• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

RE: My Exchange 2007 installation guide

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2007] >> Installation >> RE: My Exchange 2007 installation guide Page: <<   < prev  1 [2] 3   next >   >>
Login
Message << Older Topic   Newer Topic >>
RE: My Exchange 2007 installation guide - 4.Jan.2008 1:35:18 AM   
hypknight

 

Posts: 6
Joined: 3.Jan.2008
Status: offline
Thanks for the reply!
  
Well, everything **appears** to be fine with the cert installation. I view it from within IIS and it says it's the GoDaddy cert. I called GoDaddy and they went through a rekey and reinstall of the cert with me using the exact procedure that I have done every time and told me I did everything correctly, but they have no clue why it's still referencing the  self-signed certificate. They said they can't help me, but they wish me luck...

Everything points to the GoDaddy cert from what I can see, but when viewed in IE, it still gives the cert error...

I'm stuck.

(in reply to TwoJ)
Post #: 21
RE: My Exchange 2007 installation guide - 4.Jan.2008 9:08:10 PM   
TwoJ

 

Posts: 46
Joined: 21.Feb.2007
Status: offline
well i'm sure that is fustrating!

I would see if you can backup the self-signed cert, export i think, and then delete it and the godaddy so there should be no certs on IIS.
If you can do that then maybe just try re-installing just the godaddy

The other choice may be to create another web site and see about installing the godaddy on that website (you can only have 1 ssl cert per website) and see if you can see if it registers on that one. The process to do that is a bit lenghty but if you google it i'm sure you can find an example.

That would be my next line of attack


(in reply to hypknight)
Post #: 22
RE: My Exchange 2007 installation guide - 5.Jan.2008 1:54:55 AM   
hypknight

 

Posts: 6
Joined: 3.Jan.2008
Status: offline
Well,
   I exported and removed the Self-Signed cert... the system became angry with me and now won't respond on the OWA site. I tryed to re-import it and switch back to no avail. I'm also now getting synchronization errors complaining that Outlook can't find my Offline Address Book to sync to.

   I'm going to shoot it. I mean this in a fairly literal sense as I'm currently watching the 'Uninstall Exchange Server 2007' progress bar. We'll try a re-install and see what happens. If you have any ideas, PLEASE feel free to post them.

   Thanks for all the continued help and advice.

(in reply to TwoJ)
Post #: 23
RE: My Exchange 2007 installation guide - 5.Jan.2008 10:22:49 AM   
RedlightG20

 

Posts: 13
Joined: 28.Aug.2007
Status: offline
TwoJ, thanks again for all of your help.  My Exchange installation is now working perfectly!

Many of my problems stemmed from the DNS settings I had with my webhost 1and1.  For my mail.domain.com domain, I had it set for DNS FORWARDING to the external IP of my CAS instead of actually changing the A Record for mail.domain.com.  Duh!

Cheers! 

< Message edited by RedlightG20 -- 5.Jan.2008 10:27:50 AM >

(in reply to hypknight)
Post #: 24
RE: My Exchange 2007 installation guide - 5.Jan.2008 10:48:40 AM   
TwoJ

 

Posts: 46
Joined: 21.Feb.2007
Status: offline
@Redlight - i'm happy its working for you.

@hypknight - i hope this is just a trial server? Anyways i hope the uninstall went well, i initially screwed up IIS and removed it, then re-installed it, that screwed up exchange, so i tried uninstalling exchange and that didn't work. So basically i needed to re-install the whole server - hense one of the reasons why i wrote this guide down so if i need to do it again - i remember what to do!
It would not be unusual that OWA, OAB start not working, these are designed to work by default in https, hense if there is no ssl cert there is no https.
It does suprise me that if you re-imported the ssl cert that owa et al wouldn't start working again, but perhaps there is a problem in IIS and that was what was causing your problem from the start.
Anyways - if you are re-installing - i would recommend just following the guide - it seems that it has worked for a few people based on default installations. hopefully whatever bug happened on your first install won't happen on the re-install.
I don't know if you can but it might be a good idea to re-install the server from scratch - it might have been a bug in the cert repository of windows that might re-appear if you just re-install exchange?

