none
Exchange 2013 SSL Certificate

    Question

  • Dear All,

    I need your help on requesting a Exchange 2013 SSL,

    on the past few weeks we have new certificate been applied after while we figured out the exchange powershell stops working because the name wasn't correct on the certificate.

    can I use multiple ow names in one certificate ?

    can I include the powershell management tools name on the certificate ?

    can I include local names .lan /.local in the certificate ?

    thank you

    Thursday, November 26, 2015 8:02 PM

Answers

  • Hi,

    Yes, OWA is Outlook access through a web browser (Outlook Web App). Outlook Anywhere is used by the Outlook software (part of Office). 

    Assigning them different names won't cause a problem, as long as both names resolve to Exchange and both are on the certificate. 

    Services can be webmail.domain.com as long as it resolves to Exchange and is a listed name on the certificate. 

    Assign the IIS service and SMTP service to the certificate. 

    Thanks.


    Please mark as an answer if this answers your question

    Mark Gossa

    MCSE 2003, MCITP Enterprise Administrator 2008 R2, MCSA 2012 R2, MCTS Exchange 2010, MCTS SQL 2012, MCTS SharePoint 2007, VCP4, VCP5, CCNA

    Blog: http://markgossa.blogspot.com   LinkedIn:

    Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    Friday, November 27, 2015 3:51 PM

All replies

  • Yes, you can have multiple names in a certificate. This is actually typical for Exchange Server Deployments. The vendors sell them as SAN (subject alternative names) or UCC (unified communication certificate). They will be a bit more than standard certificates.

    As of the last year or so, you cannot include .local/.lan names in certificates. Instead, you need to adjust the URLs for your web services to use a DNS name that can be registerred on the Internet. This does not need to be the same as the domain you use for email, but generally is to avoid confusion.

    One relatively inexpensive provider of SAN certificates:


    Byron Wright (http://fieldnotes.conexion.ca)

    Thursday, November 26, 2015 9:27 PM
  • Yes, you can have multiple names in a certificate. This is actually typical for Exchange Server Deployments. The vendors sell them as SAN (subject alternative names) or UCC (unified communication certificate). They will be a bit more than standard certificates.

    As of the last year or so, you cannot include .local/.lan names in certificates. Instead, you need to adjust the URLs for your web services to use a DNS name that can be registerred on the Internet. This does not need to be the same as the domain you use for email, but generally is to avoid confusion.

    One relatively inexpensive provider of SAN certificates:


    Byron Wright (http://fieldnotes.conexion.ca)

    Thank you for your explination

    last time I've used the 3rd party certificate for the exchange however the management shell stops working because the certificate wasn't valid,

    the management shell was confused, was looking for exchange.domain.lan and the certificate name has exchange.domain.com

    should I add local names to the certificate ? or not ?

    have to change the exchange management shell to connect using external name rather than internal over the ssl ?

    thank you

    Thursday, November 26, 2015 10:54 PM
  • Hi,

    For now, .local cannot be used on public certificate, we can configure split-DNS to host internal DNS zone for mail.domain.com. Then we can change all VD, autodiscover and etc to mail.domain.com.

    You can have a look at the following thread which is similar to your issue:

    https://social.technet.microsoft.com/Forums/exchange/en-US/57a9575f-d89d-4686-85c9-e88222f172f6/exchange-2007-ssl-certificate-renewal-with-local-domain-name?forum=exchangesvrgenerallegacy&prof=required

    Regards,

    David 

    Friday, November 27, 2015 2:19 AM
    Moderator
  • Hi,

    You don't need the .local names on the certificate for Exchange 2013 or 2016 and in fact you can no longer get .local names on certificates from public CAs. You shouldn't have any problems with the Exchange Management Shell but please post your issue if you find one. The only names you need are autodiscover.domain.com and mail.domain.com (or whatever address you are using for OWA, Outlook Anywhere etc). If you have multiple domains then you'll need these names for each domain. 

    The first step you need to do is configure Exchange not to require the .local names. See here on how to set all your virtual directory URLs: http://markgossa.blogspot.com/2015/10/Exchange-2013-2016-Set-VirtualDirectory.html

    Once done, you can request and install a new certificate. See here: http://markgossa.blogspot.com/2015/09/exchange-2013-install-certificate.html.

    Thanks.


    Please mark as an answer if this answers your question

    Mark Gossa

    MCSE 2003, MCITP Enterprise Administrator 2008 R2, MCSA 2012 R2, MCTS Exchange 2010, MCTS SQL 2012, MCTS SharePoint 2007, VCP4, VCP5, CCNA

    Blog: http://markgossa.blogspot.com   LinkedIn:

    Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    Friday, November 27, 2015 10:14 AM
  • Hi,

    You don't need the .local names on the certificate for Exchange 2013 or 2016 and in fact you can no longer get .local names on certificates from public CAs. You shouldn't have any problems with the Exchange Management Shell but please post your issue if you find one. The only names you need are autodiscover.domain.com and mail.domain.com (or whatever address you are using for OWA, Outlook Anywhere etc). If you have multiple domains then you'll need these names for each domain. 

    The first step you need to do is configure Exchange not to require the .local names. See here on how to set all your virtual directory URLs: http://markgossa.blogspot.com/2015/10/Exchange-2013-2016-Set-VirtualDirectory.html

    Once done, you can request and install a new certificate. See here: http://markgossa.blogspot.com/2015/09/exchange-2013-install-certificate.html.

    Thanks.


    Please mark as an answer if this answers your question

    Mark Gossa

    MCSE 2003, MCITP Enterprise Administrator 2008 R2, MCSA 2012 R2, MCTS Exchange 2010, MCTS SQL 2012, MCTS SharePoint 2007, VCP4, VCP5, CCNA

    Blog: http://markgossa.blogspot.com   LinkedIn:

    Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    Mark thank you so much,

    you mean on the owa web , we can use multiple names on the request.

    like let say we send with 4 domains using our exchange.

    on the certificate request we can request the owa : webmail.domain.com,webmail.domain2.com,webmail.domain3.com"

    and the same for autodiscover?

    and when user domain1 try to open his email using outlook it will validate the name , and the same for domain 2 and 3 ?

    thank you  

    Friday, November 27, 2015 12:16 PM
  • You can use as many names as you like on a SAN/UCC certificate. However, there is typically an additional cost for names beyond 3 or 5 depending on the vendor.

    Often organizations, pick a single domain to use for webmail and call it their coporate standard. Including multiple autodiscover records can be helpful for configuring external clients.


    Byron Wright (http://fieldnotes.conexion.ca)

    Friday, November 27, 2015 2:03 PM
  • Hello julien

    You can use Exchange 2013 ECP to create new CSR to include all names you want to use on internet.

    Yes you can use multiple SAN names in one certificate.

    Yes you can also used the powershell management tools names also.

    Do not include your internal name like local in certificate.


    Please mark as an answer if this answers your question .

    PREM RANA

    MCSE Exchange 2013, MCSA 2012 Server MCTS Exchange 2007,

    2010, MCITP Exchange 2007, 2010 MCSE 2003 Server,

    MCSA Exchange 2003 ITIL V3 Foundation

    https://ranaprem.wordpress.com/

    This posting is provided AS IS with no warranties and confers no rights.

    Friday, November 27, 2015 2:08 PM
  • Hello julien

    You can use Exchange 2013 ECP to create new CSR to include all names you want to use on internet.

    Yes you can use multiple SAN names in one certificate.

    Yes you can also used the powershell management tools names also.

    Do not include your internal name like local in certificate.


    Please mark as an answer if this answers your question .

    PREM RANA

    MCSE Exchange 2013, MCSA 2012 Server MCTS Exchange 2007,

    2010, MCITP Exchange 2007, 2010 MCSE 2003 Server,

    MCSA Exchange 2003 ITIL V3 Foundation

    https://ranaprem.wordpress.com/

    This posting is provided AS IS with no warranties and confers no rights.

    Thank you Rana,

    so all services will use webmail.domain.com and autodiscover will use autodiscover.domain.com

    am I right ?

    in the mean way I am in the middle of generering the certificate and don't want to do any mistake,

    on the outlook anywhere I have to specify  webmail.comain.com,webmail.domain2.com ? or owa ?

    Friday, November 27, 2015 2:12 PM
  • Hi,

    You don't need the .local names on the certificate for Exchange 2013 or 2016 and in fact you can no longer get .local names on certificates from public CAs. You shouldn't have any problems with the Exchange Management Shell but please post your issue if you find one. The only names you need are autodiscover.domain.com and mail.domain.com (or whatever address you are using for OWA, Outlook Anywhere etc). If you have multiple domains then you'll need these names for each domain. 

