Hello,

I have just commenced a Exchange 2007 SP3 to Exchange 2013 SP1 migration following the following guide: http://blogs.technet.com/b/meamcs/archive/2013/07/25/part-1-step-by-step-exchange-2007-to-2013-migration.aspx

As per the above guide, my 2007 environment is now known as legacy.company.com and my 2013, webmail.company.com.

I'm using the same certificate on both boxes and it has the names autodiscover.company.com, webmail.company.com and legacy.company.com. All that seems to be working fine.

OWA is functioning perfectly, hitting https://webmail.company.com will pass the user off to https://legacy.company.com if the mailbox is on 2007. Alongside this, Outlook also has no issues connecting to 2007 mailboxes with the client proxy settings being reconfigured to https://legacy.company.com automatically.

My problem comes when a mailbox is migrated to 2013. OWA functions fine and presents the mailbox but Outlook is unable to connect, presenting the error:

There is a problem with the proxy server's security certificate.
The name on the security certificate is invalid or does not match the name of the target site webmail.company.com.
Outlook is unable to connect to the proxy server. (Error Code 0)

If I modify the Outlook client's settings and disable "Only connect to proxy servers that have this principal name in their certificate: msstd:webmail.company.com", Outlook connects and functions fine.

I'm at a loss and have tried everything I can think and find on google. Any suggestions would be greatly appreciated.

Have you tried to check in the https://testconnectivity.microsoft.com/  tool. This tool provides more detail on the cause of the issue.

From the internet computer check the autodiscover is working or not using the test email configuration on right  the click the outlook

Verify you have proper dns configured on the ISP dns zone... Re-check all the virtual directory is configured properly ...

Try to check with the different outlook version..hope the outlook are upto date patched...since this may cause the proxy issue on Exchange 2013.

Hi,

I should've mentioned in my original post..

Yes, the Microsoft Connectivity Analyzer passes with flying colours.

Outlook also finds all of the settings I would expect when running the autodiscovery test.

DNS is also fine.

Outlook version is both 2010 and 2013, both have identical issues.

As far as I can see all virtual directories are configured correctly.

[PS] C:\>Get-OwaVirtualDirectory -identity "ex02\OWA (Default Web Site)" | fl *InternalUrl*,*ExternalUrl*

InternalUrl : https://webmail.company.com/owa
ExternalUrl : https://webmail.company.com/owa

[PS] C:\>Get-OabVirtualDirectory -identity "ex02\OAB (Default Web Site)" | fl *InternalUrl*,*ExternalUrl*

InternalUrl : https://webmail.company.com/oab
ExternalUrl : https://webmail.company.com/OAB

[PS] C:\>Get-ActiveSyncVirtualDirectory -identity "ex02\Microsoft-Server-ActiveSync (Default Web Site)" | fl *Inte
rnalUrl*,*ExternalUrl*

InternalUrl : https://webmail.company.com/Microsoft-Server-ActiveSync
ExternalUrl : https://webmail.company.com/Microsoft-Server-ActiveSync

[PS] C:\>Get-WebServicesVirtualDirectory -identity "ex02\EWS (Default Web Site)" | fl *InternalUrl*,*ExternalUrl*

InternalUrl : https://webmail.company.com/ews/exchange.asmx
ExternalUrl : https://webmail.company.com/ews/exchange.asmx


[PS] C:\>Get-OutlookAnywhere -identity "ex02\RPC (Default Web Site)" | fl *IISAuthenticationMethods*

IISAuthenticationMethods : {Ntlm}

• Edited by BGE Leon Sunday, April 20, 2014 4:50 PM Typo

Hi,

Please refer to the following article :

http://support.microsoft.com/kb/923575

Cause:

This issue may occur if one or more of the following conditions are true:

• The connection to the  server requires a certification authority (CA).
• You have not trusted the certification authority at the root.
• The certificate may be invalid or revoked.
• The certificate does not match the name of the site.
• A third-party add-in is preventing access. 

Solution:

To examine the certificate, follow these steps:

1. In Microsoft Internet Explorer, connect to the RPC server or to the secure server. For example, type https://www.<var>server_name</var>.com/rpc in the Address bar of the Web browser, and then press ENTER.
   
   Note The <var>server_name</var> placeholder references the RPC server name or the secure server name.
2. Double-click the padlock icon that is located in the lower-right corner of the Web browser.
3. Click the Details tab.
4. Note the information in the following fields:
   • Valid to
     The Valid to field indicates the date until which  the certificate is valid.
   • Subject
     The data in the  Subject field should match the site name.

Hope this helps!

Thanks.

Hi Niko,

Thanks for the suggestion however the certificate associated to the RPC server is correct when viewed via a browser.

Hi,

Please run the following command and check if the CertPrincipalName is correct:

Get-OutlookProvider 

If not, run the following command to change it:

Set-OutlookProvider EXPR -CertPrincipalName msstd:webmail.company.com

Set-OutlookProvider EXCH -CertPrincipalName msstd:webmail.company.com

Hope this helps!

Thanks.

Dude this totally worked for me Niko thanks!

This totally worked awesome thank you!

• Proposed as answer by ZAKAKAZACH 15 hours 31 minutes ago
• Unproposed as answer by ZAKAKAZACH 15 hours 31 minutes ago