locked
About starting OWA and certificate RRS feed

  • Question

  • Hi folks,

    Server:-
    Exchange Server 2010
    Windows Server 2008 R2
    OWA

    Workstation:-
    Windows 7 64 bit


    Both the Server and Workstation are on the same Intranet.

    On Server IE
    http://servername.domain.com/owa/

    can start OWA and logon users mail accounts


    But;
    http://www.domain.com/owa/
    http://domain.com/owa/

    can't start OWA with following warning popup:
    To use Outlook Web App, browser settings must allow scripts to run. For information about how to allow scripts, consult the Help for your browser. If your browser doesn't support scripts, you can download Windows Internet Explorer for access to Outlook Web App.

    Pls advise is it normal?  If NO, pls advise how to fix the problem.  Thanks.


    On Workstartion IE

    http://servername.domain.com/owa

    can't start OWA


    http://www.domain.com/owa/
    http://domain.com/owa/

    can start OWA and login users' account.  But I can't install the self-signed certificate.  It is NOT there.  The "Install Certificate" button disappears.

    Please advise how to fix the problem.  TIA


    B.R.
    satimis
    Friday, July 30, 2010 4:05 AM

Answers

  • Hi satimis,

    "Install Certificate" tab appears

    But I can't install it.  Each time installation starts.  After finish the tab still there.  Each time starting https://domain.com or https://www.domain.com it still requests for installation of certificate

    You installed a certificate with one FQDN (http://servername.domain.com/owa/)
    and the other are not integrated (http://www.domain.com/owa/ and
    http://domain.com/owa/) in cert. As a result you get a cert error.

    Have a look here and install a SAN cert:
    http://www.msexchange.org/articles_tutorials/exchange-server-2007/mobility-client-access/securing-exchange-2007-client-access-server-3rd-party-san-certificate.html

    Best regards
    Christian

    • Proposed as answer by Xiu Zhang Monday, August 2, 2010 7:08 AM
    • Marked as answer by Xiu Zhang Sunday, August 8, 2010 12:45 PM
    Friday, July 30, 2010 7:28 AM
  • Hi Satimis,

    When you install Exchange 2010 CAS, a self-signed certificate will be created and assigned to the server.  You can see this certificate in the EMC by going to Server Configuration, selecting the CAS server and looking in the Exchange Certificates pane at the bottom.  This self-signed certificate will be for your servername.domain.com but not for other domains.  If you want to use a different domain, for example webmail.domain.com, you would need to get another certificate that supports that name.  Generally, a Subject Alternative Name certificate is used by many people.  This certificate will allow several domain names to be covered by the one certificate. For a testing environment, setting up a AD Certificate Services system might help you with this, but this isn't necessarily trivial to do. 

    As for why you can't install the certificate when you go into OWA, it may be because IE doesn't see the website as a trusted site, so it won't allow you to download the certificate.  I'm not sure you'd need to download the certificate anyway, as it's only going to pop up warnings but not block OWA from working. 

    And yes, using www.domainname.com is probably not advisable if you're even remotely likely to be using www.domainname.com for any other purposes, such as hosting a website.  Even in testing, it's not really a good habit to get into it as it'll muddy the waters.

    Regards,

    Kris

     

    • Marked as answer by Xiu Zhang Sunday, August 8, 2010 12:45 PM
    Thursday, August 5, 2010 3:38 PM

All replies

  • why do you want to make www.domain.com/owa and domain.com/owa this will render your website unaccessible 
    Regards, Mahmoud Magdy Watch Arabic Level 300 Videos about Exchange 2010 here: http://vimeo.com/user3271816 Read pretty advanced Exchange stuff I post here: http://www.enowconsulting.com/ese/blog.asp, follow my blog: http://autodiscover.wordpress.com , corp blog: http://ingazat.wordpress.com and if you Liked my post please mark it as helpful and accept it as an answer
    Friday, July 30, 2010 6:03 AM
  • Hi satimis,

    Pls advise is it normal?  If NO, pls advise how to fix the problem.  Thanks.

    On Workstartion IE

    http://servername.domain.com/owa

    can't start OWA

    http://www.domain.com/owa/
    http://domain.com/owa/

    can start OWA and login users' account.  But I can't install the self-signed certificate.  It is NOT there.  The "Install Certificate" button disappears.

    Please advise how to fix the problem.  TIA

    1. You can enable "Allow Scriptlets" under "ActiveX Control" in the Internet
    Options - Security - Custom level for Internet zone.
    2. You can add the OWA server to the Trust site.

    Best regards
    Christian

    Friday, July 30, 2010 6:06 AM
  • why do you want to make www.domain.com/owa and domain.com/owa this will render your website unaccessible 
    Regards, Mahmoud Magdy Watch Arabic Level 300 Videos about Exchange 2010 here: http://vimeo.com/user3271816 Read pretty advanced Exchange stuff I post here: http://www.enowconsulting.com/ese/blog.asp, follow my blog: http://autodiscover.wordpress.com , corp blog: http://ingazat.wordpress.com and if you Liked my post please mark it as helpful and accept it as an answer


    Hi,

    I haven't hosted a website yet.  Neither I have a webpage created.  I just installed Windows Server 2008 R2 and then installed Exchange Server 2010 on it.

     

    B.R.

    satimis

    Friday, July 30, 2010 6:11 AM
  • Hi satimis,

    Pls advise is it normal?  If NO, pls advise how to fix the problem.  Thanks.

    On Workstartion IE

    http://servername.domain.com/owa

    can't start OWA

    http://www.domain.com/owa/
    http://domain.com/owa/

    can start OWA and login users' account.  But I can't install the self-signed certificate.  It is NOT there.  The "Install Certificate" button disappears.

    Please advise how to fix the problem.  TIA

    1. You can enable "Allow Scriptlets" under "ActiveX Control" in the Internet
    Options - Security - Custom level for Internet zone.
    2. You can add the OWA server to the Trust site.

    Best regards
    Christian


    Hi Christian,

     

    Thanks for your advice.

    IE
    Internet Options
    -> Security -> Custom level
    ActiveX controls and plug-ins
    -Allow previously unused ActiveX controls to run without prompt
    (Disable)
    -Allow Scriptlets

    Change
    (Prompt) -> Enable
    -> OK

    Are you sure you want to change the settings for this zone?
    -> Yes -> OK

    restart IE

    https://www.domain.com/owa

    Problem remains the same with the warning popup


    On client side
    Windows 7 workstation

    Start IE
    add:
    https://www.domain.com
    https://domain.com
    to Trusted Site

    Restart IE

    "Install Certificate" tab appears

    But I can't install it.  Each time installation starts.  After finish the tab still there.  Each time starting https://domain.com or https://www.domain.com it still requests for installation of certificate

    B.R.

    satimis

    Friday, July 30, 2010 6:50 AM
  • this is because you shouldn't access your email system ysing www.domain.com it should be using webmail or mail.domain.com
    Regards, Mahmoud Magdy Watch Arabic Level 300 Videos about Exchange 2010 here: http://vimeo.com/user3271816 Read pretty advanced Exchange stuff I post here: http://www.enowconsulting.com/ese/blog.asp, follow my blog: http://autodiscover.wordpress.com , corp blog: http://ingazat.wordpress.com and if you Liked my post please mark it as helpful and accept it as an answer
    Friday, July 30, 2010 6:53 AM
  • Hi satimis,

    "Install Certificate" tab appears

    But I can't install it.  Each time installation starts.  After finish the tab still there.  Each time starting https://domain.com or https://www.domain.com it still requests for installation of certificate

    You installed a certificate with one FQDN (http://servername.domain.com/owa/)
    and the other are not integrated (http://www.domain.com/owa/ and
    http://domain.com/owa/) in cert. As a result you get a cert error.

    Have a look here and install a SAN cert:
    http://www.msexchange.org/articles_tutorials/exchange-server-2007/mobility-client-access/securing-exchange-2007-client-access-server-3rd-party-san-certificate.html

    Best regards
    Christian

    • Proposed as answer by Xiu Zhang Monday, August 2, 2010 7:08 AM
    • Marked as answer by Xiu Zhang Sunday, August 8, 2010 12:45 PM
    Friday, July 30, 2010 7:28 AM
  • Hi satimis,

    "Install Certificate" tab appears

    But I can't install it.  Each time installation starts.  After finish the tab still there.  Each time starting https://domain.com or https://www.domain.com it still requests for installation of certificate

    You installed a certificate with one FQDN (http://servername.domain.com/owa/ )
    and the other are not integrated (http://www.domain.com/owa/ and
    http://domain.com/owa/ ) in cert. As a result you get a cert error.

    Have a look here and install a SAN cert:
    http://www.msexchange.org/articles_tutorials/exchange-server-2007/mobility-client-access/securing-exchange-2007-client-access-server-3rd-party-san-certificate.html

    Best regards
    Christian


    Hi Christian,

     

    Thanks for your advice and URL.

    I couldn't figure out how to get and install a SAN certificate on client PC (Win 7).  Do I need to purchase it?  But this is testing.

    B.R.

    satimis

     

     

    Thursday, August 5, 2010 2:19 PM
  • Hi Satimis,

    When you install Exchange 2010 CAS, a self-signed certificate will be created and assigned to the server.  You can see this certificate in the EMC by going to Server Configuration, selecting the CAS server and looking in the Exchange Certificates pane at the bottom.  This self-signed certificate will be for your servername.domain.com but not for other domains.  If you want to use a different domain, for example webmail.domain.com, you would need to get another certificate that supports that name.  Generally, a Subject Alternative Name certificate is used by many people.  This certificate will allow several domain names to be covered by the one certificate. For a testing environment, setting up a AD Certificate Services system might help you with this, but this isn't necessarily trivial to do. 

    As for why you can't install the certificate when you go into OWA, it may be because IE doesn't see the website as a trusted site, so it won't allow you to download the certificate.  I'm not sure you'd need to download the certificate anyway, as it's only going to pop up warnings but not block OWA from working. 

    And yes, using www.domainname.com is probably not advisable if you're even remotely likely to be using www.domainname.com for any other purposes, such as hosting a website.  Even in testing, it's not really a good habit to get into it as it'll muddy the waters.

    Regards,

    Kris

     

    • Marked as answer by Xiu Zhang Sunday, August 8, 2010 12:45 PM
    Thursday, August 5, 2010 3:38 PM