Re: Configuring LDAP on Entourage 2004 OS X
- From: v-yanniw@xxxxxxxxxxxxxxxxxxxx ("Jenny wu [MSFT]")
- Date: Wed, 29 Mar 2006 04:07:47 GMT
Hi Robbie,
Thanks for your update.
Can I confirm with you that when the Mac client received error message when
it try to access the OWA?
Based on my experience, this issue occurs because the SBS 2003 Configure
E-Mail and Internet Connection Wizard (CEICW) configures OWA to require
Secure Sockets Layer (SSL) connections, and SSL connections require a
security certificate. CEICW creates a generic certificate that Internet
Explorer for Mac does not recognize.
To resolve this issue, apply a trusted certificate to the Web site. To do
this, obtain and configure a certificate from a trusted Internet security
provider by using CEICW. To do so, follow these steps:
1. On the SBS server box, open Server Management console, navigate to
Configuration Email and Internet Configuration -> Connect to the Internet.
2. Follow the steps in the wizard. Use the appropriate setting for Network
Firewall and Exchange, and then in the "Web Server Certificate" dialog box,
click "Use a Web server certificate from a trusted authority".
3. Click "Browse" to locate the certificate.
4. Click "More Information" in this window for additional help with using
certificates.
To work around this issue, use an alternative Web browser to connect to
OWA. For example, if you are running Mac OS X, use Apple Safari 1.2 or
Netscape 7.1. If you are running Mac OS 9, use Netscape 7.02. These
browsers will recognize the certificate that CEICW creates.
For more information about Apple Safari 1.2, visit the following Apple
Computer Web site:
<http://www.apple.com/safari>
For more information about Netscape 7.1, visit the following Netscape
Communications Web site:
<http://channels.netscape.com/ns/browsers/default.jsp>
For more information about Netscape 7.02, visit the following Netscape
Communications Web site:
<http://www.netscape.ca/browsers/7/download/index.jsp>
NOTE: The third-party products that this article discusses are manufactured
by companies that are independent of Microsoft. Microsoft makes no
warranty, implied or otherwise, regarding the performance or reliability of
these products.
For more detail information, you can take a look at the following KB
article:
830044 Macintosh users cannot connect to Outlook Web Access (OWA) when OWA
is
http://support.microsoft.com/?id=830044
Additionally please let me know if you have installed ISA on the SBS server
box and Mac client is configured to go through the ISA server for Web
proxy. If so, you need add the SBS server to the proxy exclusion list. You
can refer to below steps:
1. From the Apple menu on the client computer, click System
Preferences.
2. Click the Network icon.
3. Click Built-in Ethernet, and then click Configure.
4. Click the Proxies tab.
5. Verify that the Web Proxy (HTTP) and Secure Web Proxy (HTTPS)
check boxes are selected, then in Bypass proxy settings for these Hosts &
Domains, type the NetBIOS name and the fully qualified domain name of the
server. Type each name on a separate line.
6. Click Apply Now.
If it is not situation, please let me know the exact error message, also
please capture a screen shot of the error message.
I am happy to be of assistance to you.
Have a nice day!
Sincerely,
Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
User-Agent: Microsoft-Entourage/11.2.3.060209<M3zC#AjUGHA.4332@xxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 28 Mar 2006 08:22:28 -0800
Subject: Re: Configuring LDAP on Entourage 2004 OS X
From: Robbie Booth <robbiekb@xxxxxxxxx>
Message-ID: <C04EA2C4.336E%robbiekb@xxxxxxxxx>
Thread-Topic: Configuring LDAP on Entourage 2004 OS X
Thread-Index: AcZSg84uDK43Lr53Edq8eQARJHOlhg==
References: <C04D935E.3240%robbiekb@xxxxxxxxx>
Mime-version: 1.068.67.21.178
Content-type: text/plain;
charset="US-ASCII"
Content-transfer-encoding: 7bit
Newsgroups: microsoft.public.windows.server.sbs
NNTP-Posting-Host: ca-stmnca-cuda4-gen2c-178.vnnyca.adelphia.net
Lines: 1using
Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:256245
X-Tomcat-NG: microsoft.public.windows.server.sbs
Hi Jenny,
Yes thanks this is basically what I figured. The only thing that's really
clumsy with the LDAP /Entourage implementation is that when you're not
the VPN, the user is constantly barraged with -50 errors by Entourage,one
unless of course you open the port, in turn increasing your attack surface
as you said.
