+ Post New Thread
Results 1 to 2 of 2
Enterprise Software Thread, Exchange Autodiscover and wildcard SSL Certificates in Technical; Having a problem getting this working at the moment...at least as far as ExRCA is concerned anyway. This is the ...
  1. #1
    mrbios's Avatar
    Join Date
    Jun 2007
    Location
    Stroud, Gloucestershire
    Posts
    2,549
    Thank Post
    363
    Thanked 264 Times in 216 Posts
    Rep Power
    101

    Exchange Autodiscover and wildcard SSL Certificates

    Having a problem getting this working at the moment...at least as far as ExRCA is concerned anyway.

    This is the part it gets to:
    Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
    Autodiscover settings weren't obtained when the Autodiscover POST request was sent.

    Test Steps
    ExRCA is attempting to retrieve an XML Autodiscover response from URL https://domain.net/AutoDiscover/AutoDiscover.xml for user user@email.net.
    ExRCA failed to obtain an Autodiscover XML response.
    I've ensured the the /autodiscover/* is set correctly in my ISA server, which it wasn't previously and i've got the command "Set-OutlookProvider WEB and EXPR set to my *.domain.net setting (i haven't set it on the EXCH one because i've yet to see anything telling me to)

    and i've made sure that the autodiscover IIS SSL settings are set to "ignore" (though require is still ticked, again nothing telling me to untick it, just to make sure it's set to ignore client certs)

    So this above is my problem with autodiscover, any suggestions how to fix this?

    This information may be usefull to fixing the above though:
    Testing SSL mutual authentication with the RPC proxy server.
    Verification of mutual authentication failed.
    Tell me more about this issue and how to resolve it

    Additional Details
    The certificate common name *.domain.net doesn't validate against the mutual authentication string that was provided: msstd:webmail.domain.net
    I get that when i run the manual entry of webmail.domain.net in the "outlook anywhere" test rather than autodiscover

    Finally manual entry for ActiveSync goes flawless apart from a small warning in the middle as shown below but i don't think this is actually an issue, just putting it here just incase

    Validating certificate trust for Windows Mobile devices.
    The certificate is trusted and all certificates are present in the chain.

    Test Steps

    ExRCA is attempting to build certificate chains for certificate CN=*.domain.net, OU=Domain Control Validated - RapidSSL(R), OU=See Read the RapidSSL agreements for free SSL certificates, wildcard SSL certificates and other RapidSSL products. (c)11, OU=, O=*.domain.net, C=GB, SERIALNUMBER=
    One or more certificate chains were constructed successfully.

    Additional Details
    Analyzing the certificate chains for compatability problems with Windows Phone devices.
    Potential compatibility problems were identified with some versions of Windows Phone.
    Tell me more about this issue and how to resolve it

    Additional Details
    The certificate is only trusted on Windows Mobile 6.0 and later versions. Devices running Windows Mobile 5.0 and 5.0 with the Messaging and Security Feature Pack won't be able to sync. Root = CN=GeoTrust Global CA, O=GeoTrust Inc., C=US.
    EDIT: obviously various information has been removed surrounding email addresses and certificate serial from this post, i don't know whether it's important to do that just felt like i should

    EDIT2: Also just to note:
    Browsing to both https://webmail.domain.net/autodisco...todiscover.xml gets me to a logon screen, as does the internal address.

    EDIT3: major derp moment, it's only just registered that autodiscover is trying to use domain.net and not webmail.domain.net which goes to a different external address - ACTUALLY i might be wrong, i think they go to the same address so that should still work no? The one part of the network i didn't setup and it isn't documented >_<

    EDIT4: ok noticed that domain.net wasn't in the list of ISA published sites for the autodiscover/owa rule, added that but still can't browse to it, might leave it for a while in case it's something that takes a few minutes to pick up the change.....though as far as im aware that should let me access things like owa for example without the webmail. infront o_O
    Last edited by mrbios; 6th October 2011 at 01:11 PM.

  2. #2
    mrbios's Avatar
    Join Date
    Jun 2007
    Location
    Stroud, Gloucestershire
    Posts
    2,549
    Thank Post
    363
    Thanked 264 Times in 216 Posts
    Rep Power
    101
    Finally got on to my domain name registration page and found that the records for webmail and www go to completely different places which would explain why i couldn't get that working, i'd actually added an autodiscover A record long ago and pointed it to the same address as the webmail one but that doesn't resolve, what am i doing wrong?

    EDIT:
    AHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH HHHHHHHH Problem fixed.....123-reg was set to look at a local consultancy companies name servers and not the 123-reg name servers, so even though i had done everything right, the settings were being ignored and autodiscover.domain.net needed adding to their servers instead. I now pass all of the ExRCA tests
    Last edited by mrbios; 6th October 2011 at 02:26 PM.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 15
    Last Post: 11th January 2011, 09:32 AM
  2. SSL Certificates and internal hostnames
    By j17sparky in forum Web Development
    Replies: 9
    Last Post: 21st October 2010, 10:22 AM
  3. Exchange 2007 Server Wildcard SSL CERT
    By wesleyw in forum Windows
    Replies: 0
    Last Post: 14th August 2009, 12:21 PM
  4. SSL Certificates for Exchange 2007
    By jdibsdale in forum Windows
    Replies: 14
    Last Post: 29th May 2009, 06:40 PM
  5. Exchange 2003 and Server 2003 SP1 issue.
    By tosca925 in forum Windows
    Replies: 0
    Last Post: 21st August 2005, 10:32 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •