Solved

Exchange 2013 CU2 - Problems connecting with outlook after adding another server

Posted on 2014-12-13
17
130 Views
Last Modified: 2014-12-20
Hello ,

Today i insert another standalone exchange 2013 server for high availabilty in my infastructure. I configure the virtual directories and all the connectors and it seems ok . But the thing is that i suddenly have problems with outlook connectivity . It keeps asking for password , i insert the username and password and it's it ask for it again and again and it cant connect to exchange. With OWA i can login without any problems.

Any ideas ?

Thanks
0
Comment
Question by:Anestis Psomas
  • 10
  • 6
17 Comments
 
LVL 19

Expert Comment

by:R--R
Comment Utility
Check if proper certificate is assigned on IIS on both the servers.
Verify if all the exchange services are running.
0
 

Author Comment

by:Anestis Psomas
Comment Utility
Hello ,

I have verify certificate in both exchange servers. The only thing i concern is a self sign certificate that exists with name " Microsoft Exchange " . This is a self signed certificate and also has IIS , SMTP services assigned. Do you thing maybe this is causing problems ? Do i need this certificates?

Thanks
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
Comment Utility
Exchange 2013 CU2 is no longer supported. The only supported versions are SP1 (aka CU4) the current CU (7) and the previous one (6). I would upgrade to Exchange 2013 CU7 before you do any further troubleshooting.

SSL certificates are required for Exchange 2013 because they are all web services related.
Without using a trusted certificate you will have issues with the clients trusting the certificate. The authentication prompt from Outlook is a classic sign of SSL certificate issues.

Therefore decide on what host name/s you are going to use, then configure the servers appropriately, with a trusted SSL certificate and a split DNS. http://semb.ee/hostnames2013

You can probably use the same host name on both servers for Autodiscover.
Are you deploying a load balancer? If so then the same host name for both servers will be fine, because it will go to the load balancer.

Simon.
0
 

Author Comment

by:Anestis Psomas
Comment Utility
Hello simon ,

I have a split DNS Configuration and also a wild card certificate from go daddy that i have imported and it plays without problems until i add the second exchange server . I have import the wildcard certificate into the second exchange , i setup virtual directories exactly as server1 and suddenly the problem starts.

I thing that maybe the problem is with the SSL certificate bindings in IIS . In IIS in the default web site in bindings i see my wildcard certificate. In the exchange backend i see also the wildcard certificate. Do you thing this is wrong ? Maybe in the backend i need the internal self signed certificate into bindings ?

I have a load balancer that it works without any problems also .

Thanks a lot
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
Did you add the SSL certificate with Exchange or through IIS manager?
If the latter, then you need to use the former - either with ECP or EMS. IIS will often get the bindings incorrect.

Did you change all of the settings to match the certificate? Not all of them can be done in the console, some have to be done with EMS, as per the link I have provided above.

Simon.
0
 

Author Comment

by:Anestis Psomas
Comment Utility
Hello simon , i change certificate bindings through IIS and put my wildcard certificate in both default page and backend and now all are working perfect. !!

Thanks for your advices and your help !
0
 

Author Comment

by:Anestis Psomas
Comment Utility
Unfortunately the problem came back . It seems that something is hapenning with my 1st server. Any ideas maybe what logs to search for the cause of the problem ?


Thanks
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
I said to do the bindings through EMC, not IIS manager.

Simon.
0
Want to promote your upcoming event?

Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

 

Author Comment

by:Anestis Psomas
Comment Utility
Hello simon ,

I will do this through EMC you are right ,

Here is a screen from the certificates tab in the server with the problem ,  

 server01
As you can see the wildcard certificate is already assigned to IIS and SMTP . So i must edit the certificate , uncheck IIS press ok and then check it again and press ok to apply it ?

Thanks
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
You have to select another certificate for IIS.
You should have a self signed certificate on there that you can use. Enable that for IIS.
Then run IISRESET. Reconnect to ECP (with SSL warnings) and enable the trusted certificate.

Simon.
0
 

Author Comment

by:Anestis Psomas
Comment Utility
Hello Simon .


I create a self sign certificate and assign IIS for this certificate. I also delete my wild card certificate. Then i do iis reset . Re-connect to ECP with ssl warnings , import my wild card certificate. As soon as i imported it has already the iis service enable. I then do another IIS Reset. Know when i try to open OWA i take alerts about the certificate. In IIS i see that for the default web site the ssl certificate is the one i create earlier(selfsigned) . The Exchange backend has the wildcard certificate.

Thanks
0
 

Author Comment

by:Anestis Psomas
Comment Utility
Ok i enable the wildcard certificate from powershell with the enable-certificate command and it overwrite the selfsigned certificate. I will start my tests....
0
 

Author Comment

by:Anestis Psomas
Comment Utility
Back again. After about 1 hour of working without problems outlook start again to ask username/password . I enter the credentials but it cannot connect. Also the POP3S TLS connector asks about username and password. The SMTPS its working.

I reset the IIS but the problem continues. I again reset IIS and it fixed for about 10 minutes. Then it asked again for credentials .

Can someone please confirm for an all in one Exchange server in the IIS Exchange Backened in the bindings what certificate i must have ? The public certificate or the self signed ?


Thanks
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
The backend web site should have a self signed certificate on it - usually called "Microsoft Exchange". The Default Web Site would have the trusted certificate on it.

Simon.
0
 

Author Comment

by:Anestis Psomas
Comment Utility
If i change the backenend certificate through IIS do you think i may have problems ? Because from ECP i can't assign certificate to the backened web site.

Thanks
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
It is the only way to correct the bindings, so I don't see that you have any other choice.

Simon.
0
 

Author Comment

by:Anestis Psomas
Comment Utility
Thanks simon , i will change the certificate and i will enable the server from the load balancer to make my tests . I will come back for news...
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Familiarize people with the process of utilizing SQL Server stored procedures from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Micr…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now