Question : SBS 2008 Outlook Anywhere SSL Issue

I just setup a new SBS2008 server.  I replaced the self-signed SSL with a godaddy.com cert.  When I open Outlook i get a certificate error that the name doesn't match.  Outlook keeps trying to connect to autodiscover.domain.com and then remote.domain.com.  It is showing the correct SSL for mail.domain.com.  I ran through the following cmdlets:

Set-ClientAccessServer -Identity server.domain.com -AutodiscoverServiceInternalUri https://mail.domain.com/autodiscover/autodiscover.xml

Set-ClientAccessServer -Identity server.domain.com -AutodiscoverServiceexternalUri https://mail.domain.com/autodiscover/autodiscover.xml

Set-WebServicesVirtualDirectory -Identity "server.domain.com\EWS (SBS Web Applications)" -InternalUrl https://mail.domain.com/ews/exchange.asmx

Set-OABVirtualDirectory -Identity "server.domain.com\oab (SBS Web Applications)" -InternalUrl https://mail.domain.com/oab

Set-UMVirtualDirectory -Identity "server.domain.com\unifiedmessaging (SBS Web Applications)" -InternalUrl https://mail.domain.com/unifiedmessaging/service.asmx

Set-ClientAccessServer -identity "server.domain.com" –AutodiscoverServiceInternalUri https://mail.domain.com/autodiscover/autodiscover.xml

I also checked the outlook anywhere properties in the Exchange mgt console and it shows the correct external URL.

Also, the internal and external domain names are the same.  I just can't figure out where the autodiscover.domain.com is coming from.

Thanks

Answer : SBS 2008 Outlook Anywhere SSL Issue

First, stop running PowerShell commands on SBS! The commands do their job, don't get me wrong, but the wizards also set some registry keys that the commands (not designed for SBS) do not do.

In SBS, always use the wizards.

So, with that said, a couple of things:

1) Outlook attempts autodiscover.* by default. This is hard-coded, cannot be changed. The solution here is to make sure there is no DNS entry, either directly or by wildcard, that will answer that request. As long as there isn't, Outlook moves on to the next attempt. This is normal behavior and will not cause a problem if everything else is set up properly.

2) Run the Fix My Network Wizard followed by the Internet Address Management Wizard to reset your domains in all of the appropriate places that the powershell commands have only half completed.

3) Rerun the certificate wizard to reassign your public GoDaddy cert back to IIS and Exchange (the IAMW will create a new self-signed cert.)

4) IF you are still having certificate issues, post back here so we can help resolve them the right way instead of resoritng to PowerShell.

Random Solutions  
 
programming4us programming4us