@EduTech can I just clear something up.
I've asked OneConnect Limited to add a CNAME record to our DNS as stated in this article Enable Outlook to Connect Now, my understanding of this article is that the CNAME should have the alias = autodiscover and the target = autodiscover.outlook.com
Tell me if i'm wrong, please.
I have been told by OneConnect that they have set up the autodiscover CNAME as follows, alias = autodiscover, and the target = autodiscover.nordenhighschool.co.uk
Am I wrong or have they just ignored what I told them to do, which was create the CNAME as it is stated in the Microsoft document. When I tried to ask if he wanted me to email him the directions Microsoft have put on the web he refused and told me that it has to be autodiscover.nordenhighschool.co.uk. I'm expecting to have to phone them back to rectify this tomorrow, it's been 3 days since the first request went in so I don't think it'll be working by weekend.
I've checked the autodiscover CNAME has been set up correctly and it has, but i can't connect any client to the office 365 email system, for instance outlook, my ipad, my android phone. I think that it has something to do with the security certificate that is associated with the AD FS proxy servers, as when I try and log on to Office 365 from outside of the school network, before I get the AD FS login page, I get a security certificate error. I have got the certificate from ipsCA though, and they work internally. I checked the chain of the certificates, and there was the intermediate certificate that was not there, so i've imported that and made sure that the root certificate is there as well, when I browse to 127.0.0.1 using https, I get an error ( which I expected due to the certificate website address) but the chain is ok. When I try to browse to the external address https://fsp.norden.lancs.sch.uk I still get an error about the security certificate ststing that there isn't a chain.
Would this problem cause my clients to not authenticate and therefore not connect outlook to office 365, or am I just clutching at straws.
Any advice you can offer would be greatly appriciated.
Looks like there are far more knowldgable people already involved in this conversation thread, but are you aware that Microsoft have added some additional features to https://www.testexchangeconnectivity.com/ which allow testing of Office 365 including the SSO elements?
I have found the testing and logging from this very useful in the past (although not used the O365 features specifically).
Yeah, i've been using that quite a bit recently, that's what has been telling me the intermediate certificate was not there on my proxies, it is now but i'm not sure what to do now, do I go through iis and click restart or use command prompt to restart it, i know there is a command, i just can't remember what it is.
Restting IIS can be done using the command
The NoForce part means that if there are any active connections it will wait till they terminate and therefore will not always shut down the IIS services within the comman's timeout.Code:
I would generally use IISRESET as this will restart all IIS services not just the web publishing service (I think).
@EduTech I got the certificates from ipsCA, they offer free certificates for education. I have heed the adfs servers that I have and they were ok. It seems to be the adfs proxies that seem to have the issue with the certificates.
I do have a bit of a problem now with adfs not working correctly, when I try and log in to portal.microsoftonline.com I get an error, like I did before, if I rebooted my adfs proxies would that help the certificates sort themselves out, I have installed them in the right stores as instructed on the ipsCA website, and the chain works on the adfs internal servers, so I'm thinking it might help, failing that ill look at the certificates again