Installed Exchange 2007. Enabled owa, using the default self signed certificate that gets installed
when you install Exchange. OWA users would get the Certificate Security Alert as expected until I
purchased a 3rd party certificate, so I did, but NOT a SAN Cert. Just a cheap single cert.
Purchased a basic SSL cert. for OWA, created the cert request for the vendor, was verified, Downloaded
it to exchange2k7 Client access server. Then with EX2K7 management shell, I Imported the .crt file, and
enabled all services on it, (except for UM becuase we are not running that and powershell didn't like
I was no longer getting the security alert when I would access owa. Good.
I was not getting the alert when I accessed OWA, but the users inside on the corporate LAN, accessing
via OUtlook 2007 (IMAP4) did! They could just click to proceed and get into outlook fine. This is
because internally, MAPI services were enabled on the original, default self signed cert
To fix this, I set the set-clientaccessserver -identity myCASServer -autodiscoverserviceinternalURL to
the URL for new cert I that I just imported and enabled.
At that point, the users on the corporate LAN stopped getting the security alert. Also Good.
Here's the question
Any OUtlook 2007 user, whether on the corporate LAN, or accessing VPn, that has the 'Download Address
Book' box checked in their OUtlook settings (Tools-->options-->Mail Setup--> send & recieve
settings-->all accounts / Edit---> 'Download Address Book') Gets an 'send and receive' error after
clicking send and receive. Mail does come in and out. The GALdoes not get updated and offline address
book functionality does not work.
I have refernced several resources including:
tech-net, sudnow, network solutions (who issued the cert) and msexchange.org
No combinations of setting mentioned in these articles that I have tried have helped me. However I am
learning a great deal through all of this.
As of right now, NO ONE is getting the Certificate Security Alert, so that's good. But Autodiscovery is
NOT working for any one except OWA users. Users on the LAN (and accessing via VPN Outlook 2007 client)
cannot sync their offline address book, or use out of office.
They get an error that goes away relatively quickly after doing a send/recieve which says 0x8004010f
Operation failed, An object cannot be found. I have seen many articles addressing this and all point
to Autodiscover. I have tried setting up autodiscover as an SRV resource type in DNS, as well as the
fqdn of the certificate pointing to my CAS server. When I test outlook, Autodiscover fails whether via
SCP, SRV I can send screen shots of the test results, if you'd like as well as canything from MS
Exchange Powershell output, if you request.
March 26, 2009 6:20 PM
July 27, 2009 4:58 AM