Re: EX2007 Certificate Problem

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

---

• From: "PL" <syplai@xxxxxxxxxxxx(autodeletejunkemails)>
• Date: Mon, 15 Jan 2007 03:03:04 +0800

---

I can only solve half of the problem in internal network. I don't have the
time to try it on external network yet.

What I have done:
1. Remove all IIS/SSL site from ALL domain controllers
2. On one client access server (not a DC), add a second TCP/IP address to
the network interface.
3. Create a new web site on that client access server using the new IP
4. Create a certificate name "autodiscover.yourdomainname.com" for the new
site to enable SSL
5. On the default web site, export the settings for the autodiscover virtual
directory to a XML file.
6. On the new autodiscover site, create a new virtual directory named
autodiscover using the XML file (I don't have the time to find the correct
syntex to create the virtual directory for the new site using the
NEW-AUTODISCOVERVIRTUALDIRECTORY command.)
7. On the DNS server (primary zone or AD integrated zone), add a host (A)
record for autodiscovery.yourdomainname.com pointing to the new IP of the
client access server.
8. Run SET-OUTLOOKPROVIDER command to configure the options.

If you only have one DC in the domain and that DC is also a client access
server:
1. On the client access server (the DC), only one web site with 443 SSL can
be enabled
2. Remove the SSL web site's current certificate (self signed certificate
created when you install Ex2k7) and replace it with a new certificate with
name "yourdomainname.com"
3. On the DNS server, verify that the host (A) record for "(same as parent
folder)" is pointing to the IP of the client access server.
4. Run SET-OUTLOOKPROVIDER command to configure the options.


I am using Exchange 2007 Beta 2 and Office 2007 beta 2. The clients will
try to open https://yourdomainname.com before they try
https://autodiscover.yourdomainname.com. yourdomainname.com is pointing to
DCs by default. This problem about DCs may have been solved in RTM
versions. I will test it when I have access to the RTM products.


PL

Hello,

thanks for your answers. I tried to add an external URL to the autodiscove

r

site (is thos the right way or must I add a complete new site?). I have
trouble with the PL syntax. Can anybody help me? I have problem eith the
identity switch. Must I enter the URL or the Website IIS name?

I think I get with an inernal / external URL or a complete website

problems

with SSL and certificates?! Waht ist the best way to resolve this issue? A
seperate Client access server for external access?

Jens


"Jens Hartmann" <jens.hartmann@xxxxxxxxxxxx> wrote in message
news:%23GN1L7xNHHA.992@xxxxxxxxxxxxxxxxxxxxxxx

When I open Oulook 2007 I get a certificate security warning because the
name doesn't match. I use an external certificate. What makes Outlook
here? Searching the OAB?

How can I resolve this wit internal and external access?

Jens

.

---

• References:
  • EX2007 Certificate Problem
    • From: Jens Hartmann
  • Re: EX2007 Certificate Problem
    • From: Jens Hartmann

• Prev by Date: Re: EX2007 Certificate Problem
• Next by Date: Re: SMTP Send and Receive Ports
• Previous by thread: Re: EX2007 Certificate Problem
• Next by thread: Re: EX2007 Certificate Problem
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Outloook 2007 certificate error ... I noticed that today it appears to enable the cache exchange mode which slows things down. ... why would the internal clients be contacting the client access server? ... we have a program called desktop authority that automatically creates the outlook profiles. ... I have several users inside our network reporting that they are getting an invalid certificate and referencing the client access server. ... (microsoft.public.exchange.clients) Re: (PROBLEM) Security warning after renew certificate ... Expand your websites, find autodiscover, go to properties ... Directory security tab, ... the strange thing is that when I try to view the certificate doing: ... Doing the same work under client access server correctly shows the ... (microsoft.public.exchange.admin) CAS Network Placement ... I am slightly confused about where to place a CAS on the network. ... It seems logical, since users on the Internet will access the CAS, to place the CAS in the DMZ. ... "Installation of a Client Access server in a perimeter network is not supported. ... The Client Access server must be a member of an Active Directory directory service domain, and the Client Access server machine account must be a member of the Exchange Servers Active Directory security group. ... (microsoft.public.exchange.admin) RE: Exchange 2007 in a domain using Kerberos Realm authentication ... REALM\user for authentication. ... tries to locate the Autodiscover SCP objects that were created during Setup ... Client Access server. ... the client connects to the first Client Access server ... (microsoft.public.exchange.setup) Re: EX2007 Certificate Problem ... the certificate is untrusted when syncing with Exch 2007. ... Client Access server that includes both the common name (for example, ... Must I enter the URL or the Website IIS name? ... I think I get with an inernal / external URL or a complete website ... (microsoft.public.exchange.setup)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Exchange  > microsoft.public.exchange.setup  > 2007-01