl-um>?p=customize/vo
<EcpUrl-aggr>?p=personalse
<EcpUrl-mt>PersonalSetting
<EcpUrl-ret>?p=organize/re
<EcpUrl-sms>?p=sms/textmes
<OOFUrl>https://mail.reindeerauto.com/ews/exchange.asmx</OOFUrl>
<UMUrl>https://mail.reindeerauto.com/ews/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://mail.reindeerauto.com/OAB/be6cb01e-4706-4fe5-83a4-1ecbbfebfb57/</OABUrl>
</Protocol>
<Protocol>
<Type>WEB</Type>
<Internal>
<OWAUrl AuthenticationMethod="Basi
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://rarexchange.reindeerauto.local/EWS/Exchange.asmx</ASUrl>
</Protocol>
</Internal>
<External>
<OWAUrl AuthenticationMethod="Fba"
<Protocol>
<Type>EXPR</Type>
<ASUrl>https://mail.reindeerauto.com/ews/exchange.asmx</ASUrl>
</Protocol>
</External>
</Protocol>
</Account>
</Response>
</Autodiscover>
Untitled.jpg
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok no more pop-up and here are the results from the test again.
<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>Bob Albertson</DisplayName>
<LegacyDN>/o=ReindeerAuto/ ou=Exchang e Administrative Group (FYDIBOHF23SPDLT)/cn=Recip ients/cn=B ob Albertson03b739f2</LegacyD N>
<AutoDiscoverSMTPAddress>b ob.alberts on@reindee rauto.com< /AutoDisco verSMTPAdd ress>
<DeploymentId>eaf9eea2-c84 3-4696-9fa 7-b68c3b61 a646</Depl oymentId>
</User>
<Account>
<AccountType>email</Accoun tType>
<Action>settings</Action>
<Protocol>
<Type>EXCH</Type>
<Server>RAREXCHANGE.reinde erauto.loc al</Server >
<ServerDN>/o=ReindeerAuto/ ou=Exchang e Administrative Group (FYDIBOHF23SPDLT)/cn=Confi guration/c n=Servers/ cn=RAREXCH ANGE</Serv erDN>
<ServerVersion>738180DA</S erverVersi on>
<MdbDN>/o=ReindeerAuto/ou= Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Confi guration/c n=Servers/ cn=RAREXCH ANGE/cn=Mi crosoft Private MDB</MdbDN>
<PublicFolderServer>RAREXC HANGE.rein deerauto.l ocal</Publ icFolderSe rver>
<AD>RARDC1.reindeerauto.lo cal</AD>
<ASUrl>https://mail.reindeerauto.com/EWS/Exchange.asmx</ASUrl>
<EwsUrl>https://mail.reindeerauto.com/EWS/Exchange.asmx</EwsUrl>
<EcpUrl>https://mail.reindeerauto.com/ecp/</EcpUrl>
<EcpUrl-um>?p=customize/vo icemail.as px&exs vurl=1</Ec pUrl-um>
<EcpUrl-aggr>?p=personalse ttings/Ema ilSubscrip tions.slab &exsvu rl=1</EcpU rl-aggr>
<EcpUrl-mt>PersonalSetting s/Delivery Report.asp x?exsvurl= 1&IsOW A=<IsOW A>& MsgID=< MsgID>& amp;Mbx=&l t;Mbx>< /EcpUrl-mt >
<EcpUrl-ret>?p=organize/re tentionpol icytags.sl ab&exs vurl=1</Ec pUrl-ret>
<EcpUrl-sms>?p=sms/textmes saging.sla b&exsv url=1</Ecp Url-sms>
<OOFUrl>https://mail.reindeerauto.com/EWS/Exchange.asmx</OOFUrl>
<UMUrl>https://mail.reindeerauto.com/EWS/UM2007Legacy.asmx</UMUrl>
<OABUrl>http://mail.reindeerauto.com/oab/be6cb01e-4706-4fe5-83a4-1ecbbfebfb57/</OABUrl>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>mail.reindeerauto. com</Serve r>
<SSL>On</SSL>
<AuthPackage>Basic</AuthPa ckage>
<ASUrl>https://mail.reindeerauto.com/ews/exchange.asmx</ASUrl>
<EwsUrl>https://mail.reindeerauto.com/ews/exchange.asmx</EwsUrl>
<EcpUrl>https://mail.reindeerauto.com/ecp/</EcpUrl>
<EcpUrl-um>?p=customize/vo icemail.as px&exs vurl=1</Ec pUrl-um>
<EcpUrl-aggr>?p=personalse ttings/Ema ilSubscrip tions.slab &exsvu rl=1</EcpU rl-aggr>
<EcpUrl-mt>PersonalSetting s/Delivery Report.asp x?exsvurl= 1&IsOW A=<IsOW A>& MsgID=< MsgID>& amp;Mbx=&l t;Mbx>< /EcpUrl-mt >
<EcpUrl-ret>?p=organize/re tentionpol icytags.sl ab&exs vurl=1</Ec pUrl-ret>
