FreeDriverSiteBlog

Links

Admin Login

Sunday, January 23, 2011

Outlook 2007 Security Alert - The name on the security certificate is invalid or does not match the name of the site. SBS2008

NOTE! - For SBS 2008 the sites are * (SBS Web Applications) instead of * (Default Web Site)

Get-ExchangeCertificate

Thumbprint Services Subject
———- ——– ——-
BCF9F2C3D245E2588AB5895C37D8D914503D162E9 SIP.W CN=mail.shudnow.net.com

What I did was go ahead and enable all new services to use every available service by using the following command:

Enable-exchangecertificate -services IMAP, POP, UM, IIS, SMTP -Thumbprint BCF9F2C3D245E2588AB5895C37D8D914503D162E9

The next step would be to ensure the AutodiscoverInternalURI is pointed to the CAS that will be your primary CAS for Autodiscover servicing.

Get-ClientAccessServer -Identity CASServer | FL

AutoDiscoverServiceInternalUri : https://casnetbiosname/Autodiscover/Autodiscover.xml

See the issue here? We are not using a UC certificate that contains the names, “casnetbiosname, casnetbiosname.shudnow.net, mail.shudnow.net, and autodiscover.shudnow.net” Since the Autodiscover directory in IIS will be requring SSL encryption, the url specified in the AutoDiscoverServiceInternalURI must match what is specified in your certificate. You must also ensure there is a DNS record that allows mail.shudnow.net to resolve to your CAS. We should re-configure the AutoDiscoverServiceInternalURI by using the following command:

Set-ClientAccessServer -Identity CASServer -AutoDiscoverServiceInternalUrihttps://mail.shudnow.net/Autodiscover/Autodiscover.xml

We now need to go configure all the InternalURLs for each web distributed service. If you are going to be utilizing the Autodiscover service from the outside or for non-domain joined clients, you may want to configure an -ExternalURL in addition to your -InternalURL.

Here is the reason why we were receiving the certificate errors. Your InternalURLs most likely are not using mail.shudnow.net. Your InternalURLs are most likely pointed to something such as https://casnetbiosname/ServiceURL which will fail since this is not the CN of your simple certificate.

You can run the following commands to fix your internalURLs so your Outlook 2007 client can successfully take advantage of your web distribution services.

Set-WebServicesVirtualDirectory -Identity “CASServer\EWS (Default Web Site)” -InternalURL https://mail.shudnow.net/EWS/Exchange.asmx -BasicAuthentication:$true

Set-OABVirtualDirectory -Identity “CASServer\OAB (Default Web Site)” -InternalURL https://mail.shudnow.net/OAB

**NOTE: USE THESE COMMANDS FOR SBS2008

Set-WebServicesVirtualDirectory -Identity “CASServer\EWS (SBS Web Applications)” -InternalURL https://mail.shudnow.net/EWS/Exchange.asmx -BasicAuthentication:$true

Set-OABVirtualDirectory -Identity “CASServer\OAB (SBS Web Applications)” -InternalURL https://mail.shudnow.net/OAB

Note: You must ensure that you enable SSL on the OAB directory in IIS which is not on by default. The above command will only enable SSL, but will not ensure 128-bit SSL is required.

Enable-OutlookAnywhere -Server CASServer -ExternalHostname “mail.shudnow.net” -ClientAuthenticationMethod “Basic”-SSLOffloading:$False

Note: The above Enable-OutlookAnywhere command works on SP1. For RTM, substitute -ClientAuthenticationMethod with -ExternalAuthenticationMethod.

Set-ActiveSyncVirtualDirectory -Identity “CASServer\Microsoft-Server-ActiveSync (Default Web Site)” -ExternalURL https://mail.shudnow.net/Microsoft-Server-Activesync

Set-UMVirtualDirectory -Identity “CASServer\UnifiedMessaging (Default Web Site)” -InternalURL https://mail.shudnow.net/UnifiedMessaging/Service.asmx -BasicAuthentication:$true

**NOTE: USE THESE COMMANDS FOR SBS2008

Set-ActiveSyncVirtualDirectory -Identity “CASServer\Microsoft-Server-ActiveSync (SBS Web Applications)” -ExternalURL https://mail.shudnow.net/Microsoft-Server-Activesync

Set-UMVirtualDirectory -Identity “CASServer\UnifiedMessaging (SBS Web Applications)” -InternalURL https://mail.shudnow.net/UnifiedMessaging/Service.asmx -BasicAuthentication:$true

Note: The above Set-UMVirtualDirectory command is not needed in Exchange 2010. Exchange 2010 no longer contains a UnifiedMessaging virtual directory and instead uses the Web Services Virtual Directory.

NOTE! - For SBS 2008 the sites are * (SBS Web Applications) instead of * (Default Web Site)

Sunday, January 23, 2011 4:18:29 PM (Central Standard Time, UTC-06:00) | Comments [0] | Exchange 2007 | Exchange 2010 | SBS 2008

get-ExchangeServer and get-UMServer failed Active Directory Server not available. A local error occurred.

When trying to open the Exchange 2007 Management console, you may experience one or more of the following errors:

Active Directory server exch01.xxx.com is not available. Error message: A local error occurred.
It was running command 'get-ExchangeAdministrator'.

The following error(s) were reported while loading topology information:

get-ExchangeServer
Failed
Error:
Active Directory server exch01.xxx.com is not available. Error message: A local error occurred.

A local error occurred.

get-UMServer
Failed
Error:
Active Directory server exch01.xxx.com is not available. Error message: A local error occurred.

A local error occurred.

When you login to the server with another admin account, the EMC works fine.

There are several suggested methods to fix this:

1 - Log into the server as another admin account and delete the profile for the affected admin account. (I was unable to do this as my DELETE button was greyed out for the main admin account)

2- Close EMC

Open %APPDATA%\Microsoft\MMC folder and delete Exchange Management Console file

Start EMC (Did not work for me)

3-   Start -> Run
      Enter "control keymgr.dll"
      Remove all stored passwords relating to Exchange servers and DCs (this one worked for me)

Sunday, January 23, 2011 2:52:36 PM (Central Standard Time, UTC-06:00) | Comments [1] | Exchange 2007 | SBS 2008

Monday, February 22, 2010

Outlook 2007 and Exchange 2007 - Outlook gets certificate error when opening - trying to resolve to "sites" which is not on the UCC

I had an issue with a Small Business Server SBS 2003 to SBS 2008 migration where once everything was up and running, I had problems with Outlook 2007 Clients giving certificate errors. Also, OWA Outlook Web Access would redirect to http://sites/owa. The problem was the internal and external URL settings on the various transports in Exchange 2007. This powershell script helped to fix the problem. Note, some errors occurred for me but I was able to just step through the code and issue the commands to the Exchange Shell manually to get the job finished. The main problem was the AutoDiscover Internal URI - once that was fixed the rest fell into place.

# Script to allow you to set all virtual directories to a common name like mail.company.com

Start-Transcript

# Variables

[string]$UMExtend = "/UnifiedMessaging/Service.asmx"
[string]$OABExtend = "/OAB"
[string]$SCPExtend = "/Autodiscover/Autodiscover.xml"
[string]$EWSExtend = "/EWS/Exchange.asmx"
[string]$ConfirmPrompt = "Set this Value? (Y/N)"
[string]$NoChangeForeground = "white"
[string]$NoChangeBackground = "red"

Write-host "This will allow you to set the virtual directories associated with Autodiscover provided services to the name you provide."
Write-host ""
[string]$base = Read-host "Base name of virtual directory (e.g. mail.company.com)"
write-host ""
# =======================================================
# Validate if a third party trusted certificate is being used
# because BITS won't use untrusted certificates
[string]$set = Read-host "Is the certificate being used an internally generated certificate? (Y/N)"
Write-host ""

if ($set -eq "Y")   {
   [string]$OABprefix = "http://"
}   else   {
   [string]$OABprefix = "https://"
}

# =======================================================
# Build the Autodiscover URL and set the SCP Value

Write-host "Setting Autodiscover Service Connection Point" -foregroundcolor Yellow
write-host ""

$SCPURL = "https://" + $base + $SCPExtend

[array]$SCPCurrent = Get-ClientAccessServer

Foreach ($value in $SCPCurrent) {
   Write-host "Looking at Server: " $value.name
   Write-host "Current SCP value: " $value.AutoDiscoverServiceInternalUri.absoluteuri
   Write-host "New SCP Value:     " $SCPURL
   [string]$set = Read-host $ConfirmPrompt
   write-host ""

   if ($set -eq "Y")   {
      Set-ClientAccessServer -id $value.identity -AutoDiscoverServiceInternalUri $SCPURL
   }   else {
       write-host "Autodiscover Service Connection Point internal value NOT changed" -foregroundcolor $NoChangeForeground -backgroundcolor $NoChangeBackground
   }
}

