+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 26 of 26
Cloud Services Thread, SSO with Office 365 in Technical; Originally Posted by dezt @ EduTech cheers for that, I'm changing the upn's for the staff that haven't gone across, ...
  1. #16

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,047
    Thank Post
    160
    Thanked 913 Times in 716 Posts
    Blog Entries
    3
    Rep Power
    271
    Quote Originally Posted by dezt View Post
    @EduTech cheers for that, I'm changing the upn's for the staff that haven't gone across, and then I'll migrate the mailboxes, once all that's done, ill be asking the lea to sort out the dns records and then I'll tackle the ipad email issue.
    No Problem Mate, If you get any further problems feel free to give me a shout done many O365 Hybrid Migrations with ADFS now :-) interesting times of which are some! lol.

    Cheers,
    James.

  2. Thanks to EduTech from:

    dezt (6th December 2012)

  3. #17
    dezt's Avatar
    Join Date
    Dec 2005
    Location
    Lancs
    Posts
    1,026
    Thank Post
    157
    Thanked 58 Times in 46 Posts
    Rep Power
    29
    @EduTech can I just clear something up.

    I've asked OneConnect Limited to add a CNAME record to our DNS as stated in this article Enable Outlook to Connect Now, my understanding of this article is that the CNAME should have the alias = autodiscover and the target = autodiscover.outlook.com

    Tell me if i'm wrong, please.

    I have been told by OneConnect that they have set up the autodiscover CNAME as follows, alias = autodiscover, and the target = autodiscover.nordenhighschool.co.uk

    Am I wrong or have they just ignored what I told them to do, which was create the CNAME as it is stated in the Microsoft document. When I tried to ask if he wanted me to email him the directions Microsoft have put on the web he refused and told me that it has to be autodiscover.nordenhighschool.co.uk. I'm expecting to have to phone them back to rectify this tomorrow, it's been 3 days since the first request went in so I don't think it'll be working by weekend.

  4. #18

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,047
    Thank Post
    160
    Thanked 913 Times in 716 Posts
    Blog Entries
    3
    Rep Power
    271
    Quote Originally Posted by dezt View Post
    @EduTech can I just clear something up.

    I've asked OneConnect Limited to add a CNAME record to our DNS as stated in this article Enable Outlook to Connect Now, my understanding of this article is that the CNAME should have the alias = autodiscover and the target = autodiscover.outlook.com

    Tell me if i'm wrong, please.

    I have been told by OneConnect that they have set up the autodiscover CNAME as follows, alias = autodiscover, and the target = autodiscover.nordenhighschool.co.uk

    Am I wrong or have they just ignored what I told them to do, which was create the CNAME as it is stated in the Microsoft document. When I tried to ask if he wanted me to email him the directions Microsoft have put on the web he refused and told me that it has to be autodiscover.nordenhighschool.co.uk. I'm expecting to have to phone them back to rectify this tomorrow, it's been 3 days since the first request went in so I don't think it'll be working by weekend.
    Hi Mate,

    You are correct in what you are saying set the DNS up as referenced in Microsoft Office 365 Portal otherwise it won't work.

    If you get bother let me know who your talking to and ill drop then a mail as I know a few people in that pond. ;-)

    Regards,
    James.

  5. #19
    dezt's Avatar
    Join Date
    Dec 2005
    Location
    Lancs
    Posts
    1,026
    Thank Post
    157
    Thanked 58 Times in 46 Posts
    Rep Power
    29
    @EduTech
    I've checked the autodiscover CNAME has been set up correctly and it has, but i can't connect any client to the office 365 email system, for instance outlook, my ipad, my android phone. I think that it has something to do with the security certificate that is associated with the AD FS proxy servers, as when I try and log on to Office 365 from outside of the school network, before I get the AD FS login page, I get a security certificate error. I have got the certificate from ipsCA though, and they work internally. I checked the chain of the certificates, and there was the intermediate certificate that was not there, so i've imported that and made sure that the root certificate is there as well, when I browse to 127.0.0.1 using https, I get an error ( which I expected due to the certificate website address) but the chain is ok. When I try to browse to the external address https://fsp.norden.lancs.sch.uk I still get an error about the security certificate ststing that there isn't a chain.

    Would this problem cause my clients to not authenticate and therefore not connect outlook to office 365, or am I just clutching at straws.

    Any advice you can offer would be greatly appriciated.

  6. #20
    Ergo's Avatar
    Join Date
    Sep 2012
    Location
    Nottingham
    Posts
    111
    Thank Post
    16
    Thanked 26 Times in 25 Posts
    Rep Power
    8
    All,
    Looks like there are far more knowldgable people already involved in this conversation thread, but are you aware that Microsoft have added some additional features to https://www.testexchangeconnectivity.com/ which allow testing of Office 365 including the SSO elements?

