I'm using SBS 2011 and Im trying to activate outlook anywhere. We have a self signed certificate that has CN=remote.xxx.xx. After enabling every feature I still cannot connect with outlook.I have tried different local autodiscovery test, and they are working just fine. The only problem I have is connecting from external.

Is it possible to get it working with this self signed certificate. Or do you HAVE to buy a SAN SSL certificate to get the feature activated ?

When I use testexchangeconnectivity.com, under certificate name validation I see an error that reads:

Host name autodiscover.xxx.be doesn't match any name found on the server certificate CN=remote.xxx.be.

I also get

Host name autodiscover.xxx.be doesn't match any name found on the server certificate E=info@plesk.com, CN=plesk, OU=Plesk, O=Parallels, L=Herndon, S=Virginia, C=US.

Hi there

Your installation wont be complete with a self signed cert and i dont think MS support it either. you can buy an SSL cert and they not that expensive though.

you need to setup your names correctly for this to work.

Here is the process for SSL cert:

http://exchangeserverpro.com/exchange-2010-ssl-certificates/

You can as a work around of course (do at your own risk :-)) add the cert to the local trusted store.

Hi,

from your description, I found the certificate is not qualifed for Outlook Anywhere. Let's first fix the certificate issue

Outlook Anywhere won't work with a self-signed certificate on the Client Access server. And I recommend using a SAN certificate.

To generate a new SAN certificate, you can take the following steps:

1generate a certificate request by running the command:

New-ExchangeCertificate -DomainName autodiscover.domian.com email.domain.com  -GenerateRequest:$True -PrivateKeyExportable:$True  -KeySize 1024 -SubjectName "c=coutry, l=YourLocalityOrCity, s=YourStateOrProvince, o=YourCompanyInc, cn=YourFirstDomain.com"-path c:\request.txt

2. import it: Import-exchangecertificate path <full path to cert file>

3. determine the thumbprint of a certificate:

Get- ExchangeCertificate -DomainName autodiscover.domian.com email.domain.com

4. enable it: Enable-exchangecertificate services IIS, POP, IMAP, SMTP  thumbprint <certificate-thumbprint>

Please note that the certificate must be enabled on the IIS service, you can reset the IIS service after you create the new SAN certificate.

For more details steps to create a new certificate, please refer to:

http://technet.microsoft.com/en-us/library/aa995942.aspx

for more information about SAN certificate, please refer to :

http://blogs.technet.com/b/exchange/archive/2007/07/02/3403301.aspx

Hope it helps. If it still doesnt work, please feel free to let me know.

best regards

Hi,

Yes, you can make Outlook Anywhere work with self signed certificate but autodiscover will not work with self signed certificate.

For Outlook Anywhere to work, you can install the self signed certificate in the workstation and configure the Outlook manually.

For example, if your domain is company.com and address is mail.company.com, in the outlook configure manually using the following

Initially enter the server name as mail.company.com and give the user account name. click check name and you will get an error. Click cancel and click more settings. Check the proxy settings (Outlook anywhere) and give the address (URL) as https://mail.company.com and select the option connect using SSL and only connect to proxy servers that have this principal name in their certificate and give msstd:mail.company.com and select basic authentication.

Note:

1) In Outlook Anywhere configuration make sure it is basic authentication

2) Install the certificate in the workstation

If you are still not able to connect there is a registry values to enable the ports between 6001 and 6005 for mail.company.com

Using the built-in Exchange self-signed cert is not supported however. ( You can use a cert from your own internal CA as long as its trusted by the client)

http://technet.microsoft.com/en-us/library/dd351177(v=exchg.141).aspx

The default self-signed certificate that's available in Exchange 2010 Setup works with Outlook Web App and Exchange ActiveSync, but it doesn't work with Outlook 2007 or Outlook 2010 and Outlook 2003 clients that are using Outlook Anywhere. Instead, you must use a valid SSL certificate that's created by a certification authority (CA) that's trusted by the client computer's operating system