On another note it looks like you also need two certificates on the mac,
for the FQDN and one for the internal LDAP server name so that at leastwhen
you're on the LAN (or a VPN) LDAP works correctly without either a -50error
or an invalid certificate error.work
On 3/27/06 10:24 PM, in article M3zC#AjUGHA.4332@xxxxxxxxxxxxxxxxxxxxx,
""Jenny wu [MSFT]"" <v-yanniw@xxxxxxxxxxxxxxxxxxxx> wrote:
Hi Robbie,
Thanks for using the SBS newsgroup.
From your description, I understand that you want to know if LDAP can
tofrom internet in the SBS 2003 network. If I am off base, please don't
hesitate to let me know.
Typically when we connect to Exchange and Active Directory from the
Internet, we have to go through a firewall. Firewalls usually block LDAP
traffic from the Internet, thus Entourage users can't access Active
Directory. If you opened the LDAP port(s), Entourage users would be able
inconnect, but the internal network's attack surface would be greater and
they are critical ports. It is not recommended that you open LDAP ports
article:firewall.
For more detail information, you can take a look at the following
systemService overview and network port requirements for the Windows Server
IMAPhttp://support.microsoft.com/?id=832017
To access Exchange server from internet on Entourage 2004 OS X, you can
setup VPN connection to access it (As you known); trough OWA site
(https://serverPublicFQDN/exchange); or setup Pop3 email account or an
theE-mail Account in Entourage, You can check the following article to get
detail steps:
271643 ENT2001: How to Use Entourage in an Exchange Environment
http://support.microsoft.com/?id=271643
To allow Entourage connect to Exchange server using SSL, you may check
iffollowing steps:
Working around SSL Root Certificate Errors with Entourage 2004 and
Microsoft Exchange
http://www.themachelpdesk.com/
It is recommended that you take a look at the following articles to see
http://simultaneouspancakes.com/Lessons/archives/2005/01/how_to_configur.shtit helps:
http://www.microsoft.com/mac/resources/resources.aspx?pid=resourcekits&rk=ofml
Working with Exchange
http://www.microsoft.com/mac/support.aspx?pid=exchange
Entourage and Microsoft Exchange Server
ficex&article=/mac/officex/ork/Configure_Entourage.xml#entourage_and_exchang
correspondinge_server
Hope above information helps! I am happy to be of assistance to you and
look forward to your reply.
Have a nice day!
Sincerely,
Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the
manner.newsgroups so that they can be resolved in an efficient and timely
theYou can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check
doing"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In
rights.so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no
address
--------------------
User-Agent: Microsoft-Entourage/11.2.3.060209
Date: Mon, 27 Mar 2006 13:04:30 -0800
Subject: Configuring LDAP on Entourage 2004 OS X
From: Robbie Booth <robbiekb@xxxxxxxxx>
Message-ID: <C04D935E.3240%robbiekb@xxxxxxxxx>
Thread-Topic: Configuring LDAP on Entourage 2004 OS X
Thread-Index: AcZR4goRSG7pmb3VEdqblAARJHOlhg==
Mime-version: 1.0
Content-type: text/plain;
charset="US-ASCII"
Content-transfer-encoding: 7bit
Newsgroups: microsoft.public.windows.server.sbs
NNTP-Posting-Host: 24-75-146-70.lmdaca.adelphia.net 24.75.146.70
Lines: 1
Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:256007
X-Tomcat-NG: microsoft.public.windows.server.sbs
Hi all,
This forum is truly proving invaluable :)
Does anyone know if LDAP can be configured to work using a server
tosuch as https://myservernameurl/exchange ?
I can make it work using the server's name on the LAN but then I'd have
externallyVPN to the LAN in order for LDAP to work.
I'm wondering if the issue is that the LDAP port is locked down
toto the network so that if I want GAL lookups externally I'd either have
Anyoneopen up the port (ACK) or VPN (also ACK).
Hmmmm, it'd be really neat if I could get this working using https.
know if it can be made to work ?
Robbie
.
- References:
- Configuring LDAP on Entourage 2004 OS X
- From: Robbie Booth
- RE: Configuring LDAP on Entourage 2004 OS X
- From: "Jenny wu [MSFT]"
- Re: Configuring LDAP on Entourage 2004 OS X
- From: Robbie Booth
- Configuring LDAP on Entourage 2004 OS X
- Prev by Date: Re: Exchange 2003 and 15 minutes interval for getting pop3 email
- Next by Date: Re: SBS 2003 Shutdown Automatically?
- Previous by thread: Re: Configuring LDAP on Entourage 2004 OS X
- Next by thread: Forwarding internal emails.
- Index(es):
Relevant Pages
|
|
