Problem with external Outlook 2016 clients using old SSL certificate
I have a client with a SBS 2011 server who changed the email domain from mail.XXX-uk.com to remote.XXX.com. The internet domain name wizard was run reflecting the new domain and hence the new remote domain name of remote.XXX.com and a new verified SSL certificate was installed. Outlook Web Access and Remote Web Workplace work fine. All the internal clients appear to be connecting fine but the 2 remote clients which are Outlook 2016 are not connecting when using Outlook Anywhere and they get an error message "there is a problem with the proxy server's security certificate. The name on the certificate is invalid or does not match the name of the target site mail.XXX-uk.com." The actual target should be remote.XXX,com.
I did have a problem with the mail.XXX being stuck on the Exchange 2010 smtp service but it appears to be cleared now.
ExchangeOutlookSBSSSL / HTTPS
Last Comment
David Stevens
8/22/2022 - Mon
David Favor
Really difficult to guess without real hostnames for testing.
What you'll have to do is first test the SSL setup for each host in your proxy chain, using a public tester like SSL Labs tester.
If this works (I'm guessing it will), then you'll likely require all the Outlook clients accessing may be updated.
My guess is you may have clients missing some ciphers or some other code out of date, since some clients work + others fail.
Also keep in mind, remote clients will be connecting via a completely different path of proxies than internal clients, so be sure you verify all SSL certs are exactly the same on all proxies or are passing through SSL connections correctly. Proxies can be a bit complex to get working.
Tip: Try connecting to your external proxy using an up to date client, like Thunderbird, to see if that works.
David Stevens
ASKER
Ah i should of made this question Private i see. However with my limited knowledge i ran a "Get-AutodiscoverVirtualDirectory" command and it returned NAME: Autodiscover SERVER: Servername INTERNALURL: https://mail.XXX-uk.com/autodisco......
David Favor
Better to use a public tester against your public server + then expose the proxy server IP + run against this one too.
The differences in reports will likely surface the problem.
If there's no difference, then the problem is likely someone has an old client + they require to update something, that's been fixed a long time.
What you'll have to do is first test the SSL setup for each host in your proxy chain, using a public tester like SSL Labs tester.
If this works (I'm guessing it will), then you'll likely require all the Outlook clients accessing may be updated.
My guess is you may have clients missing some ciphers or some other code out of date, since some clients work + others fail.
Also keep in mind, remote clients will be connecting via a completely different path of proxies than internal clients, so be sure you verify all SSL certs are exactly the same on all proxies or are passing through SSL connections correctly. Proxies can be a bit complex to get working.
Tip: Try connecting to your external proxy using an up to date client, like Thunderbird, to see if that works.