neil0311
join:2005-07-24
Marietta, GA
3 edits | reply to Leathal
Re: Vista x64 / Office 2007 + A Exchange 2007 question
Is the common name for the SSL cert for OWA (that is running on the CAS server) using the EXACT host name as the A record published in DNS? My guess is no.
For example....if the CAS has a FQDN of "CAS1.domain.com" and you are publishing OWA in DNS as host "OWA.domain.com" then the cert must use a common name of "OWA.domain.com".
Make sure that Outlook is configured to use the "OWA.domain.com" host name as the connection point for Outlook Anywhere.
One other thought..because you mentioned "local LAN". You should not be connecting internally to the CAS via HTTPS. You should be going MAPI direct to the mailbox server.
Can you clarify the scenario? |
|
Leathal
Premium
join:2002-02-09
Toronto, ON
| Yes I am using MAPI, but Outlook 2007 is a completely different application out of the box. With outlook 2003 I don't get the error, so MS obviously changed how Outlook 2007 operates.
Yes the cert for OWA is the EXACT host name on the A record published in DNS, it works perfectly from the outside, the inside is where it gives me problems even though we have the domain.com zone in our Windows DNS server with the host record for OWA which translates fine when you look at it nslookup.
From what I have heard it maybe due to having to setup an internal Cert on Exchange 2007 x64, I can't remember the shell command for it now. 
Leathal |
|
Leathal
Premium
join:2002-02-09
Toronto, ON
1 edit | reply to neil0311
»www.shudnow.net/2007/08/10/outlo···e-error/
Explains the error..
Andrew |
|
neil0311
join:2005-07-24
Marietta, GA
| reply to Leathal
said by Leathal  :Yes I am using MAPI, but Outlook 2007 is a completely different application out of the box. With outlook 2003 I don't get the error, so MS obviously changed how Outlook 2007 operates. Yes the cert for OWA is the EXACT host name on the A record published in DNS, it works perfectly from the outside, the inside is where it gives me problems even though we have the domain.com zone in our Windows DNS server with the host record for OWA which translates fine when you look at it nslookup. From what I have heard it maybe due to having to setup an internal Cert on Exchange 2007 x64, I can't remember the shell command for it now. Leathal OL2007 isn't different except that it will use autodiscover to create the MAPI profile and may fail if your autodiscover website and accompanying certs and DNS entries aren't correct. Once the MAPI profile is setup (which you can do manually from inside the firewall), then connecting is exactly the same as OL2003. |
|
Leathal
Premium
join:2002-02-09
Toronto, ON | MAPI on the firewall are you nuts? MAPI is the most common hacked to death protocol.
Anyhow I never use MAPI as it's for newbs.
Outlook Anywhere FTW!
Leathal |
|
neil0311
join:2005-07-24
Marietta, GA
4 edits | said by Leathal :MAPI on the firewall are you nuts? MAPI is the most common hacked to death protocol. Anyhow I never use MAPI as it's for newbs. Outlook Anywhere FTW! Leathal Not sure WTF you're talking about, but you have no idea about Exchange. No one mentioned MAPI on any firewall. Read carefully before you bloviate.
Exchange uses RPC as the protocol used by the mailbox server role, whether internally or externally. Mailbox servers only connect to RPC clients. Internally, the Outlook clients use MAPI/RPC direct, and from the Internet they can connect via HTTPS with encapsualted RPC (RPC over HTTPS) and connect to the Exchange CAS server via a reverse proxy. The CAS then decrypts the HTTP packets and strips the encapsulated RPC packets and they are routed to the mailbox role.
RPC over HTTPS (Outlook Anywhere) is MAPI/RPC...just encapsulated in HTTPS. You wouldn't use Outlook Anywhere inside the corporate network...just plain old MAPI/RPC direct to the mailbox role.
I do this all day long...it's my job. I work for a large software company based in Redmond, WA and have worked with the guts of Exchange for 12 years. Hardly a noob. |
|
