Link to home
Start Free TrialLog in
Avatar of Ryan Ward
Ryan WardFlag for United States of America

asked on

Server clients can't browse internet . Exchange clients on outlook Can't send external . Certificate issue! Please help!!

SBS 2011 Environment running exchange 2010   SP3.   CiscoRv82 i believe is model (8 port vpn router)    Background info.  Server was migrated from a SBS 2008 box that was just too slow.  Migration pretty much went as successful as I could hope from a wizard.   Folder redirection was broke but Exchange for the most part moved over without issue.  

About 2 months after the migration everything just halts.  

Computers can browse to Google and a few other random sites but mostly just get a certificate error pointing back to my own server along with the IIS7 splash page.   I realized no matter what domain I type, if I put /owa at the end of it, it will load my web app page.   DNS however does resolve in NSlookup regardless of what site I try.    I.E.   I can go to and the server redirects to localhost/owa.     The certificate error pretty much says certificate from is untrusted.  

I should note to rule out DNS issues i can ping anywhere externally via ip and dns name.  

Also Outlook is able to receive emails but is not able to send.  It keeps telling me my remote server is rejecting the message from being delivered.   Error is remote.(domain).com #550 5.7.1 Unable to relay ##    I've tried reissuing self cert to no avail.   Outlook acts so broken now it crashes unless I open outlook with /safe parameter.  

I'm wondering if maybe some IIS bindings / certificates got messed up and that's why its redirecting me there every time but I have literally went and reset them a billion times to the point where I just keep fixing and rebreaking OWA etc.   Tried Fix My network WIzard a billion times.
Avatar of Sajid Shaik M
Sajid Shaik M
Flag of Saudi Arabia image


check the following solution
Open the Exchange System Manager;

Go in Administrative Groups -> Administrative group name -> Server -> Server name -> Protocols -> SMTP;

Right click on Default SMTP Virtual Server -> properties;

Access tab -> Relay buttom;

Select "only the list bellow" and add your domain and\or IPs you do want to allow the relay

 and finally check  the "Allow all computers witch successfully authenticate to relay, regardless of the list above" checkbox.


go to command prompt, type iisreset /stop
then command prompt, type iisreset /start

go to services : click startup type on the top - check all Automatic services are start and running - if not running then start those services--

all the best
You can try SBS BPA: 

and also Microsoft IT Environment Health Scanner:

Avatar of Ryan Ward


BPA didn't really isolate issue.  

Saik I believe thats for Server 2003,  I am on 2011 that option is not available
Avatar of Ryan Ward
Ryan Ward
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial