SSL certificate error in Outlook

There are probably numerous reasons why you would get a SSL certificate error in Outlook while connected to an Exchange server, what follows is what I have found most often.

Get current paths for Exchange configuration from the server, run the following commands in the Exchange Management Shell:

Get-WebServicesVirtualDirectory | fl identity,internalurl,externalurl
Get-ClientAccessServer | fl identity,autodiscoverserviceinternaluri (yes uri, not url)
Get-OABVirtualDirectory | fl identity,internalurl,externalurl
Get-ExchangeCertificate | where { $_.Services.ToString().Contains(“IIS”) –eq $true } | fl Cert*
Get-OutlookAnywhere | fl identify,external*

If any of the paths don’t reflect what they should be for your organization, you can change them with the following:

To Set Internal Paths:
Set-ClientAccessServer -Identity <CAS_Server_Name> -AutodiscoverServiceInternalUri https://mail.contoso.com/autodiscover/autodiscover.xml
Set-WebServicesVirtualDirectory -Identity “CAS_Server_Name\EWS (Default Web Site)” -InternalUrl https://mail.contoso.com/ews/exchange.asmx
Set-OABVirtualDirectory -Identity “CAS_Server_name\oab (Default Web Site)” -InternalUrl https://mail.contoso.com/oab
NOTE: Next is for Exchange 2007 Only. Removed from later versions of Exchange.
Set-UMVirtualDirectory -Identity “CAS_Server_Name\unifiedmessaging (Default Web Site)” -InternalUrl https://mail.contoso.com/unifiedmessaging/service.asmx

NOTE: Must Reset IIS After These Changes:

DNS:

Must have zone mail.<domainname>.com
A Record with blank Name and IP = CAS Server IP

Tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *