Getting back to this With the current certificate installed everything works, including Browsing to https://localhost/exchange With the UCC installed, nothing works including Browsing to https://localhost/exchange - produces a page cannot be found The UCC works perfectly on the E2K7 server, so it's not the cert
CFee From: Simon Butler [mailto:si...@sembee.co.uk] Sent: Saturday, June 26, 2010 7:22 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 2003 OWA The quickest way to confirm that would be to test it on the server itself. Browsing to https://localhost/exchange should work, even with a certificate error. If the error is bypassed then you can look at the certificate and see which one is being delivered. If it is the certificate that you hope for then you start to look outside of the server. If, on the other hand, it doesn't work on the server itself, then a problem with the certificate is probably the issue. Simon. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: 26 June 2010 01:32 To: MS-Exchange Admin Issues Subject: RE: Exchange 2003 OWA It should work fine. I'm convinced this is a DNS or firewall issue, not a certificate issue. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Carol Fee [mailto:c...@massbar.org] Sent: Friday, June 25, 2010 1:38 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2003 OWA Well, there is no internal host record for mail.massbar.org, only a MX record. There is, however a host record for parcel.massbar.org, and that name works just fine in the browser when the old cert is installed, but not for the wildcard or UCC certs. The working cert is for mail.massbar.org, but internally, you can use https://parcel.massbar.org, because that's what IIS thinks it is. Mail.massbar.org is only configured in Exchange so that the mail goes out from mail.massbar.org. I guess maybe the UCC might not work because parcel.massbar.org is not listed on the cert, only mail.massbar.org. What about the wildcard, though - *.massbar.org ? CFee From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Friday, June 25, 2010 12:35 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2003 OWA See, telnet doesn't know ANYTHING about ssl certs. It just knows about tcp connections. Z:\>telnet mail.massbar.org 443 Connecting To mail.massbar.org...Could not open connection to the host, on port 443: Connect failed Z:\>telnet parcel.massbar.org 443 simply brings up a _ The above indicates clearly that they don't point to the same IP address. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Carol Fee [mailto:c...@massbar.org] Sent: Friday, June 25, 2010 11:41 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 2003 OWA Yes on the iisreset On the telnet - The internal host name is parcel.massbar.org With the current SSL cert the URLs https://parcel.massbar.org etc work fine The external host name is mail.massbar.org - the server responds to the telnet ( 25 and 443 ) with this host name With either of the other certs Z:\>telnet mail.massbar.org 443 Connecting To mail.massbar.org...Could not open connection to the host, on port 443: Connect failed Z:\>telnet parcel.massbar.org 443 simply brings up a _ CFee From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Friday, June 25, 2010 11:22 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 2003 OWA After you install the other certs, do you do an iisreset? Can you still "telnet server.domain.com 443" and get a response? Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Carol Fee [mailto:c...@massbar.org] Sent: Friday, June 25, 2010 11:19 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 2003 OWA With the existing SSL cert everything works fine. If I install either of the others the URLs https://server.domain.com or https://server.domain.com/exchange produce an "Internet Explorer cannot display the web page" CFee From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Friday, June 25, 2010 11:11 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 2003 OWA Help me help you. What does/doesn't it do? How does it not work? :) Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Carol Fee [mailto:c...@massbar.org] Sent: Friday, June 25, 2010 11:10 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 2003 OWA Hmmm .... I can't for the life of me figure out why OWA works with the current SSL cert, but doesn't if I install either a wildcard cert for the domain or a UCC cert which includes the Exchange server host name. CFee From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Friday, June 25, 2010 10:16 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 2003 OWA It works just fine with OWA. With ActiveSync, Exchange is fine, but you need to ensure that your device supports it. Simon may chime in with a correction, but I don't think Windows Mobile supported UCC/wildcart certs until WM 6. Other devices may have different support guidelines. http://technet.microsoft.com/en-us/library/cc182301.aspx "Windows Mobile 5.0 does not support the use of wildcard certificates for device-to-server authentication. This restriction applies to all communications, including Exchange ActiveSync." Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Carol Fee [mailto:c...@massbar.org] Sent: Friday, June 25, 2010 9:56 AM To: MS-Exchange Admin Issues Subject: Exchange 2003 OWA Will a UCC or wildcard cert work for OWA/ActiveSync ? ________________________________ Carol Fee Network Administrator 617-338-0623 c...@massbar.org<mailto:c...@massbar.org> [cid:image002.gif@01CB17A6.C3B80C60] Massachusetts Bar Association 20 West Street Boston, MA 02111-1204 (617) 338-0500
<<inline: image002.gif>>