<EcpUrl-sms>?p=sms/textmes saging.sla b&exsv url=1</Ecp Url-sms>
<OOFUrl>https://mail.reindeerauto.com/ews/exchange.asmx</OOFUrl>
<UMUrl>https://mail.reindeerauto.com/ews/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://mail.reindeerauto.com/OAB/be6cb01e-4706-4fe5-83a4-1ecbbfebfb57/</OABUrl>
</Protocol>
<Protocol>
<Type>WEB</Type>
<Internal>
<OWAUrl AuthenticationMethod="Basi c, Fba">https://mail.reindeerauto.com/owa/</OWAUrl>
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://mail.reindeerauto.com/EWS/Exchange.asmx</ASUrl>
</Protocol>
</Internal>
<External>
<OWAUrl AuthenticationMethod="Fba" >https://mail.reindeerauto.com/owa/</OWAUrl>
<Protocol>
<Type>EXPR</Type>
<ASUrl>https://mail.reindeerauto.com/ews/exchange.asmx</ASUrl>
</Protocol>
</External>
</Protocol>
</Account>
</Response>
</Autodiscover>
<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>Bob Albertson</DisplayName>
<LegacyDN>/o=ReindeerAuto/
<AutoDiscoverSMTPAddress>b
<DeploymentId>eaf9eea2-c84
</User>
<Account>
<AccountType>email</Accoun
<Action>settings</Action>
<Protocol>
<Type>EXCH</Type>
<Server>RAREXCHANGE.reinde
<ServerDN>/o=ReindeerAuto/
<ServerVersion>738180DA</S
<MdbDN>/o=ReindeerAuto/ou=
<PublicFolderServer>RAREXC
<AD>RARDC1.reindeerauto.lo
<ASUrl>https://mail.reindeerauto.com/EWS/Exchange.asmx</ASUrl>
<EwsUrl>https://mail.reindeerauto.com/EWS/Exchange.asmx</EwsUrl>
<EcpUrl>https://mail.reindeerauto.com/ecp/</EcpUrl>
<EcpUrl-um>?p=customize/vo
<EcpUrl-aggr>?p=personalse
<EcpUrl-mt>PersonalSetting
<EcpUrl-ret>?p=organize/re
<EcpUrl-sms>?p=sms/textmes
<OOFUrl>https://mail.reindeerauto.com/EWS/Exchange.asmx</OOFUrl>
<UMUrl>https://mail.reindeerauto.com/EWS/UM2007Legacy.asmx</UMUrl>
<OABUrl>http://mail.reindeerauto.com/oab/be6cb01e-4706-4fe5-83a4-1ecbbfebfb57/</OABUrl>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>mail.reindeerauto.
<SSL>On</SSL>
<AuthPackage>Basic</AuthPa
<ASUrl>https://mail.reindeerauto.com/ews/exchange.asmx</ASUrl>
<EwsUrl>https://mail.reindeerauto.com/ews/exchange.asmx</EwsUrl>
<EcpUrl>https://mail.reindeerauto.com/ecp/</EcpUrl>
<EcpUrl-um>?p=customize/vo
<EcpUrl-aggr>?p=personalse
<EcpUrl-mt>PersonalSetting
<EcpUrl-ret>?p=organize/re
<EcpUrl-sms>?p=sms/textmes
<OOFUrl>https://mail.reindeerauto.com/ews/exchange.asmx</OOFUrl>
<UMUrl>https://mail.reindeerauto.com/ews/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://mail.reindeerauto.com/OAB/be6cb01e-4706-4fe5-83a4-1ecbbfebfb57/</OABUrl>
</Protocol>
<Protocol>
<Type>WEB</Type>
<Internal>
<OWAUrl AuthenticationMethod="Basi
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://mail.reindeerauto.com/EWS/Exchange.asmx</ASUrl>
</Protocol>
</Internal>
<External>
<OWAUrl AuthenticationMethod="Fba"
<Protocol>
<Type>EXPR</Type>
<ASUrl>https://mail.reindeerauto.com/ews/exchange.asmx</ASUrl>
</Protocol>
</External>
</Protocol>
</Account>
</Response>
</Autodiscover>
that looks correct. congratulations, you now know certificate and namespace for the CAS role (something a lot of people mess up). Cheers pal and let us know if it comes back in the future.
ASKER
Thanks everyone, you were a huge help.
Don't think it is a "proper" problem, as you had to reissue the certkey.
Simply install the certificate (View Certificate....Add...).
You just have to do this once for each client, and then evertyhing should be ok !
V.