another post on autodiscover.domain.co.uk certificate warnings

Hi, New install of SBS 2008 standard. I have had problems with users getting prompted to accept the autodiscover certificate each time they start outlook. Susan B had advised applying the update 9 for Exchange 2007, this didn't fix it, then to try SP2 for Exchange 2007. This has still not fixed the issue. I think this may be related to users also being unable to set OOO in Outlook and only ia OWA, although even when set there OOO doesn't work. Any ideas please Thanks Simon

Sounds like you have a mismatched certificate name and domain name. Did you create any certificates or DNS entries manually? -Cliff "Simon" <simon@boolean-it.co.uk-remove.co.uk> wrote in message news:#aJDHLmyKHA.5040@TK2MSFTNGP02.phx.gbl... > Hi, > New install of SBS 2008 standard. I have had problems with users getting > prompted to accept the autodiscover certificate each time they start > outlook. Susan B had advised applying the update 9 for Exchange 2007, this > didn't fix it, then to try SP2 for Exchange 2007. This has still not fixed > the issue. I think this may be related to users also being unable to set > OOO in Outlook and only ia OWA, although even when set there OOO doesn't > work. > Any ideas please > Thanks > Simon

Hi Cliff, No, neither the SBS box is running a self signed certificate for remote access created by the connect to internet wizard this works fine. I always use the wizards where there are ones. Simon Cliff Galiher - MVP wrote: > Sounds like you have a mismatched certificate name and domain name. Did > you create any certificates or DNS entries manually? > > -Cliff > > > "Simon" <simon@boolean-it.co.uk-remove.co.uk> wrote in message > news:#aJDHLmyKHA.5040@TK2MSFTNGP02.phx.gbl... >> Hi, >> New install of SBS 2008 standard. I have had problems with users >> getting prompted to accept the autodiscover certificate each time they >> start outlook. Susan B had advised applying the update 9 for Exchange >> 2007, this didn't fix it, then to try SP2 for Exchange 2007. This has >> still not fixed the issue. I think this may be related to users also >> being unable to set OOO in Outlook and only ia OWA, although even when >> set there OOO doesn't work. >> Any ideas please >> Thanks >> Simon >

Alright. autodiscover issues are distinct from "other" credential issues. UR9 and SP2 address some authentication issues, but since yours is specific to autodiscover, these don't apply (although having them is still good because it ensures you won't have those *other* issues.) Another common reason I've seen autodiscover prompts is because the IIS server that serves this information is not properly being trusted. This is set via the default SBS group policies, so changing or overriding those settings can have an adverse effect, and the wizard may not catch these issues. Have you changed any of the default group policies? On a related note, have you downloaded the SBS BPA and run it against your server? Have you fixed any problems it is reporting? -Cliff "Simon" <simon@boolean-it.co.uk-remove.co.uk> wrote in message news:e8UF7bxyKHA.3884@TK2MSFTNGP06.phx.gbl... > Hi Cliff, > No, neither the SBS box is running a self signed certificate for remote > access created by the connect to internet wizard this works fine. I always > use the wizards where there are ones. > Simon > Cliff Galiher - MVP wrote: >> Sounds like you have a mismatched certificate name and domain name. Did >> you create any certificates or DNS entries manually? >> >> -Cliff >> >> >> "Simon" <simon@boolean-it.co.uk-remove.co.uk> wrote in message >> news:#aJDHLmyKHA.5040@TK2MSFTNGP02.phx.gbl... >>> Hi, >>> New install of SBS 2008 standard. I have had problems with users getting >>> prompted to accept the autodiscover certificate each time they start >>> outlook. Susan B had advised applying the update 9 for Exchange 2007, >>> this didn't fix it, then to try SP2 for Exchange 2007. This has still >>> not fixed the issue. I think this may be related to users also being >>> unable to set OOO in Outlook and only ia OWA, although even when set >>> there OOO doesn't work. >>> Any ideas please >>> Thanks >>> Simon >>

Hi, Not messed with any GPs or IIS settings. The BPA doesn't show up anything, there were a couple of references to backhostconnections reg keys which I have fixed. Thanks Simon Cliff Galiher - MVP wrote: > Alright. autodiscover issues are distinct from "other" credential > issues. UR9 and SP2 address some authentication issues, but since yours > is specific to autodiscover, these don't apply (although having them is > still good because it ensures you won't have those *other* issues.) > > Another common reason I've seen autodiscover prompts is because the IIS > server that serves this information is not properly being trusted. This > is set via the default SBS group policies, so changing or overriding > those settings can have an adverse effect, and the wizard may not catch > these issues. > > Have you changed any of the default group policies? > > On a related note, have you downloaded the SBS BPA and run it against > your server? Have you fixed any problems it is reporting? > > -Cliff > > > "Simon" <simon@boolean-it.co.uk-remove.co.uk> wrote in message > news:e8UF7bxyKHA.3884@TK2MSFTNGP06.phx.gbl... >> Hi Cliff, >> No, neither the SBS box is running a self signed certificate for >> remote access created by the connect to internet wizard this works >> fine. I always use the wizards where there are ones. >> Simon >> Cliff Galiher - MVP wrote: >>> Sounds like you have a mismatched certificate name and domain name. >>> Did you create any certificates or DNS entries manually? >>> >>> -Cliff >>> >>> >>> "Simon" <simon@boolean-it.co.uk-remove.co.uk> wrote in message >>> news:#aJDHLmyKHA.5040@TK2MSFTNGP02.phx.gbl... >>>> Hi, >>>> New install of SBS 2008 standard. I have had problems with users >>>> getting prompted to accept the autodiscover certificate each time >>>> they start outlook. Susan B had advised applying the update 9 for >>>> Exchange 2007, this didn't fix it, then to try SP2 for Exchange >>>> 2007. This has still not fixed the issue. I think this may be >>>> related to users also being unable to set OOO in Outlook and only ia >>>> OWA, although even when set there OOO doesn't work. >>>> Any ideas please >>>> Thanks >>>> Simon >>>

Curious. I'm at a loss then. I'd have to start doing some deep troubleshooting, which is just a bit too tough to try and walk someone through over a newsgroup/email. Sorry I can't help more, -Cliff "Simon" <simon@boolean-it.co.uk-remove.co.uk> wrote in message news:OxaH3k$yKHA.244@TK2MSFTNGP06.phx.gbl... > Hi, > Not messed with any GPs or IIS settings. The BPA doesn't show up anything, > there were a couple of references to backhostconnections reg keys which I > have fixed. > Thanks > Simon > Cliff Galiher - MVP wrote: >> Alright. autodiscover issues are distinct from "other" credential >> issues. UR9 and SP2 address some authentication issues, but since yours >> is specific to autodiscover, these don't apply (although having them is >> still good because it ensures you won't have those *other* issues.) >> >> Another common reason I've seen autodiscover prompts is because the IIS >> server that serves this information is not properly being trusted. This >> is set via the default SBS group policies, so changing or overriding >> those settings can have an adverse effect, and the wizard may not catch >> these issues. >> >> Have you changed any of the default group policies? >> >> On a related note, have you downloaded the SBS BPA and run it against >> your server? Have you fixed any problems it is reporting? >> >> -Cliff >> >> >> "Simon" <simon@boolean-it.co.uk-remove.co.uk> wrote in message >> news:e8UF7bxyKHA.3884@TK2MSFTNGP06.phx.gbl... >>> Hi Cliff, >>> No, neither the SBS box is running a self signed certificate for remote >>> access created by the connect to internet wizard this works fine. I >>> always use the wizards where there are ones. >>> Simon >>> Cliff Galiher - MVP wrote: >>>> Sounds like you have a mismatched certificate name and domain name. >>>> Did you create any certificates or DNS entries manually? >>>> >>>> -Cliff >>>> >>>> >>>> "Simon" <simon@boolean-it.co.uk-remove.co.uk> wrote in message >>>> news:#aJDHLmyKHA.5040@TK2MSFTNGP02.phx.gbl... >>>>> Hi, >>>>> New install of SBS 2008 standard. I have had problems with users >>>>> getting prompted to accept the autodiscover certificate each time they >>>>> start outlook. Susan B had advised applying the update 9 for Exchange >>>>> 2007, this didn't fix it, then to try SP2 for Exchange 2007. This has >>>>> still not fixed the issue. I think this may be related to users also >>>>> being unable to set OOO in Outlook and only ia OWA, although even when >>>>> set there OOO doesn't work. >>>>> Any ideas please >>>>> Thanks >>>>> Simon >>>>

