RPC Proxy problem on Exchange 2003 with SAN certificate
Dear all, We are running one Exchange 2003SP2 on Windows 2003SP2, 3rd security certificate for mail.companyA.com. The DC domain is companyA.com with four suffix such as mail.companyA .com, mail.companyB.com and so on. Most clients are using WinXP and Win7 with Outlook2007 Outlook Anywhere.The PRC proxy is mail.companyA.com. Everything is OKay over 2 years. We are going to upgrade to Exchange 2010, so reissue SAN certificate and the CN is also mail.companyA.com But Boss is going to close companyA, so we add another SAN as following mail.companyB.com autodiscover.companyB.com legecy.companyB.com And changed Exchange 2003 to new certificate for mail.companyB.com, the problem is here. Win7 client is OKay after changing Outlook RPC Proxy from mail.companyA.com to mail.companyB.com, but WinXP client's Outlook could not pass authenticate after same changing. We run RPCPing successfully, please help.
January 20th, 2011 4:53am

Hi, Based on my research, this issue may occur by client limitation. The Windows RPC over HTTP component used for Outlook Anywhere requires that the SAN or common name of the certificate must match the Certificate Principal Name configured for Outlook Anywhere. Outlook 2007 and later versions use Autodiscover to obtain this Certificate Principal Name. To configure this value on your Exchange 2010 Client Access server, use the Set-OutlookProvider command with the -CertPrincipalName parameter. Set this parameter to the external host name that Outlook clients use to connect to Outlook Anywhere. For more information, please refer to the following article: http://technet.microsoft.com/en-us/library/dd351044.aspx Thanks. NovakPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
January 24th, 2011 2:47am

Hi Novak, Thanks for your reply, I try to clear "Only Connect to proxy servers that have this principal name in their certificate" or change to "msstd:mail.companyA.com" on Windows XP, Outlook works. But I don't understand why Outlook2007 on Windows Vista and Windows 7 could work well, it seems both of new operation system bypass match CN name for proxy server. And as we know Exchange 2003SP2 has not Autodiscover Service. Thanks, Merfia
January 24th, 2011 3:04am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics