This time I will be talking about how get get around some of the more common issues that I have seen with certificates and Exchange 2007, I’ll do this as a bit of an FAQ as it is easier for me to organise it that way.
Q: When Outlook 2007 start I get a certificate mismatch error
![[CAS_Cert_err.jpg]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivpearEFnxsZQOnKBD5WvTGhNLP7uuoTrf7N_C-ycbc-mcbPzu4uIuVh1xr1L3DX-fEb-4TXe0_5x0UmD-8o0OEZq3Vr_wWZX3wObCOVURVFGnMjyL1ReYru_oLlTWz48wIYb8hTEsCZ4/s1600/CAS_Cert_err.jpg)
A: The cause of this is that the AutoDiscover URL is pointing to an address that does not match the certificate that you have on your CAS server.
The solution for this is fairly simple.
First you need to create a new forward lookup zone in DNS for the domain name on the certificate (this is usually the external address),eg, exchangelabs.com.au.
You then need to create an A record for the coomman name on the certificate, eg mail if your certificate name is mail.exchangelabs.com.au and point it to the internal IP of your CAS server.
After that in powershell on the CAS server type the following
Set-ClientAccessServer -Identity <ClientAccessServerIdParameter> -AutoDiscoverServiceInternalUri https://mail.exchangelabs.com.au/
There may be other entries that need to be added to this new ForwareLookup Zone in DNS as well, specifically if your company web site resolves externally you will need to add an A record for www and the external address.
Q: My Certificate has expired, how do I renew it?
A: Basically you need to create a new request and get a new certificate. If it is the self-signed one then you can do the following in the EMS
Get-ExchangeCertificate
Copy the thumbprint of the self signed certificate that has expired or is about to expire. Then type the following
Get-ExchangeCertificate -thumbprint "<insert thumbprint>" | New-ExchangeCertificate
Q: My phone is giving me a certificate error when I try to connect through ActiveSync
A:Have a look at the previous post , here,I made and see if the certificate is in the root store by default. If its not then have a read of this articles as they describe in detail how to export the certificate on the server and then import it on the phone.
http://support.microsoft.com/kb/915840) and here http://www.jacco2.dds.nl/networking/windowsmobile-certinstall.html
Q: I use a wild card certificate and Outlook Anywhere is giving me certificate errors
A: OK What you need to do is to set the Only connect to proxy servers taht have this pricipal name in their certificate to msstd:*.exchangelabs.com.au. You will need to use the Exchange mangement shell cmdlet Set-OutlookProvider to configure these global settings for the AutoDiscover service.
The code for this is
Get-OulookProvider EXPR | Set-OulookProvider -CertPrincipalName msstd:*.exchangelabs.com.au
Get-OulookProvider WEB | Set-OulookProvider -CertPrincipalName msstd:*.exchangelabs.com.au
Posts
No comments:
Post a Comment