Exchange 2013 CU2 - Problems connecting with outlook after adding another server

Hello ,

Today i insert another standalone exchange 2013 server for high availabilty in my infastructure. I configure the virtual directories and all the connectors and it seems ok . But the thing is that i suddenly have problems with outlook connectivity . It keeps asking for password , i insert the username and password and it's it ask for it again and again and it cant connect to exchange. With OWA i can login without any problems.

Any ideas ?

Thanks
Anestis PsomasSystem and Network AdministratorAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
Exchange 2013 CU2 is no longer supported. The only supported versions are SP1 (aka CU4) the current CU (7) and the previous one (6). I would upgrade to Exchange 2013 CU7 before you do any further troubleshooting.

SSL certificates are required for Exchange 2013 because they are all web services related.
Without using a trusted certificate you will have issues with the clients trusting the certificate. The authentication prompt from Outlook is a classic sign of SSL certificate issues.

Therefore decide on what host name/s you are going to use, then configure the servers appropriately, with a trusted SSL certificate and a split DNS. http://semb.ee/hostnames2013

You can probably use the same host name on both servers for Autodiscover.
Are you deploying a load balancer? If so then the same host name for both servers will be fine, because it will go to the load balancer.

Simon.
0
 
R--RCommented:
Check if proper certificate is assigned on IIS on both the servers.
Verify if all the exchange services are running.
0
 
Anestis PsomasSystem and Network AdministratorAuthor Commented:
Hello ,

I have verify certificate in both exchange servers. The only thing i concern is a self sign certificate that exists with name " Microsoft Exchange " . This is a self signed certificate and also has IIS , SMTP services assigned. Do you thing maybe this is causing problems ? Do i need this certificates?

Thanks
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Anestis PsomasSystem and Network AdministratorAuthor Commented:
Hello simon ,

I have a split DNS Configuration and also a wild card certificate from go daddy that i have imported and it plays without problems until i add the second exchange server . I have import the wildcard certificate into the second exchange , i setup virtual directories exactly as server1 and suddenly the problem starts.

I thing that maybe the problem is with the SSL certificate bindings in IIS . In IIS in the default web site in bindings i see my wildcard certificate. In the exchange backend i see also the wildcard certificate. Do you thing this is wrong ? Maybe in the backend i need the internal self signed certificate into bindings ?

I have a load balancer that it works without any problems also .

Thanks a lot
0
 
Simon Butler (Sembee)ConsultantCommented:
Did you add the SSL certificate with Exchange or through IIS manager?
If the latter, then you need to use the former - either with ECP or EMS. IIS will often get the bindings incorrect.

Did you change all of the settings to match the certificate? Not all of them can be done in the console, some have to be done with EMS, as per the link I have provided above.

Simon.
0
 
Anestis PsomasSystem and Network AdministratorAuthor Commented:
Hello simon , i change certificate bindings through IIS and put my wildcard certificate in both default page and backend and now all are working perfect. !!

Thanks for your advices and your help !
0
 
Anestis PsomasSystem and Network AdministratorAuthor Commented:
Unfortunately the problem came back . It seems that something is hapenning with my 1st server. Any ideas maybe what logs to search for the cause of the problem ?


Thanks
0
 
Simon Butler (Sembee)ConsultantCommented:
I said to do the bindings through EMC, not IIS manager.

Simon.
0
 
Anestis PsomasSystem and Network AdministratorAuthor Commented:
Hello simon ,

I will do this through EMC you are right ,

Here is a screen from the certificates tab in the server with the problem ,  

 server01
As you can see the wildcard certificate is already assigned to IIS and SMTP . So i must edit the certificate , uncheck IIS press ok and then check it again and press ok to apply it ?

Thanks
0
 
Simon Butler (Sembee)ConsultantCommented:
You have to select another certificate for IIS.
You should have a self signed certificate on there that you can use. Enable that for IIS.
Then run IISRESET. Reconnect to ECP (with SSL warnings) and enable the trusted certificate.

Simon.
0
 
Anestis PsomasSystem and Network AdministratorAuthor Commented:
Hello Simon .


I create a self sign certificate and assign IIS for this certificate. I also delete my wild card certificate. Then i do iis reset . Re-connect to ECP with ssl warnings , import my wild card certificate. As soon as i imported it has already the iis service enable. I then do another IIS Reset. Know when i try to open OWA i take alerts about the certificate. In IIS i see that for the default web site the ssl certificate is the one i create earlier(selfsigned) . The Exchange backend has the wildcard certificate.

Thanks
0
 
Anestis PsomasSystem and Network AdministratorAuthor Commented:
Ok i enable the wildcard certificate from powershell with the enable-certificate command and it overwrite the selfsigned certificate. I will start my tests....
0
 
Anestis PsomasSystem and Network AdministratorAuthor Commented:
Back again. After about 1 hour of working without problems outlook start again to ask username/password . I enter the credentials but it cannot connect. Also the POP3S TLS connector asks about username and password. The SMTPS its working.

I reset the IIS but the problem continues. I again reset IIS and it fixed for about 10 minutes. Then it asked again for credentials .

Can someone please confirm for an all in one Exchange server in the IIS Exchange Backened in the bindings what certificate i must have ? The public certificate or the self signed ?


Thanks
0
 
Simon Butler (Sembee)ConsultantCommented:
The backend web site should have a self signed certificate on it - usually called "Microsoft Exchange". The Default Web Site would have the trusted certificate on it.

Simon.
0
 
Anestis PsomasSystem and Network AdministratorAuthor Commented:
If i change the backenend certificate through IIS do you think i may have problems ? Because from ECP i can't assign certificate to the backened web site.

Thanks
0
 
Simon Butler (Sembee)ConsultantCommented:
It is the only way to correct the bindings, so I don't see that you have any other choice.

Simon.
0
 
Anestis PsomasSystem and Network AdministratorAuthor Commented:
Thanks simon , i will change the certificate and i will enable the server from the load balancer to make my tests . I will come back for news...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.