Outlook 2010 certificate error on SBS2008 domain

[guest]

First Outlook client that uses autodiscover is being tested on our SBS2008 network. The SBS2008 was upgraded from SBS2003 by a MS partner and we have no internal or external connectivity problems using Outlook 2003 or web browsers, once the security certificate is installed on the clients.

The new Outlook 2010 client throws two identical certificate errors on launch of the mailbox from within the domain, I think one for the mailbox and one for the public folders. The certificate Outlook objects to is the self signed certificate set up when 2008 was installed and is in the name of remote.externaldomainname rather than sites (Exchange reports AutoDiscoverServiceInternalUri : https://sites/Autodiscover/Autodiscover.xml). I have seen http://support.microsoft.com/kb/940726 and the SBSBlog which point at this being an autodiscover issue. However, ExchangeSP3 KB for SBS 2008 http://support.microsoft.com/kb/982423 (not installed here but comments may be valid) suggests that the https://sites should have the sites certificate associated with it via the SBS Web Applications in IIS. On my SBS2008, IIS shows that the "remote" certificate is bound to the SBS Web Applications.

SBS BPA reports no issues.

Before I try and work through the KB940726 steps, which look pretty drastic, I'd like to check what the SBS Web Applications certificate binding should be for SBS2008 with a self-signed certificate. Can anyone help?

[guest]

Not sure if you have already resolved this but I had a similar issue whereby our SBS was migrated across to 2008 from 2003 onto new hardware. We used the self signed cert and that was OK with Outlook 2003 but a move to Outlook 2010 caused the cert error on startup. I agree it was due to the https://sites/ domain being used.



I used http://support.microsoft.com/kb/940726 as the guide to change the Internal entries to our certificated site name (ie our externally accessable FQDN) but had to change some of the syntax. I have posted my amended version below:



1.Start the Exchange Management Shell.
2.Modify the Autodiscover URL in the Service Connection Point. The Service Connection Point is stored in the Active Directory directory service. To modify this URL, type the following command, and then press ENTER:
Set-ClientAccessServer -Identity <var>SBS_Server_Name</var> -AutodiscoverServiceInternalUri https://remote.DOMAIN.com/autodiscover/autodiscover.xml
3.Modify the InternalUrl attribute of the EWS. To do this, type the following command, and then press ENTER:
Set-WebServicesVirtualDirectory -Identity "<var>SBS_Server_Name</var>\EWS (SBS Web Applications)" -InternalUrl https://<var>remote.DOMAIN</var>.com/ews/exchange.asmx
4.Modify the InternalUrl attribute for Web-based Offline Address Book distribution. To do this, type the following command, and then press ENTER:
Set-OABVirtualDirectory -Identity "<var>SBS_Server_name</var>\oab (SBS Web Applications)" -InternalUrl https://remote.DOMAIN.com/oab
5.Modify the InternalUrl attribute of the UM Web service. To do this, type the following command, and then press ENTER:
Set-UMVirtualDirectory -Identity "<var>SBS_Server_Name</var>\unifiedmessaging (SBS Web Applications)" -InternalUrl https://<var>remote.DOMAIN</var>.com/unifiedmessaging/service.asmx
Note This command is required only in an Exchange 2007 environment. This command no longer exists in an Exchange 2010 environment. Instead, the WebServices URL is used for this purpose.
6.Open IIS Manager.
7.Expand the local computer, and then expand Application Pools.
8.Right-click MSExchangeAutodiscoverAppPool, and then click Recycle.


Hope that helps