(in reply to RedlightG20)
Post #: 25
RE: My Exchange 2007 installation guide - 5.Jan.2008 2:02:52 PM   
hypknight

 

Posts: 6
Joined: 3.Jan.2008
Status: offline
You're right, I think. I re-installed Exchange and Immediately had the same error. It's probably something to do with IIS, but that still doesn't help me much. The problem is that server is about 6 states away, and I don't currently have the ability to sit down with it a do a full wipe and reinstall of the OS.

I'm really confused as to why this isn't working. I've never seen anyone have this much trouble with a ruddy SSL cert... The strange thing is, I have a CA Server on our network. I requested an SSL key from it out of desperation, and I was able to talk to OWA again... I still got a self-signed error, but I was able to view the login page. At that point, the new CA cert was the only cert in the repository. I had removed all other certs. I again tried to re-install the GoDaddy cert, and received the same error, the site wouldn't respond. I then tried to switch it back, and now it won't switch back to the self-signed again. This thing is killing me...

(in reply to TwoJ)
Post #: 26
RE: My Exchange 2007 installation guide - 5.Jan.2008 4:30:29 PM   
TwoJ

 

Posts: 46
Joined: 21.Feb.2007
Status: offline
One of the reasons i don't particularly like MS software is because of how tightly integrated all the components are - if you have a problem with IIS, there is no uninstalling and that will completely remove all components and settings for it - there are settings everywhere that link windows, IIS & exchange - if there is a problem like yours, the only way to pretty guarentee of flushing it out is to re-install the whole server. Linux is much better in that reguard where the components are not that intertwined with each other.

Anyways - i'm sure we would all like to hear how the battle goes :-)

good luck

(in reply to hypknight)
Post #: 27
RE: My Exchange 2007 installation guide - 5.Jan.2008 10:02:59 PM   
hypknight

 

Posts: 6
Joined: 3.Jan.2008
Status: offline
Well,
   I got so irritated with it, I canned it and went with another physical server. I installed IIS, installed only the Client Access Server Role, ran all applicable updates (save SP1), installed the GoDaddy Intermediate Cert, Generated a Request from Exchange Shell, Re-keyed my GoDaddy cert, installed the new cert from GoDaddy... same result. I'm beginning to think it's the GoDaddy cert... the odds of 2 servers being bad are remote, and I know the process I'm following is correct.

   Any ideas?

(in reply to TwoJ)
Post #: 28
RE: My Exchange 2007 installation guide - 5.Jan.2008 11:04:22 PM   
TwoJ

 

Posts: 46
Joined: 21.Feb.2007
Status: offline
I'm not sure what you mean by
Generated a Request from Exchange Shell,
& Re-keyed my GoDaddy cert

Usually the request is generated in IIS for a cert
re-keyed? do you mean you got a second cert from godaddy?

I have heard of a bad cert in some posting - i guess its possible - you should be able to install just the intermediate & ssl cert on iis without exchange and test that iis is showing the proper cert, then install exchange. exchange will probably by default install its self-signed cert, just go back and switch it after.

(in reply to hypknight)
Post #: 29
RE: My Exchange 2007 installation guide - 6.Jan.2008 12:17:30 AM   
hypknight

 

Posts: 6
Joined: 3.Jan.2008
Status: offline
I've done that... still doesn't work... the process I'm talking about in generating a CSR from Exchange can be found here: http://www.msexchange.org/articles_tutorials/exchange-server-2007/mobility-client-access/securing-exchange-2007-client-access-server-3rd-party-san-certificate.html

This (aparently) is what I'm told is the preferred method when working with exchange. However, regardless of whether it's done this way, or directly theough the IIS snap-in, the result is the same. I'm considering switching CAs to see if another will suit me better. DigiCert seems to be one of the better choices. I may just get a SAN cert and be done with it because I'm tired of messing with this, I just want it to work. Plus, they guarantee a successful install with their support.

What more can I ask for?

(in reply to TwoJ)
Post #: 30
RE: My Exchange 2007 installation guide - 6.Jan.2008 10:13:00 AM   
TwoJ

 

Posts: 46
Joined: 21.Feb.2007
Status: offline
Sorry to hear all the trouble this is causing
The article you linked to is for creating SAN certs, which was one of the basis of this guide is to avoid the use of SANs, mostly just because a $20 ssl cert can do the job of a $400 SAN (contrary to what henrik is saying).
But i realize time is money and if you think a SAN will get it done, then by all means, avoid all the hassels.
I'm just worried that the problem you are experiencing with the godaddy will be carried over to the Digicert since it seem the problem lies with the windows cert repository (windows), IIS (windows), or the Godaddy cert (GoDaddy), if the problem is with windows then another cert should have exactly the same problem, even if they guarentee a sucessful install doesn't mean they're not going to tell you to re-install windows in order to do it. if the problem is with the godaddy cert then another regular ssl cert may work the same as a san, in either case it would seem to indicate the godaddy as the culprit.
Whatever you decide it would be great if you could post the results
thanks

(in reply to hypknight)
Post #: 31
RE: My Exchange 2007 installation guide - 13.Jan.2008 1:29:37 PM   
michaelmcg

 

Posts: 1
Joined: 13.Jan.2008
Status: offline
Hi,
 
First of all, thanks for this great post which was a big help to me. I have now got Outlook Anywhere working with a few issues hopefully someone can help me to resolve.
 
I have been able to set up an exchange account using https://mail.domain.com as the exchange proxy and if this is set up initially when connected to the LAN, it works when the laptop is taken off site and connects over the internet. However I cannot get any of the users to set up their accounts outwith the LAN, as it always comes back with the error, Outlook could not connect to your Exchange server, Outlook must be online to complete this task.
 
The other problem I have found is that when I try and open a shared calendar using Outlook Anywhere, I get the same error.
 
Have I missed something here or is this as good as it gets? My biggest problem here is that I am in the UK and we have offices in far flung locations such as Eastern Europe and India, so need to somehow get these users connected using Outlook Anywhere without having to get them physically on site. I know I could set up a VPN if only for the initial set up but surely there is an easier way to achieve this.
 
Thanks
Mick

(in reply to TwoJ)
Post #: 32
RE: My Exchange 2007 installation guide - 16.Jan.2008 12:50:56 PM   
Lord Melch

 

Posts: 31
Joined: 9.Feb.2007
From: Sussex - England
Status: offline
Nice one 

_____________________________

Cheers
LM

(in reply to TwoJ)
Post #: 33
RE: My Exchange 2007 installation guide - 17.Jan.2008 1:01:10 PM   
TwoJ

 

Posts: 46
Joined: 21.Feb.2007
Status: offline
@mick

Actually i find that a very good question, i would kind of like to know myself, I believe that exchange 2003 had to establish a tcp/ip (lan) connection first to the outlook client in order to install the mailbox. after that you could set up rpc over http to do the sync.
i know that with the autodiscover service of exchange 2007 was made so that outlook anywhere could connect from 'anywhere', but does the initial connection have to be tcp/ip? i don't know.

i'd like to know too if its possible to establish a exchange mailbox on a profile that doesn't belong to a domain, or a domain profile that isn't on the domain to install a mailbox in outlook.

(in reply to Lord Melch)
Post #: 34
RE: My Exchange 2007 installation guide - 18.Jan.2008 4:15:35 PM   
MIDOOooo

 

Posts: 100
Joined: 6.Jul.2007
Status: offline
for both questions>> YES.
u don't have to be part of domain and in first setup u can do it without being connected through LAN. but i think it's preferred to do that over LAN according to microsoft.

_____________________________

MIDOOooo - Mohamed Talaat
Enterprise Support Engineer
Vodafone -Egypt.

(in reply to TwoJ)
Post #: 35
RE: My Exchange 2007 installation guide - 19.Jan.2008 8:21:02 AM   
TwoJ

 

Posts: 46
Joined: 21.Feb.2007
Status: offline
Thank you MIDOOooo
Its one of those things which i thought was possible, since i've heard of exchange hosting but i still can't figure out how can it be done since in setting up an exchange account in outlook it always seems to need a tcp/ip connection to the server.

Can you explain how to set up an exchange account in an outlook client that is not on a LAN or VPN connection with the server? If possible explain any differences in procedure between Outlook & Exchnge 2003/2007, and whether the settings are using Basic or NTLM authentication.

thank you!