No problem Cliff, thanks for trying. Simon Cliff Galiher - MVP wrote: > Curious. I'm at a loss then. I'd have to start doing some deep > troubleshooting, which is just a bit too tough to try and walk someone > through over a newsgroup/email. > > Sorry I can't help more, > > -Cliff > > > "Simon" <simon@boolean-it.co.uk-remove.co.uk> wrote in message > news:OxaH3k$yKHA.244@TK2MSFTNGP06.phx.gbl... >> Hi, >> Not messed with any GPs or IIS settings. The BPA doesn't show up >> anything, there were a couple of references to backhostconnections reg >> keys which I have fixed. >> Thanks >> Simon >> Cliff Galiher - MVP wrote: >>> Alright. autodiscover issues are distinct from "other" credential >>> issues. UR9 and SP2 address some authentication issues, but since >>> yours is specific to autodiscover, these don't apply (although having >>> them is still good because it ensures you won't have those *other* >>> issues.) >>> >>> Another common reason I've seen autodiscover prompts is because the >>> IIS server that serves this information is not properly being >>> trusted. This is set via the default SBS group policies, so changing >>> or overriding those settings can have an adverse effect, and the >>> wizard may not catch these issues. >>> >>> Have you changed any of the default group policies? >>> >>> On a related note, have you downloaded the SBS BPA and run it against >>> your server? Have you fixed any problems it is reporting? >>> >>> -Cliff >>> >>> >>> "Simon" <simon@boolean-it.co.uk-remove.co.uk> wrote in message >>> news:e8UF7bxyKHA.3884@TK2MSFTNGP06.phx.gbl... >>>> Hi Cliff, >>>> No, neither the SBS box is running a self signed certificate for >>>> remote access created by the connect to internet wizard this works >>>> fine. I always use the wizards where there are ones. >>>> Simon >>>> Cliff Galiher - MVP wrote: >>>>> Sounds like you have a mismatched certificate name and domain name. >>>>> Did you create any certificates or DNS entries manually? >>>>> >>>>> -Cliff >>>>> >>>>> >>>>> "Simon" <simon@boolean-it.co.uk-remove.co.uk> wrote in message >>>>> news:#aJDHLmyKHA.5040@TK2MSFTNGP02.phx.gbl... >>>>>> Hi, >>>>>> New install of SBS 2008 standard. I have had problems with users >>>>>> getting prompted to accept the autodiscover certificate each time >>>>>> they start outlook. Susan B had advised applying the update 9 for >>>>>> Exchange 2007, this didn't fix it, then to try SP2 for Exchange >>>>>> 2007. This has still not fixed the issue. I think this may be >>>>>> related to users also being unable to set OOO in Outlook and only >>>>>> ia OWA, although even when set there OOO doesn't work. >>>>>> Any ideas please >>>>>> Thanks >>>>>> Simon >>>>>

"Simon" <simon@boolean-it.co.uk-remove.co.uk> wrote in message = news:OpgaEpKzKHA.244@TK2MSFTNGP06.phx.gbl... > No problem Cliff, > thanks for trying. > Simon > Curious, and I assume you've done it correctly, is add the computer = accounts to the domain using the Connect method, or if manually creating = them, you've moved the computer account to the SBS computers OU. That = should automatically provide the cert.=20 As for Autodiscover, if the external autodiscover.domain.co.uk has been = created, and the external Autodiscover URL is set in the CAS settings = that matches that name, it should just work. Are you seeing any event = log errors?=20 Have you tried testing it against the Microsoft Exchange test site? https://www.testexchangeconnectivity.com/=20 --=20 Ace This posting is provided "AS-IS" with no warranties or guarantees and = confers no rights. Please reply back to the newsgroup or forum for collaboration benefit = among responding engineers, and to help others benefit from your = resolution. Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & = MCSA 2003/2000, MCSA Messaging 2003 Microsoft Certified Trainer Microsoft MVP - Directory Services If you feel this is an urgent issue and require immediate assistance, = please contact Microsoft PSS directly. Please check = http://support.microsoft.com for regional support phone numbers.

Hi Ace, Answers inline: Ace Fekay [MVP-DS, MCT] wrote: > "Simon" <simon@boolean-it.co.uk-remove.co.uk> wrote in message news:OpgaEpKzKHA.244@TK2MSFTNGP06.phx.gbl... >> No problem Cliff, >> thanks for trying. >> Simon >> > > Curious, and I assume you've done it correctly, is add the computer accounts to the domain using the Connect method, or if manually creating them, you've moved the computer account to the SBS computers OU. That should automatically provide the cert. > I added the computer accounts using the http://connect method choosing the set them up for other users (win7 PCs) > As for Autodiscover, if the external autodiscover.domain.co.uk has been created, and the external Autodiscover URL is set in the CAS settings that matches that name, it should just work. Are you seeing any event log errors? > I've not created an external autodiscover.domain... A record, these PCs are on the local lan. The external remote.domain.co.uk A record is working (although is a cname of a dynamic dns host as the customer does not have a fixed address.) > Have you tried testing it against the Microsoft Exchange test site? > https://www.testexchangeconnectivity.com/ > > Will give that a go, thanks. I've since installed SBS2008 at another site and not run into any of these issues, I'd really like to get to the bottom of this one Thanks Simon

