+ Post New Thread
Results 1 to 8 of 8
Internet Related/Filtering/Firewall Thread, Office365 certificate for my students email in Technical; I was wondering what i need to do get round this problem with the certificate error for my students email ...
  1. #1
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    2,772
    Thank Post
    251
    Thanked 220 Times in 168 Posts
    Rep Power
    87

    Office365 certificate for my students email

    I was wondering what i need to do get round this problem with the certificate error for my students email domain hosted with office365?

    Is there anything i need to do?

  2. #2
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    2,772
    Thank Post
    251
    Thanked 220 Times in 168 Posts
    Rep Power
    87
    Just thought id bump this.

    I spoke to ms a few weeks ago and they said i needed to purchase a certificate for my office365 users as i cannot use https://mail.students.domain.co.uk anymore. I have to ude http://mail.students.domain.co.uk instead.

    I hsve configured at the moment for my domain...

    {Domain.co.uk}

    students MX 10 9cafcbcea75646bd283ebf9fb82716.mail.outlook.com

    students TXT v=msv1 t=9cafcbcea75646bd283ebf9fb82716

    students TXT v=spf1 includeutlook.com ~all

    autodiscover.students CNAME autodiscover.outlook.com

    mail.students CNAME outlook.com

    webmail.students CNAME outlook.com

    Does this look correct to anyone that knows? It was working then suddenly one day it just stopped with a certificate error

    Error message

    You attempted to reach mail.students.domain.co.uk, but instead you actually reached a server identifying itself as outlook.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of mail.students.domain.co.uk.
    You should not proceed, especially if you have never seen this warning before for this site.

    if i ignored it and tried to log on as administrator it would say the servers are unable to be contacted at this time.

    If any knows what i need to do let me know.

    Thanks

  3. #3

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    4,980
    Thank Post
    158
    Thanked 888 Times in 699 Posts
    Blog Entries
    3
    Rep Power
    265
    Tim,

    So are you trying to keep the OWA URL using your private domain name? I assume you have create a CNAME which points to outlook.com/tenancy.onmicrosoft.com ?

    I have a simple CNAME entry - outlook.domain.tld which has a Canonical Name of outlook.com

    if i browse to http://outlook.domain.tld then it presents me with my ADFS Authentication Page, I Login and then it redirects me to my Outlook Web Access.

    I assume, your not using SSO?

    Regards,
    James.
    Last edited by EduTech; 27th February 2013 at 11:29 PM.

  4. #4
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    2,772
    Thank Post
    251
    Thanked 220 Times in 168 Posts
    Rep Power
    87
    @edu-tech

    In response to your questions, Yeah, im trying to keep my domain but have "mail.students" sub domain point to outlook.com if that makes sense as i can get http://mail.students.domain.co.uk to work but not https://mail.students.domain.co.uk and no, im not using SSO.

    As for accessing outlook.com, my administrator account cannot access outlook.com

    Update:
    I think i have just found my problem. I have checked my DNS settings on office365 and ive got the following:

    DNS records
    The following DNS records must be configured at your DNS hosting provider. The records that you configure depend on the domain purpose that you set.

    View DNS records

    Need help adding these records? See step-by-step instructions for creating DNS records at popular DNS hosting providers. Exchange Online
    The DNS records for Exchange Online are correctly configured with your domain registrar.

    Exchange Online

    Type Priority Host name Points to address TTL
    MX 0 @ students-domain-co-uk.mail.eo.outlook.com 1 Hour
    CNAME - autodiscover autodiscover.outlook.com 1 Hour

    Type TXT Name TXT Value TTL
    TXT @ v=spf1 include:spf.protection.outlook.com -all 1 Hour


    So if i tell my ISP that i need to change my DNS settings to the ones configured in here as the earlier ones arent working correctly this should sort the problem out?
    Last edited by timbo343; 28th February 2013 at 11:33 AM.

  5. #5

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    4,980
    Thank Post
    158
    Thanked 888 Times in 699 Posts
    Blog Entries
    3
    Rep Power
    265
    Quote Originally Posted by timbo343 View Post
    @edu-tech

    In response to your questions, Yeah, im trying to keep my domain but have "mail.students" sub domain point to outlook.com if that makes sense as i can get http://mail.students.domain.co.uk to work but not https://mail.students.domain.co.uk and no, im not using SSO.

    As for accessing outlook.com, my administrator account cannot access outlook.com

    Update:
    I think i have just found my problem. I have checked my DNS settings on office365 and ive got the following:

    DNS records
    The following DNS records must be configured at your DNS hosting provider. The records that you configure depend on the domain purpose that you set.

    View DNS records

    Need help adding these records? See step-by-step instructions for creating DNS records at popular DNS hosting providers. Exchange Online
    The DNS records for Exchange Online are correctly configured with your domain registrar.

    Exchange Online

    Type Priority Host name Points to address TTL
    MX 0 @ students-domain-co-uk.mail.eo.outlook.com 1 Hour
    CNAME - autodiscover autodiscover.outlook.com 1 Hour

    Type TXT Name TXT Value TTL
    TXT @ v=spf1 include:spf.protection.outlook.com -all 1 Hour


    So if i tell my ISP that i need to change my DNS settings to the ones configured in here as the earlier ones arent working correctly this should sort the problem out?
    If the DNS Records in your portal have not been setup, or are incorrect in anyway then you need to ensure you rectify this.

    In all honesty you probably won't get https to work, because your domain name won't be in the public certificates that microsoft use for obvious reasons, you browse using http and when it redirects to outlook.com it will then redirect to 443 secure connection. If you try and do this on your own domain using a https connection first then it just is not going to work!...

    James.
    Last edited by EduTech; 28th February 2013 at 11:54 AM.

  6. Thanks to EduTech from:

    timbo343 (28th February 2013)

  7. #6

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    6,875
    Thank Post
    393
    Thanked 581 Times in 532 Posts
    Rep Power
    173
    Is there anything wrong with browsing over HTTP if when you get to the sign in it's switching you to the HTTPS?

  8. #7
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    2,772
    Thank Post
    251
    Thanked 220 Times in 168 Posts
    Rep Power
    87
    I saw that was happening too but havent really had time to post that.

  9. #8

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    4,980
    Thank Post
    158
    Thanked 888 Times in 699 Posts
    Blog Entries
    3
    Rep Power
    265
    you don't type any information in until the the browser has changed into a secure connection, you have no way of using the private domain in the way you want proper secure connection using a CNAME DNS Record.

    If you browse via HTTPS initially Office 365 won't recognize the CNAME in the headers, because it's encrypted. you have no chance of MS adding your private domain into their SSL Certificates. Browse via HTTP initially to initiate the request, it redirects when it hits outlook.com and then your on a secure connection, type in your credentials and then happy days!

    Regards,
    James.
    Last edited by EduTech; 28th February 2013 at 09:52 PM.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 10
    Last Post: 26th July 2013, 02:20 PM
  2. Replies: 3
    Last Post: 28th September 2011, 12:57 PM
  3. External student email access
    By Norphy in forum How do you do....it?
    Replies: 30
    Last Post: 10th November 2006, 12:24 AM
  4. Student Email
    By andy in forum School ICT Policies
    Replies: 8
    Last Post: 4th July 2005, 09:14 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •