Problem Outllok Anywhere (Certificate trust) with Exchange 2010
Hi all,
Here is my setup:
W2k8R2 DC (also Root CA)
W2k8R2 Exchange 2010 (CAS, Mailbox, Hub)
I created a multi domain certificate (with the name for use in RPC/HTTPS on the top) using Powershell and validated it using my internal root CA
Outlook Anywhere is set to use NTLM
I always have the pop up windows for login password that show on the Outlook of the client computer (member of the domain)
I run the test from www.testexchangeconnectivity.com and here is the result I have:
Testing RPC/HTTP connectivity RPC/HTTP test failed Test Steps Attempting to resolve the host name webmail.test.com in DNS. Host successfully resolved Additional Details IP(s) returned: w.x.y.z Testing TCP Port 443 on host webmail.test.com to ensure it is listening and open. The port was opened successfully. Testing SSL Certificate for validity. The SSL Certificate failed one or more certificate validation checks. Test Steps Validating certificate name Successfully validated the certificate name Additional Details Found hostname webmail.test.com in Certificate Subject Common name Validating certificate trust Certificate trust validation failed Additional Details Certificate chain could not be built. You may be missing required intermediate certificates. Do you know the answer bec I don't use any secondary CA in my infrastructure (I just ahve a root CA).
Thx a lot
April 2nd, 2010 7:17am
On Fri, 2 Apr 2010 04:17:06 +0000, PM-Bkk wrote:>>>Hi all, >>Here is my setup: >>W2k8R2 DC (also Root CA) >>W2k8R2 Exchange 2010 (CAS, Mailbox, Hub) >>I created a multi domain certificate (with the name for use in RPC/HTTPS on the top) using Powershell and validated it using my internal root CA >>Outlook Anywhere is set to use NTLM >>I always have the pop up windows for login password that show on the Outlook of the client computer (member of the domain) >>I run the test from www.testexchangeconnectivity.com and here is the result I have: >>Testing RPC/HTTP connectivity RPC/HTTP test failed Test Steps Attempting to resolve the host name webmail.test.com in DNS. Host successfully resolved Additional Details IP(s) returned: w.x.y.z Testing TCP Port 443 on host webmail.test.com to ensure it is listening and open. The port was opened successfully. Testing SSL Certificate for validity. The SSL Certificate failed one or more certificate validation checks. Test Steps Validating certificate name Successfully validated the certificate name Additional Details Found hostname webmail.test.com in Certificate Subject Common name Validating certificate trust Certificate trust validation failed Additional Details Certificate chain could not be built. You may be missing required intermediate certificates. Do you know the answer bec I don't use any secondary CA in my infrastructure (I just ahve a root CA). The testexchangeconnectivity.com site has no way to access your CA so
it will never pass this test. For it to work you'd have to installyour private CA's root certificate into the certificate store on themachine running the web site.Spend the US$40 and get a certificate from a public CA (GoDaddy'spretty inexpensive and it usually works okay).---Rich MatheisenMCSE+I, Exchange MVP---
Rich Matheisen
MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
April 3rd, 2010 3:12am
Is it sure this will solve my problem with Outlook Anywhere?
Thx
PMPM
April 4th, 2010 3:59pm
On Sun, 4 Apr 2010 12:59:00 +0000, PM-Bkk wrote:>>>Is it sure this will solve my problem with Outlook Anywhere? It will solve at least one of your problems. Since you don't seem tobe able to move beyond that one problem I can't say what other thingsyou might find wrong later.---Rich MatheisenMCSE+I, Exchange MVP---
Rich Matheisen
MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
April 4th, 2010 6:49pm
Hi,
Sorry for not giving any update for a long time, but new job...
So, now, I have decided to buy a Multi Domain Name SSL certificate, uninstalled the Exchange 2010 and reinstalled it. I also installed the certificate... and same problem with the Outlook Anywhere... it asks my log and pass all the time
And now, if I don't use Oulook ANywhere, it also ask me log and pass sometime... Really weird.
Idid a check at https://www.testexchangeconnectivity.com and here is the result I received:
ExRCA is testing RPC/HTTP connectivity.
The RPC/HTTP test failed.
Test Steps
Attempting to resolve the host name webmail.test.com in DNS.
<span style="font-family: "Tahoma","sans-serif"; color: black; font-size: 8.5pt; mso-fareast-font-family: 'Times New Roman'; mso-fareast-lan
PM
June 13th, 2010 12:40pm
What are the DNS name which you put in certificate? It is fully coverd your exchange enviroment name? Please post the complete error while doing RPC/HTTP test
E.g.
Autodiscover.contoso.com - for autodiscover
Contoso.com - external domain name
Contoso.local - internal domain name
Server01.contoso.local - FQDN exchange server name
Mail.contoso.com - webmail URL
Free Windows Admin Tool Kit Click here and download it now
June 14th, 2010 7:57am