    I have found the testing and logging from this very useful in the past (although not used the O365 features specifically).

    Dave

  7. #21
    dezt's Avatar
    Join Date
    Dec 2005
    Location
    Lancs
    Posts
    1,026
    Thank Post
    157
    Thanked 58 Times in 46 Posts
    Rep Power
    29
    @Ergo
    Yeah, i've been using that quite a bit recently, that's what has been telling me the intermediate certificate was not there on my proxies, it is now but i'm not sure what to do now, do I go through iis and click restart or use command prompt to restart it, i know there is a command, i just can't remember what it is.

  8. #22
    Ergo's Avatar
    Join Date
    Sep 2012
    Location
    Nottingham
    Posts
    111
    Thank Post
    16
    Thanked 26 Times in 25 Posts
    Rep Power
    8
    Restting IIS can be done using the command
    Code:
    IISRESET /NOFORCE
    The NoForce part means that if there are any active connections it will wait till they terminate and therefore will not always shut down the IIS services within the comman's timeout.

    I would generally use IISRESET as this will restart all IIS services not just the web publishing service (I think).

    Dave

  9. #23

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,047
    Thank Post
    160
    Thanked 913 Times in 716 Posts
    Blog Entries
    3
    Rep Power
    271
    Quote Originally Posted by Ergo View Post
    All,
    Looks like there are far more knowldgable people already involved in this conversation thread, but are you aware that Microsoft have added some additional features to https://www.testexchangeconnectivity.com/ which allow testing of Office 365 including the SSO elements?

    I have found the testing and logging from this very useful in the past (although not used the O365 features specifically).

    Dave
    Yep, I was using that when it was in BETA before it was released publicly. It for sure helps with Hybrid Deployments now (especially Free/Busy) :-)

    James.

  10. #24

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,047
    Thank Post
    160
    Thanked 913 Times in 716 Posts
    Blog Entries
    3
    Rep Power
    271
    Quote Originally Posted by dezt View Post
    @Ergo
    Yeah, i've been using that quite a bit recently, that's what has been telling me the intermediate certificate was not there on my proxies, it is now but i'm not sure what to do now, do I go through iis and click restart or use command prompt to restart it, i know there is a command, i just can't remember what it is.
    It does seem like something is up with your certs, have you installed the Certificate, Intermediate & Root to ensure that the Certificate Chain is complete. where did you obtain the certificate from?

    Regards,
    James.

  11. #25
    dezt's Avatar
    Join Date
    Dec 2005
    Location
    Lancs
    Posts
    1,026
    Thank Post
    157
    Thanked 58 Times in 46 Posts
    Rep Power
    29
    @EduTech I got the certificates from ipsCA, they offer free certificates for education. I have heed the adfs servers that I have and they were ok. It seems to be the adfs proxies that seem to have the issue with the certificates.

    I do have a bit of a problem now with adfs not working correctly, when I try and log in to portal.microsoftonline.com I get an error, like I did before, if I rebooted my adfs proxies would that help the certificates sort themselves out, I have installed them in the right stores as instructed on the ipsCA website, and the chain works on the adfs internal servers, so I'm thinking it might help, failing that ill look at the certificates again

  12. #26

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,047
    Thank Post
    160
    Thanked 913 Times in 716 Posts
    Blog Entries
    3
    Rep Power
    271
    Quote Originally Posted by dezt View Post
    @EduTech I got the certificates from ipsCA, they offer free certificates for education. I have heed the adfs servers that I have and they were ok. It seems to be the adfs proxies that seem to have the issue with the certificates.

    I do have a bit of a problem now with adfs not working correctly, when I try and log in to portal.microsoftonline.com I get an error, like I did before, if I rebooted my adfs proxies would that help the certificates sort themselves out, I have installed them in the right stores as instructed on the ipsCA website, and the chain works on the adfs internal servers, so I'm thinking it might help, failing that ill look at the certificates again
    Ok, I tell you what I should be free in the morning and if you like we can jump on a webex and get this sorted for you. drop me a PM with your email and i'll drop you a line first thing.

    Regards,
    James.

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Office 365 and SSO
    By Simcfc73 in forum Cloud Services
    Replies: 1
    Last Post: 10th November 2012, 12:31 AM
  2. Microsoft Office 365 - Getting up to speed with the cloud
    By Office365 in forum Cloud Services
    Replies: 16
    Last Post: 4th October 2012, 12:28 PM
  3. Office 365 - @students sub domain and SSO Question
    By Fruity in forum Cloud Services
    Replies: 2
    Last Post: 9th August 2012, 03:45 PM
  4. Replies: 8
    Last Post: 20th November 2007, 09:16 AM
  5. Mail Merge with Office 2003
    By luke213 in forum Windows
    Replies: 1
    Last Post: 19th January 2006, 10:33 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •