Vista x64 / Office 2007 + A Exchange 2007 question

Author	All Replies
Leathal Premium join:2002-02-09 Toronto, ON edit: May 7th, @08:45PM	Vista x64 / Office 2007 + A Exchange 2007 question Exchange 2007: Exchange 2007 x64 at the office the SSL cert for accessing the OWA from the outside, owa.domain.com. When I use Outlook 2007 from the local LAN it tells me there is an issue with the cert as the actual server name of Exchange doesn't match the certificate, server name: exchange.domain.local. I have of course setup a DNS zone for the domain.com and added the owa as a host(A) record pointing it to the exchange.domain.local, however when I use that as the mail server in outlook 2007, the name gets automatically revered back to exchange.domain.local and the whole problem starts over again. Does anyone know how to fix this? Office 2007 SP1: Its running under Vista x64 Sp1, I don't see the mail icon in the control panel, I know I have figured out how to fix this in the past but can't remember howto do it now?? Thanks Leathal
	to forum · permalink · · 2008-05-07 20:43:26 ·
neil0311 join:2005-07-24 Marietta, GA edit: May 7th, @11:07PM	Is the common name for the SSL cert for OWA (that is running on the CAS server) using the EXACT host name as the A record published in DNS? My guess is no. For example....if the CAS has a FQDN of "CAS1.domain.com" and you are publishing OWA in DNS as host "OWA.domain.com" then the cert must use a common name of "OWA.domain.com". Make sure that Outlook is configured to use the "OWA.domain.com" host name as the connection point for Outlook Anywhere. One other thought..because you mentioned "local LAN". You should not be connecting internally to the CAS via HTTPS. You should be going MAPI direct to the mailbox server. Can you clarify the scenario?
	to forum · permalink · · 2008-05-07 23:05:01 ·
Leathal Premium join:2002-02-09 Toronto, ON	Yes I am using MAPI, but Outlook 2007 is a completely different application out of the box. With outlook 2003 I don't get the error, so MS obviously changed how Outlook 2007 operates. Yes the cert for OWA is the EXACT host name on the A record published in DNS, it works perfectly from the outside, the inside is where it gives me problems even though we have the domain.com zone in our Windows DNS server with the host record for OWA which translates fine when you look at it nslookup. From what I have heard it maybe due to having to setup an internal Cert on Exchange 2007 x64, I can't remember the shell command for it now. Leathal
	to forum · permalink · · 2008-05-07 23:38:08 ·
Leathal Premium join:2002-02-09 Toronto, ON edit: May 8th, @12:47PM	reply to neil0311 »www.shudnow.net/2007/08/10/outlo···e-error/ Explains the error.. Andrew
	to forum · permalink · · 2008-05-08 12:47:23 ·
MattE Obama '08 Premium join:2003-07-20 Jamestown, NC	reply to Leathal Set the Exchange server as the domain.local name, but the configure your Exchange proxy with the owa.domain.com name. This also works externally and is how we do it.
	to forum · permalink · · 2008-05-08 14:52:01 ·
neil0311 join:2005-07-24 Marietta, GA	reply to Leathal said by Leathal : Yes I am using MAPI, but Outlook 2007 is a completely different application out of the box. With outlook 2003 I don't get the error, so MS obviously changed how Outlook 2007 operates. Yes the cert for OWA is the EXACT host name on the A record published in DNS, it works perfectly from the outside, the inside is where it gives me problems even though we have the domain.com zone in our Windows DNS server with the host record for OWA which translates fine when you look at it nslookup. From what I have heard it maybe due to having to setup an internal Cert on Exchange 2007 x64, I can't remember the shell command for it now. Leathal OL2007 isn't different except that it will use autodiscover to create the MAPI profile and may fail if your autodiscover website and accompanying certs and DNS entries aren't correct. Once the MAPI profile is setup (which you can do manually from inside the firewall), then connecting is exactly the same as OL2003.
	to forum · permalink · · 2008-05-08 22:09:43 ·
Leathal Premium join:2002-02-09 Toronto, ON	MAPI on the firewall are you nuts? MAPI is the most common hacked to death protocol. Anyhow I never use MAPI as it's for newbs. Outlook Anywhere FTW! Leathal
	to forum · permalink · · 2008-05-08 23:30:53 ·
neil0311 join:2005-07-24 Marietta, GA edit: May 11th, @11:03AM	said by Leathal : MAPI on the firewall are you nuts? MAPI is the most common hacked to death protocol. Anyhow I never use MAPI as it's for newbs. Outlook Anywhere FTW! Leathal Not sure WTF you're talking about, but you have no idea about Exchange. No one mentioned MAPI on any firewall. Read carefully before you bloviate. Exchange uses RPC as the protocol used by the mailbox server role, whether internally or externally. Mailbox servers only connect to RPC clients. Internally, the Outlook clients use MAPI/RPC direct, and from the Internet they can connect via HTTPS with encapsualted RPC (RPC over HTTPS) and connect to the Exchange CAS server via a reverse proxy. The CAS then decrypts the HTTP packets and strips the encapsulated RPC packets and they are routed to the mailbox role. RPC over HTTPS (Outlook Anywhere) is MAPI/RPC...just encapsulated in HTTPS. You wouldn't use Outlook Anywhere inside the corporate network...just plain old MAPI/RPC direct to the mailbox role. I do this all day long...it's my job. I work for a large software company based in Redmond, WA and have worked with the guts of Exchange for 12 years. Hardly a noob.
	to forum · permalink · · 2008-05-11 10:55:22 ·


Saturday, 11-Oct 08:23:16	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 9 years online! © 1999-2008 dslreports.com. page compression OFF