I've just taken over a server after a company fired their IT guy and I'm trying to get them sorted out & figure out what's been going on there. I'm having multiple issues. I'm having a problem with users unable to use Outlook over http. It just keeps asking for a username and password, no matter what you put in there, it doesn't work. In troubleshooting, I tried to set up a new user's outlook over the internet and it doesn't want to conenct to the server mail.xxxx.com either. Testexchangeconnectivity.com fails with SSL errors and the event log contains the following error: "Microsoft Exchange couldn't find a certificate that contains the domain name xxxSERVER1.xxx.local in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Default xxxSERVER1 with a FQDN parameter of xxxSERVER1.xxx.local. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key." Alos, if I open up Certificate Manager in mmc, it shows my cert under "Personal" (I thought it should be in Trusted Root CA) and under Certification Path it says "This certificate has been deactivated". I've verified with Godaddy that the cert is good until 2014. I've tried this: http://support.microsoft.com/kb/555855 with no luck. When I do the "get-ExchangeCertificate" I get 3 certificates listed. The two from godaddy and a local one. Should I be using the local one instead of the .com one? Any help would be MUCH appreciated. This is a very busy office and I can only reboot the servers maybe once a week if I need to. So I'm hoping I can fix this mess without a reboot, or get everything lined up for one reboot. Thanks

On Sun, 26 Dec 2010 17:12:49 +0000, chicagofilms wrote: >I've just taken over a server after a company fired their IT guy and I'm trying to get them sorted out & figure out what's been going on there. I'm having multiple issues. > >I'm having a problem with users unable to use Outlook over http. It just keeps asking for a username and password, no matter what you put in there, it doesn't work. What you should be using is the CN in the certificate (mail.xxxx.com), and the CN should match the name you use to connect to the CAS (mail.xxxx.com). Check the Outlook profile and see if the connection settings use the same name in both edit boxes (https://mail.xxxx.com and msstd:mail.xxxx.com), and that the names match the certificate's CN. In troubleshooting, I tried to set up a new user's outlook over the internet and it doesn't want to conenct to the server mail.xxxx.com either. Testexchangeconnectivity.com fails with SSL errors Visit this site, too: http://www.digicert.com/help/ >and the event log contains the following error: > >"Microsoft Exchange couldn't find a certificate that contains the domain name xxxSERVER1.csc.local in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Default xxxSERVER1 with a FQDN parameter of xxxSERVER1.csc.local. [ snip ] That's something you can fix, but it has nothing to do with Outlook. It's referring to SMTP. You need a certificate in the machine with that name in the cert. >Alos, if I open up Certificate Manager in mmc, it shows my cert under "Personal" (I thought it should be in Trusted Root CA) and under Certification Path it says "This certificate has been deactivated". I've verified with Godaddy that the cert is good until 2014. The machine's certificate should be in the "Personal" containter -- but you should be looking at the certificate store for the computer account, not your own account. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Hi chiagofilms, Per your description, the problem is related with ROH(outlookanywhere in exchange 2007), and Rich gave some good suggestion, other suggestion for you: 1. I would check the exchange certificate confirm what the CERT be used for external users, and the CN name, and the SAN name 2. I would also check the Proxy server which you publish your exchange service, and confirm the certificate on the server conifgured well. In my opinion, it seems the CERT from the third party has some issue, the name that the client used no match the CERT's. Such as mail.domainname.com, autodiscover.domain.com and so on. And confirm the CERT not deactived, I would contact to the CERT vender, or imported the CERT again to make a test. Some information for you: http://technet.microsoft.com/en-us/library/aa998934(EXCHG.80).aspx http://technet.microsoft.com/en-us/library/bb851505(EXCHG.80).aspx http://technet.microsoft.com/en-us/library/bb794751.aspx Regards! Gavin Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Thanks, I've tried all the suggestions but am no closer to a fix. I contacted godaddy and they said it is a valid cert. I have two godaddy certs, and the one self created cert. They all say invalid for some reason. Any other thoughts?

Hi chicagofilms, Per your description, the CERT for the exchange service seems not be issued successfully, how about reissue it? Some other information for you: http://technet.microsoft.com/en-us/library/bb332063(EXCHG.80).aspx And above link also gave some detailed information how to issue the CERT. Regards! GavinPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.