Announcement

Collapse
No announcement yet.

Certificate error in Outlook

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Certificate error in Outlook

    Hi

    We have an exchange 2003 deployment on all of our sites, with various Outlook Clients (2002 - 2010).
    We have had a test exchange 2007 server in our exchange org for a couple of years but we never actually got it working successfully. Last week I revisited the Exch 2007 server and after re-running forest/AD preps etc and making a few tweaks I managed to get it working OK.
    I don't know if it is because of that or coincidental but one of our sites is having random problems with some of the Outlook 2007 users connecting to their Exchange 2003 server. Outlook says disconnected and when you try to force a connection you get a certificate error about a certificate issued from the single Exchange 2007 server (on a different site) whose date has expired.Outlook refuses to connect. Then at other times it works perfectly.
    The self signed cert on the Exch 2007 server probably has expired so we tried to renew the self signed cert using the management shell but it just says access denied.

    Should outlook clients connecting to a 2003 server be using a cert from exch 2007 on another site?

    Any suggestions on how we can resolve this problem?

    Many thanks
    Gordon

  • #2
    Re: Certificate error in Outlook

    The fact that you have Exchange 2007 in your environment will mean Outlook 2007 will attempt to use it. That behaviour cannot be stopped because that is how Outlook is designed to work.

    If you intend to put Exchange 2007 in to production, then you should put a commercial SSL certificate in place.
    If you do not intend to put Exchange 2007 in to production, then remove it.

    You should not have test systems in a live network.

    The self signed certificate that goes in during installation is not designed for production use - it is a place holder if you like.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Certificate error in Outlook

      Thanks for the reply Simon

      I tried Exchange 2007 in a test environment and all worked fine. Unfortunately this did not truly reflect our production environment.
      I would like to continue with the 2007 deployment now that i have got one working. We do already have a commercial SSL cert installed on our 2003 front end server and I would like to move that over to the 2007 CAS server once I get a second 2k7 server working in our datacentre for OWA access.

      I guess the options are to put up with the problematic Outlook issue for now or purchase a second SSL for the interim period.

      Gordon

      Comment


      • #4
        Re: Certificate error in Outlook

        Exchange 2007 requires a different kind of certificate, therefore while you can move the certificate you have on your Exchange 2003 system across, it requires a lot of work both inside and outside your network. Your DNS provider MUST support SRV records. Otherwise you will have to deploy a UC (Unified Communications) aka SAN (Subject Alternative Name) certificate on to Exchange 2007.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment

        Working...
        X