Outlook 2013 Connection Problems
Hello everyone and thanks for your help in advance. I have done a fresh install of an Exchange 2013 server. I would now like to connect Outlook 2013 to this server but am receiving either unable to connect to exchange server or unable to resolve name.  I am able to access the server through OWA. I am attempting to use a self-signed certificate (this is at lab stage so I don't need an enterprise CA just yet). I was able to view and install the certificate from OWA and it shows as a Trusted Root Certification Authority.  However, IE still shows a certificate error in the address bar.  I can access OWA using https://mail.mydomain.com and I use that as the settings for the Exchange 2013 proxy (the internal name of the machine is MAIL).  On one attempt, I was presented with the challenge box to enter credentials, but did not get a connection.  Any help would be appreciated.
September 14th, 2015 10:48am

It is the certificate that is the problem.

If you are still getting trust errors in IE then you didn't install it correctly.

Exchange 2013 is completely web services based and uses SSL heavily. The URLs configured in the server need to match the SSL certificate. Even in a lab I will use trusted SSL certificates - if internal or controlled use only a one year single name SSL certificate can be found pretty cheaply and saves a lot of headaches for a very small outlay.

Simon.

Free Windows Admin Tool Kit Click here and download it now
September 14th, 2015 12:04pm

Hello

its not enough information.

check internal and external url from client. /try open from ie/
Get-WebservicesVirtualDirectory |Fl internalURL,ExternalURL
Get-OwaVirtualDirectory |Fl internalURL,ExternalURL
Get-ecpVirtualDirectory  |Fl internalURL,ExternalURL
Get-ActiveSyncVirtualDirectory |Fl internalURL,ExternalURL
Get-OABVirtualDirectory |Fl internalURL,ExternalURL
Get-ClientAccessServer  |Fl internalURL,ExternalURL
Get-OutlookAnywhere |Fl *inter*,*exter*

September 14th, 2015 12:06pm

Thanks for the response.  I hear Simon loud and clear that I might be banging my head using a self-signed, but I'm trying to learn this new architecture.  More information on the server:


InternalUrl : https://mail.domain.mydomain.com/EWS/Exchange.asmx
ExternalUrl :

[PS] C:\Windows\system32>Get-OwaVirtualDirectory |Fl internalURL,ExternalURL

InternalUrl : https://mail.domain.mydomain.com/owa
ExternalUrl :

[PS] C:\Windows\system32>Get-ecpVirtualDirectory  |Fl internalURL,ExternalURL


InternalUrl : https://mail.domain.mydomain.com/ecp
ExternalUrl :

[PS] C:\Windows\system32>Get-ActiveSyncVirtualDirectory |Fl internalURL,ExternalURL


InternalUrl : https://mail.domain.mydomain.com/Microsoft-Server-ActiveSync
ExternalUrl :


[PS] C:\Windows\system32>Get-OABVirtualDirectory |Fl internalURL,ExternalURL


InternalUrl : https://mail.domain.mydomain.com/OAB
ExternalUrl :


[PS] C:\Windows\system32>Get-ClientAccessServer  |Fl internalURL,ExternalURL


[PS] C:\Windows\system32>Get-OutlookAnywhere |Fl *inter*,*exter*


InternalHostname                   : mail.domain.mydomain.com
InternalClientAuthenticationMethod : Ntlm
InternalClientsRequireSsl          : False
ExternalHostname                   :
ExternalClientAuthenticationMethod : Negotiate
ExternalClientsRequireSsl          : False

Free Windows Admin Tool Kit Click here and download it now
September 14th, 2015 2:56pm

Self signed certificates are not supported for Outlook ANywhere. You need a proper cert with the correct names added to it.

Either:

  • Buy a cert
  • Install windows CA onto one of your servers in that lab, and issue the cert from that CA.
September 14th, 2015 3:06pm

Or get one for free from sites like StartSSL/Comodo/etc :)
Free Windows Admin Tool Kit Click here and download it now
September 14th, 2015 3:25pm

Hello

if lab scenario only, create new self signed cert with all domain mail.domain.mydomain.com, mail.mydomain.com and from gpo install all client to trusted cert and need work.

September 14th, 2015 3:36pm

Or get one for free from sites like StartSSL/Comodo/etc :)

As long as it is a trusted CA issued cert :)  Do you also need to install a non-production issuing root as part of those free certs?
Free Windows Admin Tool Kit Click here and download it now
September 14th, 2015 3:46pm

Hello

if lab scenario only, create new self signed cert with all domain mail.domain.mydomain.com, mail.mydomain.com and from gpo install all client to trusted cert and need work.

September 14th, 2015 3:47pm

Thanks to all for the response.  So basically, the cert being used by Exchange can definitely not be used.  Is this correct?  So I either need to:

1.  Purchase a trusted SSL and install it on the Exchange Server in place of the one generated by Exchange (not sure how to do that but will start searching).

2.  Or use Certificate Services, which had to have been installed on the Exchange box to generate the first cert.  Use that to generate another cert, apply it to the Exchange Server default site and install it on the client (will have to look for how to do that as well).

Am I understanding correctly?  In other words, the default cert cannot be used under any circumstances?

Thanks for the help.

Free Windows Admin Tool Kit Click here and download it now
September 14th, 2015 4:09pm

Hi,

This self-signed certificate is used to encrypt communications between the Client Access server and the Mailbox server. Outlook Anywhere won't work with a self-signed certificate on the Client Access server.

More detailed information about certificate ,you can refer to the below link:

https://technet.microsoft.com/en-us/library/dd351044%28v=exchg.150%29.aspx?f=255&MSPPError=-2147217396

In addiction,you can follow the below article to create a SSL certificate request:

http://exchangeserverpro.com/create-ssl-certificate-request-exchange-2013/

Regards,

David 


September 14th, 2015 10:01pm