SBS 2008, Exchange 2007 & Outlook 2007...
in [Microsoft Exchange]
|
From: Cliff Galiher - MVP on 24 Jun 2010 02:38 Could be a couple of things. So now we are back on track with the certificate (I think, I haven't checked.) So lets make sure Outlook Anywhere works. www.testexchangeconnectivity.com As far as the repeated credentials, have you patched up Exchange on your SBS server? Repeated credentials could be a symptom of a conflict between an outlook security update without the matching Exchange security update. Have *at least* Exchange SP1 UR9 installed on the SBS server. SP2 is preferrable. As always, have a backup. -- Cliff Galiher Microsoft has opened the Small Business Server forum on Technet! Check it out! http://social.technet.microsoft.com/Forums/en-us/smallbusinessserver/threads Addicted to newsgroups? Read about the NNTP Bridge for MS Forums.
From: Mikey on 24 Jun 2010 09:59 On Jun 24, 1:38 am, "Cliff Galiher - MVP" <cgali...(a)gmail.com> wrote: > Could be a couple of things. So now we are back on track with the > certificate (I think, I haven't checked.) > > So lets make sure Outlook Anywhere works. www.testexchangeconnectivity..com > > As far as the repeated credentials, have you patched up Exchange on your SBS > server? Repeated credentials could be a symptom of a conflict between an > outlook security update without the matching Exchange security update. Have > *at least* Exchange SP1 UR9 installed on the SBS server. SP2 is preferrable. > As always, have a backup. > > -- > Cliff Galiher > Microsoft has opened the Small Business Server forum on Technet! Check it > out!http://social.technet.microsoft.com/Forums/en-us/smallbusinessserver/.... > Addicted to newsgroups? Read about the NNTP Bridge for MS Forums. I tried the rollup 9 back in the begining. I didn't want to apply SP2 until the weekend, in the event there were any problems. You had said earlier that it didn't matter if some parts of the test fail, find one area, pick that & work it out (or something along those lines!). I tried the test, manually entering the info & the message that I got regarding the failure was: SSL mutual authentication with the RPC proxy server is being tested. Verification of mutual authentication failed. Tell me more about this issue and how to resolve it Additional Details The certificate common name remote.domain.com, doesn't validate against Mutual Authentication string provided msstd:exchange.domain.com Is this basically saying that it's not finding the name msstd:exchange.domain.com on my certificate? I that's the case, do I need to add that name, or is this an indicator of a mismatched authentication setting? ON the 'tell me how to fix it' link, it talks about a resolution that changes the name on the cert, but I'm assuming it changes it on the self generated one, right? So I'm thinking that probably won't help me. Or, do I need to do that, request a new certificate, rinse lather & repeat?
From: Mikey on 24 Jun 2010 10:15 On Jun 24, 8:59 am, Mikey <texan...(a)hotmail.com> wrote: > On Jun 24, 1:38 am, "Cliff Galiher - MVP" <cgali...(a)gmail.com> wrote: > > > > > > > Could be a couple of things. So now we are back on track with the > > certificate (I think, I haven't checked.) > > > So lets make sure Outlook Anywhere works. www.testexchangeconnectivity.com > > > As far as the repeated credentials, have you patched up Exchange on your SBS > > server? Repeated credentials could be a symptom of a conflict between an > > outlook security update without the matching Exchange security update. Have > > *at least* Exchange SP1 UR9 installed on the SBS server. SP2 is preferrable. > > As always, have a backup. > > > -- > > Cliff Galiher > > Microsoft has opened the Small Business Server forum on Technet! Check it > > out!http://social.technet.microsoft.com/Forums/en-us/smallbusinessserver/... > > Addicted to newsgroups? Read about the NNTP Bridge for MS Forums. > > I tried the rollup 9 back in the begining. I didn't want to apply SP2 > until the weekend, in the event there were any problems. > You had said earlier that it didn't matter if some parts of the test > fail, find one area, pick that & work it out (or something along those > lines!). > I tried the test, manually entering the info & the message that I got > regarding the failure was: > > SSL mutual authentication with the RPC proxy server is being tested. > Verification of mutual authentication failed. > Tell me more about this issue and how to resolve it > Additional Details > The certificate common name remote.domain.com, doesn't validate > against Mutual Authentication string provided > msstd:exchange.domain.com > > Is this basically saying that it's not finding the name > msstd:exchange.domain.com on my certificate? I that's the case, do I > need to add that name, or is this an indicator of a mismatched > authentication setting? ON the 'tell me how to fix it' link, it talks > about a resolution that changes the name on the cert, but I'm assuming > it changes it on the self generated one, right? So I'm thinking that > probably won't help me. Or, do I need to do that, request a new > certificate, rinse lather & repeat?- Hide quoted text - > > - Show quoted text - I did change the name to msstd:remote.domain.com on the client & it worked, but it prompts you for a password everytime you open outlook. The 'Always prompt for log on credentials' is NOT checked - is there a way to 'fix' this? Now, if I apply SP2 this weekend, can if mess up anything we've done so far?
From: Rich Matheisen [MVP] on 24 Jun 2010 20:55 On Thu, 24 Jun 2010 06:59:48 -0700 (PDT), Mikey <texan767(a)hotmail.com> wrote: [ snip ] >SSL mutual authentication with the RPC proxy server is being tested. > Verification of mutual authentication failed. > Tell me more about this issue and how to resolve it > Additional Details > The certificate common name remote.domain.com, doesn't validate >against Mutual Authentication string provided >msstd:exchange.domain.com > >Is this basically saying that it's not finding the name >msstd:exchange.domain.com on my certificate? No, it's not finding "exchange.domain.com" as the certificate's CN. As I've said before, Outlook wants you to use the CN of the certificate in the Exchange Proxy Settings. You need to put "msstd:remote.domain.com" into the 2nd edit box (and remote.domain.com into the 1st edit box). >I that's the case, do I >need to add that name, or is this an indicator of a mismatched >authentication setting? ON the 'tell me how to fix it' link, it talks >about a resolution that changes the name on the cert, but I'm assuming >it changes it on the self generated one, right? So I'm thinking that >probably won't help me. Or, do I need to do that, request a new >certificate, rinse lather & repeat? Just change the server name in Outlook's "Exchange Proxy Settings" dialog box. --- Rich Matheisen MCSE+I, Exchange MVP
From: Cliff Galiher - MVP on 24 Jun 2010 21:17
Actually, what I said is that the connectivity test will tst *every* possible way that outlook can "autodiscover" its settings. Sicne half of those optiosn won't actually be enabled, failures are to be expected. The second half of that was that you need to know which option you expect to work and concentrate on those failures. Looking at error codes for methods we expect to fail will be a waste of effort. So, if you are stuck, post the complete log (edit out sensitive parts of need be) so we can see and decipher what is an "expected" error and what isn't. -- Cliff Galiher Microsoft has opened the Small Business Server forum on Technet! Check it out! http://social.technet.microsoft.com/Forums/en-us/smallbusinessserver/threads Addicted to newsgroups? Read about the NNTP Bridge for MS Forums. |