    The first step you need to do is configure Exchange not to require the .local names. See here on how to set all your virtual directory URLs: http://markgossa.blogspot.com/2015/10/Exchange-2013-2016-Set-VirtualDirectory.html

    Once done, you can request and install a new certificate. See here: http://markgossa.blogspot.com/2015/09/exchange-2013-install-certificate.html.

    Thanks.


    Please mark as an answer if this answers your question

    Mark Gossa

    MCSE 2003, MCITP Enterprise Administrator 2008 R2, MCSA 2012 R2, MCTS Exchange 2010, MCTS SQL 2012, MCTS SharePoint 2007, VCP4, VCP5, CCNA

    Blog: http://markgossa.blogspot.com   LinkedIn:

    Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    Mark thank you so much,

    you mean on the owa web , we can use multiple names on the request.

    like let say we send with 4 domains using our exchange.

    on the certificate request we can request the owa : webmail.domain.com,webmail.domain2.com,webmail.domain3.com"

    and the same for autodiscover?

    and when user domain1 try to open his email using outlook it will validate the name , and the same for domain 2 and 3 ?

    thank you  

    Hi,

    Yes, you can have multiple names on the same certificate that you use for Exchange services. Set up these names if you have 4  domains:

    1. webmail.domain1.com
    2. webmail.domain2.com
    3. webmail.domain3.com
    4. webmail.domain4.com
    5. autodiscover.domain1.com
    6. autodiscover.domain2.com
    7. autodiscover.domain3.com
    8. autodiscover.domain4.com

    If you want, you can have only one webmail.domain.com and all users use this for webmail and other connections but this is up to you. 

    Assuming you've configured your virtual directories and your autodiscover.domain*.com A records correctly, autodiscover should work for all domains. 

    Let me know if this now answers your question.

    Thanks.


    Please mark as an answer if this answers your question

    Mark Gossa

    MCSE 2003, MCITP Enterprise Administrator 2008 R2, MCSA 2012 R2, MCTS Exchange 2010, MCTS SQL 2012, MCTS SharePoint 2007, VCP4, VCP5, CCNA

    Blog: http://markgossa.blogspot.com   LinkedIn:

    Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    Friday, November 27, 2015 2:29 PM
  • Hi,

    You don't need the .local names on the certificate for Exchange 2013 or 2016 and in fact you can no longer get .local names on certificates from public CAs. You shouldn't have any problems with the Exchange Management Shell but please post your issue if you find one. The only names you need are autodiscover.domain.com and mail.domain.com (or whatever address you are using for OWA, Outlook Anywhere etc). If you have multiple domains then you'll need these names for each domain. 

    The first step you need to do is configure Exchange not to require the .local names. See here on how to set all your virtual directory URLs: http://markgossa.blogspot.com/2015/10/Exchange-2013-2016-Set-VirtualDirectory.html

    Once done, you can request and install a new certificate. See here: http://markgossa.blogspot.com/2015/09/exchange-2013-install-certificate.html.

    Thanks.


    Please mark as an answer if this answers your question

    Mark Gossa

    MCSE 2003, MCITP Enterprise Administrator 2008 R2, MCSA 2012 R2, MCTS Exchange 2010, MCTS SQL 2012, MCTS SharePoint 2007, VCP4, VCP5, CCNA

    Blog: http://markgossa.blogspot.com   LinkedIn:

    Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    Mark thank you so much,

    you mean on the owa web , we can use multiple names on the request.

    like let say we send with 4 domains using our exchange.

    on the certificate request we can request the owa : webmail.domain.com,webmail.domain2.com,webmail.domain3.com"

    and the same for autodiscover?

    and when user domain1 try to open his email using outlook it will validate the name , and the same for domain 2 and 3 ?

    thank you  

    Hi,

    Yes, you can have multiple names on the same certificate that you use for Exchange services. Set up these names if you have 4  domains:

    1. webmail.domain1.com
    2. webmail.domain2.com
    3. webmail.domain3.com
    4. webmail.domain4.com
    5. autodiscover.domain1.com
    6. autodiscover.domain2.com
    7. autodiscover.domain3.com
    8. autodiscover.domain4.com

    If you want, you can have only one webmail.domain.com and all users use this for webmail and other connections but this is up to you. 

    Assuming you've configured your virtual directories and your autodiscover.domain*.com A records correctly, autodiscover should work for all domains. 

    Let me know if this now answers your question.

    Thanks.


    Please mark as an answer if this answers your question

    Mark Gossa

    MCSE 2003, MCITP Enterprise Administrator 2008 R2, MCSA 2012 R2, MCTS Exchange 2010, MCTS SQL 2012, MCTS SharePoint 2007, VCP4, VCP5, CCNA

    Blog: http://markgossa.blogspot.com   LinkedIn:

    Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    Mark your support is appreaciated it,

    on each domain of the regista side , I've created A and CNAME record pointing to the IP of the exchange,

    when you says virtual directories, do you mean on the exchange IIS side ?

    where do I have to specify multiple webmails on the Outlook Anywhere while requesting the certificate or on the OWA ?

    Outlook Web App (when accessed from the Internet) or Outlook Anywhere ?

    do I have to put each domain on separated line or on the same line ?

    like

    webmail.domain1.com

    webmail.domain2.com

    or

    webmail.domain1.com,webmail.domain2.com ?

    thank you


    • Edited by Julien.AG Friday, November 27, 2015 2:54 PM
    Friday, November 27, 2015 2:53 PM
  • Hi,

    The virtual directories are configured using the Exchange Management Shell. Instructions are here: http://markgossa.blogspot.com/2015/10/Exchange-2013-2016-Set-VirtualDirectory.html. Follow this article to set the virtual directories. 

    Once you do this, follow the instructions in this article to create a new certificate request: http://markgossa.blogspot.com/2015/09/exchange-2013-install-certificate.html.

    All your questions are answered in these two articles. 

    Thanks.


    Please mark as an answer if this answers your question

    Mark Gossa

    MCSE 2003, MCITP Enterprise Administrator 2008 R2, MCSA 2012 R2, MCTS Exchange 2010, MCTS SQL 2012, MCTS SharePoint 2007, VCP4, VCP5, CCNA

    Blog: http://markgossa.blogspot.com   LinkedIn:

    Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    Friday, November 27, 2015 3:03 PM
  • Hi,

    The virtual directories are configured using the Exchange Management Shell. Instructions are here: http://markgossa.blogspot.com/2015/10/Exchange-2013-2016-Set-VirtualDirectory.html. Follow this article to set the virtual directories. 

    Once you do this, follow the instructions in this article to create a new certificate request: http://markgossa.blogspot.com/2015/09/exchange-2013-install-certificate.html.

    All your questions are answered in these two articles. 

    Thanks.


    Please mark as an answer if this answers your question

    Mark Gossa

    MCSE 2003, MCITP Enterprise Administrator 2008 R2, MCSA 2012 R2, MCTS Exchange 2010, MCTS SQL 2012, MCTS SharePoint 2007, VCP4, VCP5, CCNA

    Blog: http://markgossa.blogspot.com   LinkedIn:

    Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    thank you mark,

    I've found those links already and I see I can use only one name on the virtual directory.

    webmail.domain1.com

    if the certificate contain the DNS name on of webmail.domain2.com and DNS A and Cname record are already created for webmail.domain2.com,

    when the user type webmail.domain2.com on the browser they will see the their own webmail.domain2.com on the browse or will be redirected to webmail.domain1.com as on the virtual directory ?

    Friday, November 27, 2015 3:09 PM
  • Hi,

    Yes, you can only use one name for each virtual directory internal or external url. 

    When you add names to a certificate, the DNS records are not already created. You need to create them. 

    When the user types webmail.domain2.com for OWA, their browser will show webmail.domain2.com. It uses the input from the user rather than what is on the virtual directory. 

    For other Outlook web services, such as EWS and OAB, Outlook will connect to the urls specified on the virtual directories. 

    Thanks.


    Please mark as an answer if this answers your question

    Mark Gossa

    MCSE 2003, MCITP Enterprise Administrator 2008 R2, MCSA 2012 R2, MCTS Exchange 2010, MCTS SQL 2012, MCTS SharePoint 2007, VCP4, VCP5, CCNA

    Blog: http://markgossa.blogspot.com   LinkedIn:

    Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    Friday, November 27, 2015 3:14 PM
  • Hi,

    Yes, you can only use one name for each virtual directory internal or external url. 

    When you add names to a certificate, the DNS records are not already created. You need to create them. 

    When the user types webmail.domain2.com for OWA, their browser will show webmail.domain2.com. It uses the input from the user rather than what is on the virtual directory. 

    For other Outlook web services, such as EWS and OAB, Outlook will connect to the urls specified on the virtual directories. 

    Thanks.


    Please mark as an answer if this answers your question

    Mark Gossa

    MCSE 2003, MCITP Enterprise Administrator 2008 R2, MCSA 2012 R2, MCTS Exchange 2010, MCTS SQL 2012, MCTS SharePoint 2007, VCP4, VCP5, CCNA

    Blog: http://markgossa.blogspot.com   LinkedIn:

    Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    Mark you are the start and make my day,

    now is the last question,

    where do I have to specify webmail.domain1.com and webmail.domain2.com

    on the Outlook anywhere ? or on the OWA ? and in which way do I have to do this ?

    webmail.domain1.com,webmail.domain2.com

    or

    webmail.domain1.com
    webmail.domain2.com

    thank you sir

    Friday, November 27, 2015 3:18 PM
  • Hi,

    Set the OWA virtual directory internal and external url to your main webmail URL, e.g. webmail.domain1.com although it doesn't really matter which one. 

    As for webmail.domain2.com and the others, you just need to create the A records in DNS to resolve to the IP of Exchange.

    Thanks.


    Please mark as an answer if this answers your question

    Mark Gossa

    MCSE 2003, MCITP Enterprise Administrator 2008 R2, MCSA 2012 R2, MCTS Exchange 2010, MCTS SQL 2012, MCTS SharePoint 2007, VCP4, VCP5, CCNA

    Blog: http://markgossa.blogspot.com   LinkedIn:

    Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    Friday, November 27, 2015 3:21 PM
  • Hi,

    Set the OWA virtual directory internal and external url to your main webmail URL, e.g. webmail.domain1.com although it doesn't really matter which one. 

    As for webmail.domain2.com and the others, you just need to create the A records in DNS to resolve to the IP of Exchange.

    Thanks.


    Please mark as an answer if this answers your question

    Mark Gossa

    MCSE 2003, MCITP Enterprise Administrator 2008 R2, MCSA 2012 R2, MCTS Exchange 2010, MCTS SQL 2012, MCTS SharePoint 2007, VCP4, VCP5, CCNA

    Blog: http://markgossa.blogspot.com   LinkedIn:

    Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    Thank you so much Mark,

    on the below picture,  outlook web app should I mention the webmail.domain.com or Outlook Anywhere ?

    names on the request should be

    webmail.domain.com
    webmail.domain2.com

    or

    domain.webmail1.com,webmail,domain2.com

    Friday, November 27, 2015 3:28 PM
  • Hi,

    This should be one of the OWA addresses you will use but ensure that you choose a name that is on your certificate. 

    Thanks.


    Please mark as an answer if this answers your question

    Mark Gossa

    MCSE 2003, MCITP Enterprise Administrator 2008 R2, MCSA 2012 R2, MCTS Exchange 2010, MCTS SQL 2012, MCTS SharePoint 2007, VCP4, VCP5, CCNA

    Blog: http://markgossa.blogspot.com   LinkedIn:

    Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    Friday, November 27, 2015 3:37 PM
  • Hi,

    This should be one of the OWA addresses you will use but ensure that you choose a name that is on your certificate. 

    Thanks.


    Please mark as an answer if this answers your question

    Mark Gossa

    MCSE 2003, MCITP Enterprise Administrator 2008 R2, MCSA 2012 R2, MCTS Exchange 2010, MCTS SQL 2012, MCTS SharePoint 2007, VCP4, VCP5, CCNA

    Blog: http://markgossa.blogspot.com   LinkedIn:

    Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    Thank you so much mark,

    OWA is different than outlook anywhere ?

    assigning both webmail 1 and 2 on the owa and outlook anywhere wouldn't have a impact ?

    does it matter if I call all services webmail.domain.com ? or have to use like outlook https://webmail.domain.com/Microsoft-Server-ActiveSync or https://webmail.domain.com ?

    when the certificate is applied, which services do I need to assign to the certificate ? IIS, IMAP,POP,SMTP ?


    • Edited by Julien.AG Friday, November 27, 2015 3:48 PM
    Friday, November 27, 2015 3:40 PM
  • Hi,

    Yes, OWA is Outlook access through a web browser (Outlook Web App). Outlook Anywhere is used by the Outlook software (part of Office). 

    Assigning them different names won't cause a problem, as long as both names resolve to Exchange and both are on the certificate. 

    Services can be webmail.domain.com as long as it resolves to Exchange and is a listed name on the certificate. 

    Assign the IIS service and SMTP service to the certificate. 

    Thanks.


    Please mark as an answer if this answers your question

    Mark Gossa

    MCSE 2003, MCITP Enterprise Administrator 2008 R2, MCSA 2012 R2, MCTS Exchange 2010, MCTS SQL 2012, MCTS SharePoint 2007, VCP4, VCP5, CCNA

    Blog: http://markgossa.blogspot.com   LinkedIn:

    Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    Friday, November 27, 2015 3:51 PM
  • Hi,

    Yes, OWA is Outlook access through a web browser (Outlook Web App). Outlook Anywhere is used by the Outlook software (part of Office). 

    Assigning them different names won't cause a problem, as long as both names resolve to Exchange and both are on the certificate. 

    Services can be webmail.domain.com as long as it resolves to Exchange and is a listed name on the certificate. 

    Assign the IIS service and SMTP service to the certificate. 

    Thanks.


    Please mark as an answer if this answers your question

    Mark Gossa

    MCSE 2003, MCITP Enterprise Administrator 2008 R2, MCSA 2012 R2, MCTS Exchange 2010, MCTS SQL 2012, MCTS SharePoint 2007, VCP4, VCP5, CCNA

    Blog: http://markgossa.blogspot.com   LinkedIn:

    Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    Mark thank you so much,

    its works now,

    big thank you guys for your help




    • Edited by Julien.AG Friday, November 27, 2015 6:44 PM
    Friday, November 27, 2015 4:21 PM
  • Hello Julien

    It is always recommended to use a single name space for internet SAN Names.

    Let say you use mail.domain.com for OWA. you can use the same for outlook anywhere, POP, IMAP,

    For autodiscover, it will be something like autodiscover.domain.com


    Please mark as an answer if this answers your question .

    PREM RANA

    MCSE Exchange 2013, MCSA 2012 Server MCTS Exchange 2007,

    2010, MCITP Exchange 2007, 2010 MCSE 2003 Server,

    MCSA Exchange 2003 ITIL V3 Foundation

    https://ranaprem.wordpress.com/

    This posting is provided AS IS with no warranties and confers no rights.

    Saturday, November 28, 2015 6:43 AM
  • Hello Julien

    It is always recommended to use a single name space for internet SAN Names.

    Let say you use mail.domain.com for OWA. you can use the same for outlook anywhere, POP, IMAP,

    For autodiscover, it will be something like autodiscover.domain.com


    Please mark as an answer if this answers your question .

    PREM RANA

    MCSE Exchange 2013, MCSA 2012 Server MCTS Exchange 2007,

    2010, MCITP Exchange 2007, 2010 MCSE 2003 Server,

    MCSA Exchange 2003 ITIL V3 Foundation

    https://ranaprem.wordpress.com/

    This posting is provided AS IS with no warranties and confers no rights.


    Mark and Perm thank you so much.
    Sunday, November 29, 2015 6:10 PM
  • Please help.

    somehow the owa and ecp stops working .

    I get the log in page and when I enter the username and password the page doesn't load.

    also outlook users can't connect !

    please advise

    on the ISS the certificate is fine selected on port 443.

    Monday, November 30, 2015 2:12 AM
  • Hi,

    Let me know what error you are getting. 

    Also, run the Test-ExchangeCertificate cmdlet which you can download from here: https://gallery.technet.microsoft.com/office/Exchange-2010-2013-2016-a6156d87

    Please post the output and hide your domain names if you wish. This will let check that you have the correct certificate assigned. 

    How many Exchange servers do you have and are they in different AD sites?

    Thanks.


    Please mark as an answer if this answers your question

    Mark Gossa

    MCSE 2003, MCITP Enterprise Administrator 2008 R2, MCSA 2012 R2, MCTS Exchange 2010, MCTS SQL 2012, MCTS SharePoint 2007, VCP4, VCP5, CCNA

    Blog: http://markgossa.blogspot.com   LinkedIn:

    Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    Monday, November 30, 2015 11:55 AM
  • Hi,

    Have you received any error message on outlook side?

    Please run the following command to check your certificate settings on Exchange server:
    Get-ExchangeCertificate | fl

    Regards,

    David 

    Tuesday, December 1, 2015 1:25 AM
    Moderator