"Simon" <simon@boolean-it.co.uk-remove.co.uk> wrote in message = news:%23Wru6jbzKHA.1796@TK2MSFTNGP02.phx.gbl... > Hi Ace, > Answers inline: > Ace Fekay [MVP-DS, MCT] wrote: >> "Simon" <simon@boolean-it.co.uk-remove.co.uk> wrote in message = news:OpgaEpKzKHA.244@TK2MSFTNGP06.phx.gbl... >>> No problem Cliff, >>> thanks for trying. >>> Simon >>> >>=20 >> Curious, and I assume you've done it correctly, is add the computer = accounts to the domain using the Connect method, or if manually creating = them, you've moved the computer account to the SBS computers OU. That = should automatically provide the cert.=20 >>=20 > I added the computer accounts using the http://connect method choosing = > the set them up for other users (win7 PCs) >> As for Autodiscover, if the external autodiscover.domain.co.uk has = been created, and the external Autodiscover URL is set in the CAS = settings that matches that name, it should just work. Are you seeing any = event log errors?=20 >>=20 > I've not created an external autodiscover.domain... A record, these = PCs=20 > are on the local lan. The external remote.domain.co.uk A record is=20 > working (although is a cname of a dynamic dns host as the customer = does=20 > not have a fixed address.) >=20 >> Have you tried testing it against the Microsoft Exchange test site? >> https://www.testexchangeconnectivity.com/=20 >>=20 >>=20 >=20 > Will give that a go, thanks. >=20 > I've since installed SBS2008 at another site and not run into any of=20 > these issues, I'd really like to get to the bottom of this one > Thanks > Simon Althought you don't *really* need it, create an Autodiscover record = internally and externally, and try it agin. It also could be the CNAME = causing the issue, which dealing with DNS for many years, I've seen = CNAMES cause problems with other things in the past.=20 Find out what the Exchange test gives. I hope it helps. Ace

Similiar Articles:

Out of office / autodiscover problem - microsoft.public.exchange ...
... and browse to https://exchange2.domain.local/autodiscover ... errors - I have bought a SAN certificate and exchange2.domain.local ... capi tallaw.co.uk. Id ...

Domain certificate error - microsoft.public.windows.server.active ...
I see that all my DC recieved a Domain Controler certificate ... http://www.petri.co.il/install ... autodiscover certificate error 153 autodiscover.domain.com certificate ...

Exchange certificate error outlook 2007 - microsoft.public.windows ...
... address http://www.blakjak.demon.co.uk ... us the CN and SAN names of this certificate? Have you added autodiscover ... Domain certificate error - microsoft.public.windows ...

Outlook/Exchange Error... - microsoft.public.outlook.general ...
Exchange 2010 SSL warning when opening Outlook 2007 ... issue, add a host (A) record in DNS for Autodiscover.domain.com ... Certificate errors in Outlook when connected to ...

another post on autodiscover.domain.co.uk certificate warnings ...
Hi, New install of SBS 2008 standard. I have had problems with users getting prompted to accept the autodiscover certificate each time they start outlook. Susan B had ...

sbs 2008 autodiscover certificate prompts - Vista Forums
another post on autodiscover.domain.co.uk certificate warnings: SBS Server: SBS 2008, Outlook password prompts: SBS Server: SBS 2008 RWW prompts for duplicate credentials

Outlook 2007 & Exchange 2010 Autodiscover SSL certificate error ...
Post navigation ← Previous ... get hit with a certificate error for autodiscover.domain.com. ... price, btw) for “autodiscover” but that would also require using another IP ...

Autodiscover
... up autodiscover.rphproductions.co.uk but i cannot buy another ... co.uk/Autodiscover/autodiscover.xml. Ideally, the SSL certificate you ... domain>/autodiscover ...

Autodiscover, DNS, Certificates, and what you need to know | Elan ...
... that this is a superb blog post ... site (site A) are getting certificate warnings for autodiscover.domain ... that has mail.domain.com, autodiscover.domain.com, and if you're co ...

7/13/2012 9:10:53 AM