-Always more stuff to learn

(in reply to MIDOOooo)
Post #: 36
RE: My Exchange 2007 installation guide - 19.Jan.2008 9:51:47 AM   
MIDOOooo

 

Posts: 100
Joined: 6.Jul.2007
Status: offline
just use outlook anywhere and configure connection over http/rpc proxy connection. and the difference between basic and NTLM that in basic it will prompt you for username and password everytime you open outlook but with NTLM it won't, it will just use login information in ur profile. but to configure NTLM it's too hard to be done.
check this out
http://www.isaserver.org/tutorials/Publishing-Exchange-2007-OWA-Exchange-ActiveSync-RPCHTTP-using-2006-ISA-Firewall-Part1.html

http://forums.isaserver.org/RPC_Over_HTTPS_with_NTLM/m_2002048666/tm.htm

http://www.microsoft.com/technet/isa/2006/deployment/exchange.mspx

http://www.msexchange.org/articles_tutorials/exchange-server-2007/mobility-client-access/publishing-exchange-client-access-isa-2006-complete-solution-part1.html

http://searchexchange.techtarget.com/generic/0,295582,sid43_gci1230635,00.html#administration

hope thos links help u.


_____________________________

MIDOOooo - Mohamed Talaat
Enterprise Support Engineer
Vodafone -Egypt.

(in reply to TwoJ)
Post #: 37
RE: My Exchange 2007 installation guide - 19.Jan.2008 1:56:30 PM   
TwoJ

 

Posts: 46
Joined: 21.Feb.2007
Status: offline
Thanks - that certainly a lot of info

But it seems that most of those configuration are with ISA.
But i would like to know how exactly to configure outlook/exchange in order to create an Exchange account in Outlook without ISA & that the outlook computer does not belong to the exchange domain and is not connected to the same network as the exchange server?

I believe that the http/rpc proxy can only be configured once the exchange account is created, so how does one first create the account without having a direct connection to the exchange server?

I mention the basic & ntlm authentication because as my understanding goes, if the computer is not part of the domain (which the exchange server belongs to) then how could ntlm authentication work since the user account of the outlook computer would not provide the necessary authentication on the exchange server domain? 

< Message edited by TwoJ -- 19.Jan.2008 1:59:21 PM >

(in reply to MIDOOooo)
Post #: 38
RE: My Exchange 2007 installation guide - 19.Jan.2008 2:07:58 PM   
MIDOOooo

 

Posts: 100
Joined: 6.Jul.2007
Status: offline
just install rpc/http proxy and use outlook anywhere web name as configured in outlook anywhere wizard and u can connect using basic authntication.without LAN connectio u need to publish that site with a real DNS to connect from outside but that means that you put your exchange directly to internet and that's a very security risk.
without kerpros authentication delegation through server like ISA ntlm will never work if u r not part of domain.

_____________________________

MIDOOooo - Mohamed Talaat
Enterprise Support Engineer
Vodafone -Egypt.

(in reply to TwoJ)
Post #: 39
RE: My Exchange 2007 installation guide - 20.Jan.2008 11:07:34 AM   
TwoJ

 

Posts: 46
Joined: 21.Feb.2007
Status: offline
Thanks to MIDOOOooo

i tried out an outlook client to connect to my exchage and it does work, non-domain computer that is just connecting over the internet.
The outlook client i had completely free of any email accounts, i created a new profile and open a new exchange account. The inintial window asks for the exchange server which i entered the FQDN of my CAS, and then the user's name. On the same window you will have a button for advanced settings (or more settings - i forget), initially when i clicked on this i got an error saying that outlook cannot connect to the server, but after clicking ok, you get the advanced settings window where you can go to the Exchange proxy settings under Connections (RPC over HTTP/Outlook Anywhere) and enter the proxy information, ie - mail.domain.com.
I left the authentication on NTLM and then when i started outlook, i got a login prompt where i believe i just entered the username (instead of domain\user) and the password and then the account loaded in Outlook!
I closed Outlook and restarted it, and it didn't ask for the password. I restarted the computer and the same thing.

I suppose it might be a security consideration to put on basic authentication so that it asks for a password each time, especially for non-domain computers that have access to domain resources - but i leave that for people to decide for themselves.

So on more thing learned
Thanks to Mick for the question &
thanks to MIDOOOooo to point me in the  right direction

(in reply to MIDOOooo)
Post #: 40

Page:   <<   < prev  1 [2] 3   next >   >> << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2007] >> Installation >> RE: My Exchange 2007 installation guide Page: <<   < prev  1 [2] 3   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter