Echange 2007 certificate and SBS 2008
Hi Guys, I have recently done a fresh installation of SBS 2008 premium server with standard exchange 2007. Everything seems working apart from Active sync on mobile and remote desktop in RWW as it required a SSL certificate. When I run the wizard to get internet name after the installation finish I get remote.mydomian.co.uk. As this is my first experience with exchange 2007 somebody sugggested me to have UCC certificate for my exchange, So i have approched godaddy.com to get the UCC certificate for the following domains mail.mydomain.co.uk (commom name) remote.mydomain.co.uk autodiscove.mydoman.co.uk servername.mydomin.local Now the big question which keep on nbothering me is hat how and where shall i make changes in Exchange Server Management console to make the entries for the above mentioned names on my server. Is it possible to make thoes changes in exchange 2007 on SBS 2008 or not because it just make the entry of remote.mydomain.co.uk everywhere. Guys I really need your help here. Hope to hear from you guys soon. THanks Vik ;
July 15th, 2010 7:35am

Hi , I think you should these articles and you will better know that what it is basically. http://msexchangeteam.com/archive/2007/04/30/438249.aspx http://www.msexchange.org/articles_tutorials/exchange-server-2007/mobility-client-access/securing-exchange-2007-client-access-server-3rd-party-san-certificate.html Regards. Shafaquat Ali.M.C.I.T.P Exchange 2007/2010, M.C.I.T.P Windows Server 2008, M.C.T.S OCS Server 2007 R2, Phone: +923008210320
Free Windows Admin Tool Kit Click here and download it now
July 15th, 2010 8:46am

Hi Shafaquat , Thanks for the articles... I read them whenI reach work... Just one thing I want to ask you that the UCC certificate I have requested is ok and will it work in sbs 2008. Because I have read so much but nothing saying about sbs 2008. Hope to hear from you soon. Thanks once again. Vik *PS : Where r u based is it possibel if i call you.
July 15th, 2010 9:57am

Hi , UUC Certi will work on SBS dont worry because UCC cert is for Exchange no matter which OS you are using (but OS should support SAN Certs) SBS is supported for SAN certs. Regards. Shafaquat Ali.M.C.I.T.P Exchange 2007/2010, M.C.I.T.P Windows Server 2008, M.C.T.S OCS Server 2007 R2, Phone: +923008210320
Free Windows Admin Tool Kit Click here and download it now
July 15th, 2010 2:36pm

For SBS 2008 only, a regular SSL Certificate from Go Daddy will work. Just insure remote.yourdomain.com is the domain on the certificate. This will save you a few dollars on the cert expense.MVP Exchange Server
July 15th, 2010 9:04pm

SSL certificates for SBS 2008 are a pain. SBS 2008 makes a major assumption - that you are using a DNS provider that supports SRV records. Most do not. If you cannot get SRV records set, then Outlook 2007 doesn't work correctly, with autodiscover failing completely. What you have to do is a combination of the Exchange methods and the SBS wizard. If you don't, then large parts of the SBS functionality fail. It is all wrapped up inside SSL unfortunately. I wrote a blog posting on the procedure to follow here: http://blog.sembee.co.uk/post/SBS-2008-Certificate-Installation.aspx It isn't difficult, just a matter of doing things in the right order so that both Exchange and SBS accept the certificate. Simon.Simon Butler, Exchange MVP. http://blog.sembee.co.uk , http://exbpa.com/
Free Windows Admin Tool Kit Click here and download it now
July 16th, 2010 3:34am

Hi Simon, First of all thanks for the reply. I ahve gone through the your blog. To be honet quite like it but I have one question as you metion in your blog to get the DNS entry's change from the ISP end ... I have already done that.... I got the UCC for mail.mydomain.co.uk, remote.mydomain.co.uk, autodiscover.mydomin.co.uk, & myserver.mydomain.local.... I dont have NetBios and sites as you have mentions in your blog. I can get them as well but the bit which I cant understand is where shall I make the changes in exchange so that i can add the entries of these name in server and my users can access OWA from mail.mydomin.co.uk rather than remote.mydomin.co.uk/owa and how can i sync my mobie devices using mail.mydomin.co.uk.... I cant find out any article whcih explains what changes and how to and where to make thoes changes on exchange. I hope you guide me throgh the right process... Hope to hear from you soon. THanks Vik
July 16th, 2010 9:06am

Hi Vik, Your Entrust Unified Communications Certificate (UCC) will be sent to you in confirmation email with a link to retrieve the certificate. The certificate will be displayed in the following format: -----BEGIN CERTIFICATE----- MIIC4zCCAkygAwIBAgIBAzANBgkqhkiG9w0BAQUFADBFMQs wCQYDVQQGEwJVUzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW 9uMRwwGgYDVQQDExNHVEUgQ3liZXJUcnVzdCBSb290MB4XD YwZDAPBgNVHRMECDAGAQH/AgEDMA4GA1UdDwEB/wQEAwIBB jBBBgNVHR8EOjA4MDagNKAyhjBodHRwOi8vY2RwLmJhbHRp bW9yZS5jb20vY2dpLWJpbi9DUkwvR1RFUm9vdC5jZ2kwDQY JKoZIhvcNAQEFBQADgYEAgbZwffFU+FjjNYTSoUFyRAAysI auOknVaLteQPQJxBGLMhXGdfejVBTWLb1UTFBQXNNCiqm8C o+dYikuVB+0/1habRkb+k4vFe6tn5IvQMnfhZbSJNoXn5Il GVDWQYlfC0/R1wjfv+U6rzTJbJ7WXX0Ka5jKLKuckXNvu7E qOA4= -----END CERTIFICATE----- You will need to copy the content to Notepad and then save it as a certificate file (.cer) or (.crt). Note: Must include the --BEGIN CERTIFICATE----- and -----END CERTIFICATE-----. Then import this certificate to Exchange server and then enable it for services, such as SMTP, IIS, POP, IMAP and UM: Step 1. Open Exchange Management Shell, type: Import-ExchangeCertificate -Path c:\Mycertificate.cer If you successfully import the certificate, you will get a thumbprint number, like 5113ae0233a72fccb75b1d0198628675333d010e. Step 2. Enable this certificate for exchange services like IIS, SMTP. Enable-ExchangeCertificate -Thumbprint 5113ae0233a72fccb75b1d0198628675333d010e -services "IIS,SMTP,POP,IMAP " More information about Enable-ExchangeCertificate, please see the following article: http://technet.microsoft.com/en-us/library/aa997231(EXCHG.80).aspx Hope the information above will be helpful.
Free Windows Admin Tool Kit Click here and download it now
July 16th, 2010 9:57am