# =======================================================
# Build the EWS URL and set the internal Value

Write-host "Setting Exchange Web Services Virtual Directories" -foregroundcolor Yellow
write-host ""

$EWSURL = "https://" + $base + $EWSExtend

[array]$EWSCurrent = Get-WebServicesVirtualDirectory

Foreach ($value in $EWSCurrent) {
   Write-host "Looking at Server: " $value.server
   Write-host "Current Internal Value: " $value.internalURL
   Write-host "New Internal Value:     " $EWSUrl
   [string]$set = Read-host $ConfirmPrompt
   write-host ""

   if ($set -eq "Y")   {
       Set-WebServicesVirtualDirectory -id $value.identity -InternalURL $EWSURL
   } else {
       write-host "Exchange Web Services Virtual Directory internal value NOT changed" -foregroundcolor $NoChangeForeground -backgroundcolor $NoChangeBackground
   }

   Write-host "Looking at Server: " $value.server
   Write-host "Current External Value: " $value.externalURL
   Write-host "New External Value:     " $EWSUrl
   [string]$set = Read-host $ConfirmPrompt
   write-host ""

   if ($set -eq "Y")   {
       Set-WebServicesVirtualDirectory -id $value.identity -ExternalURL $EWSURL
   } else {
       write-host "Exchange Web Services Virtual Directory external value NOT changed" -foregroundcolor $NoChangeForeground -backgroundcolor $NoChangeBackground
   }
}

# ======================================================
# Build the OAB URL and set the internal Value

Write-host "Setting OAB Virtual Directories" -foregroundcolor Yellow
write-host ""

$OABURL = $OABprefix + $base + $OABExtend

[array]$OABCurrent = Get-OABVirtualDirectory

Foreach ($value in $OABcurrent) {
   Write-host "Looking at Server: " $value.server
   Write-host "Current Internal Value: " $value.internalURL
   Write-host "New Internal Value:     " $OABUrl
   [string]$set = Read-host $ConfirmPrompt
   write-host ""

   if ($set -eq "Y")   {
       Set-OABVirtualDirectory -id $value.identity -InternalURL $OABURL
   } else {
       write-host "OAB Virtual Directory internal value NOT changed" -foregroundcolor $NoChangeForeground -backgroundcolor $NoChangeBackground
   }

   Write-host "Looking at Server: " $value.server
   Write-host "Current External Value: " $value.externalURL
   Write-host "New External Value:     " $OABUrl
   [string]$set = Read-host $ConfirmPrompt
   write-host ""

   if ($set -eq "Y") {
       Set-OABVirtualDirectory -id $value.identity -ExternalURL $OABURL
   } else {
       write-host "OAB Virtual Directory external value NOT changed" -foregroundcolor $NoChangeForeground -backgroundcolor $NoChangeBackground
   }
}

# =======================================================
# Build the UM URL and set the internal Value

Write-host "Setting UM Virtual Directories" -foregroundcolor Yellow
write-host ""

$UMURL = "https://" + $base + $UMExtend

[array]$UMCurrent = Get-UMVirtualDirectory

foreach ($value in $UMCurrent) {
   Write-host "Looking at Server: " $value.server
   Write-host "Current Internal Value: " $value.internalURL
   Write-host "New Internal Value:     " $UMUrl
   [string]$set = Read-host $ConfirmPrompt
   write-host ""

   if ($set -eq "Y") {
       Set-UMVirtualDirectory -id $value.identity -InternalURL $UMURL
   } else {
       write-host "UM Virtual Directory internal value NOT changed" -foregroundcolor $NoChangeForeground -backgroundcolor $NoChangeBackground
   }

   Write-host "Looking at Server: " $value.server
   Write-host "Current External Value: " $value.externalURL
   Write-host "New External Value:     " $UMUrl
   [string]$set = Read-host $ConfirmPrompt
   write-host ""

   if ($set -eq "Y") {
       Set-UMVirtualDirectory -id $value.identity -ExternalURL $UMURL
   } else {
       write-host "UM Virtual Directory external value NOT changed" -foregroundcolor $NoChangeForeground -backgroundcolor $NoChangeBackground
   }
}
Stop-Transcript

(http://www.exchangeninjas.com/set-allvdirs)

Monday, February 22, 2010 12:50:27 PM (Central Standard Time, UTC-06:00) | Comments [0] | Exchange 2007 | SBS 2008

Subscribe:

newtelligence dasBlog 2.1.8102.813