Certificate Error on Outlook 2007

Asked By 0 points N/A Posted on -

E2K7 on sole AD controller SBS 2008 – Certificate Error (Outlook 2007)

I have been trying to resolve this concern for several hours and for almost an infinite time I've modified the “Exch.shell” in regards to creating and deleting carts. Plus, the services of IIS are also removed. Moreover, I've also set the “Autodiscover” to enabled, in order to finish with the FQDN's settings. Initially, I have changed its settings in respect to name, e.g, (App1).

Considering the Outlook 2007, it executes “remote.orangeliteracy.org” but not "app1.oclc.local" when the server gets connected to clients, and resulted with a cert. error.

When I tried to start “Get-Autodiscovervirtualdirectory”, it brought an issue concerning to "Set-ClientAccessServer – Identity CAS_Server_Name -AutodiscoverServiceInternalUri https://mail.contoso.com/autodiscover/autodiscover.xml." Please advise and hoping for a long-time resolution on this concern. Thank you.

E2K7 on sole AD controller SBS 2008 – Certificate Error (Outlook 2007)
Answered By 0 points N/A #136455

Certificate Error on Outlook 2007


Here is the reason why we were receiving the certificate errors. Your InternalURLs most likely are not using mail.shudnow.net. Your InternalURLs are most likely pointed to something such as

https://example.casnetbiosname/ServiceURL which will fail since this is not the CN of your simple certificate.

You can run the following commands to fix your internalURLs so your Outlook 2007 client can successfully take advantage of your web distribution services.

Set-WebServicesVirtualDirectory -Identity “CASServerEWS (Default Web Site)” -InternalURL

https://mail.shudnow.net/EWS/Exchange.asmx -BasicAuthentication:$true

Set-OABVirtualDirectory -Identity “CASServerOAB (Default Web Site)” -InternalURL


Note: You must ensure that you enable SSL on the OAB directory in IIS which is not on by default. The above command will only enable SSL, but will not ensure 128-bit SSL is required.

Enable-OutlookAnywhere -Server CASServer-ExternalHostname “mail.shudnow.net” -ClientAuthenticationMethod “Basic”-SSLOffloading:$False

Note: The above Enable-OutlookAnywhere command works on SP1. For RTM, substitute -ClientAuthenticationMethod with -ExternalAuthenticationMethod.

Set-ActiveSyncVirtualDirectory -Identity “CASServerMicrosoft-Server-ActiveSync (Default Web Site)” -ExternalURL https://mail.shudnow.net/Microsoft-Server-Activesync

Set-UMVirtualDirectory -Identity “CASServerUnifiedMessaging (Default Web Site)” -InternalURL https://mail.shudnow.net/UnifiedMessaging/Service.asmx-BasicAuthentication:$true

Note: The above Set-UMVirtualDirectory command is not needed in Exchange 2010. Exchange 2010 no longer contains a UnifiedMessaging virtual directory and instead uses the Web Services Virtual Directory.

Login/Register to Answer

Related Questions