Thanks Gen for your reply.... I am sorry I know i am but dum with exchange.... I unnderstand I have to import the certificate in exchange but the quetion i am asking is I have not mention any of the name i have like mail.mydomian.co.uk or autodiscover.mydomian.co.uk in exchange management console .... Dont I have to mention thoes name in exchange before I import the certificate...... right now i can only see remote.mydomain.co.uk for everythning .... where do i mention mail.mydomin.co.uk, autodiscover.mydomin.co.uk, and myserver.mydomain.local in exchange management shell or console... Hope my question makes sense Hope to hear soon.. Thanks Vikram
July 16th, 2010 12:27pm

Hi Vikram, Thank you for clarifying. You do not need to specify the domain names for exchange. When you run the command: get-exchangecertificate |fl You will see your certificate with the attributes "certificateDomains" and "Services". CertificateDomain should contain all the valid domain names for the services: mail.mydomain.co.uk remote.mydomain.co.uk autodiscove.mydoman.co.uk servername.mydomin.local That is, you can use all of these the domain names to access exchange services, like OWA.
Free Windows Admin Tool Kit Click here and download it now
July 16th, 2010 1:04pm

Thank you guys for your reply... I am going to import the certificate into exchange tomorrow and update you all with the outcome.... I hope everything goes well .... Thanks Vik
July 16th, 2010 9:39pm

Guys... I have stuck with problem. I have impoted the UCC certificate and when I run the command get-exchangecertificate I can see name like mail.mydomain.co.uk, remote.mydomain.co.uk and myserver.mydomin.co.uk but nothing is happening I still get certificate error when i try remote.mydomin.co.uk to use rww and still have to use remote.mydomin.co.uk/owa rather than mail.mydomin.co.uk .... I am missing any settings i cant even get mobile syck working Hope to hear from you guys soon.... Thanks Vikram
Free Windows Admin Tool Kit Click here and download it now
July 17th, 2010 6:53pm

After installing the certificate though Exhcange, you need to run the certificate wizard in the SBS management console, which will then configure the certiifcate for use with the SBS features. Until you do that, it will not work correctly. If you had read the blog posting I posted above, it explains that you need to do that. Simon.Simon Butler, Exchange MVP. http://blog.sembee.co.uk , http://exbpa.com/
July 17th, 2010 9:38pm

Hi Simon, I did gone throgh your blog posted above but stange I didnt got the option In the SBS Management Console, to use an existing certificate. Everytime I try to import the certifiacte from SBS Management Comsole I get error message... But while I was reffering to one of your another blog I try to import the certificate via Exchange Management Shell which i manage to do and after that I enable the certificate for IIS service and it works and when I use remote.mydomin.co.uk to use RWW, the site open with out the ceritificate error same with OWA but when i try to connect to remote desktop via RWW I got TS gateway error .... After investigating the TS Gateway certificate option i find out that it is pointing to a certifiacte which is issues locally and not via godaddy.com... I guess I make a mistake here in selecting the common name I select mail.mydomin.co.uk as my common name and remote.mydomin.co.uk, autodiscover.mydomin.co.uk and server.mydomin.local as part of UCC... If i try to install the correct certificate in TS Gateway I cant find remote.mydomin.co.uk cerificate issued by godaddy.com all are local CA I dont know where is that cerificate... Moreover How do I use mail.mydomin.co.uk url everytime I put that address I get error page not available... Do i have to get a new certifiacate with remote.mydomn.co.uk as common name or can I be able to change the certificate in TS Gateway... and How can I use rest of my certicate like mail.mydomin.co.uk I am very confused here guys and need your help... Hope to hear from you guys soon. THanks Vik
Free Windows Admin Tool Kit Click here and download it now
July 19th, 2010 12:18am

My personal preference is to stick with remote.example.com for everything. That is what SBS wants to use, and all documentation, instruction guides etc want to use that as well. If you insist on using something else, then you need to run the Domain configuration wizard again and change the URL in there. Let the SBS wizards do everything because remote.example.com is not just Exchange, it is used all over the place. While you can change things by hand inside Exchange, it makes a mess. Remember, SBS 2008 looks like Exchange 2007, behaves like Exchange 2007 but when it comes to management, it is a very differnet beast and has to be handled with care. Simon.Simon Butler, Exchange MVP. http://blog.sembee.co.uk , http://exbpa.com/
July 19th, 2010 6:58pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics