Hi!
I've been spending the last week or two trying to get Lync and Exchange to play together nicely over EWS and using autodiscover etc. I've been all over this forum and others reading similar threads but still haven't found anything that solves this problem for me. Therefor I'm asking for your assistance in my perticular case and would be very grateful for any advice.
The case is that Lync clients on PCs are saying "EWS not deployed" and Lync mobile apps on iPhone are not able to connect to the Exchange server to get information regarding meetings.
Today I think I may have found the cause, although I can't understand why..
While following the Troubleshooting in the "Understanding and Troubleshooting Microsoft Exchange Server Integration" white paper I ran the cmdlet Test-WebServicesConnectivity
This resulted in:
Error : [System.Net.WebException]: The underlying connection was closed: Could not establish trus
t relationship for the SSL/TLS secure channel. Inner error [System.Security.Authenticatio
n.AuthenticationException]: The remote certificate is invalid according to the validation
procedure.
While a "Test-WebServicesConnectivity -TrustAnySSLCertificate" of course doesn't generate an error.
Now I do have a third party certificate for the Exchange 2010 server which has seemed to work just fine! It's got my mail.primarydomain.com as CN and autodiscover.primarydomain.com as a SAN entry. I've got the A record in my DNS pointing autodiscover.primarydomain.com to my Exchange 2010 server (This is a single server setup). I've also added SRV records for autodiscover but that didn't help.
https://www.testexchangeconnectivity.com finds and connects using Autodiscover succesfully even when using SSL.
Results of Get-ExchangeCertificate:
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR
ule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail.primarydomain.com, autodiscover.primarydomain.com}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=GlobalSign Domain Validation CA, O=GlobalSign nv-sa, OU=Domain Validation CA, C=BE
NotAfter : 2013-05-02 09:22:20
NotBefore : 2011-05-02 09:22:25
PublicKeySize : 2048
RootCAType : ThirdParty
SerialNumber : xxxxxxxxxxxxxxxxxxxxx
Services : IMAP, POP, IIS, SMTP
Status : Valid
Subject : CN=mail.primarydomain.com, O=mail.primarydomain.com, OU=Domain Control Validated, C=SE
Thumbprint : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
(Regarding Lync certs, they are still only signed by our CA and internally trusted as I was hoping to get everything up and running before replacing them with third party certs. )
Any pointers or ideas? Thank you for your time!
Best Regards,
Jimmy Beckman