• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

restricted access to exchange07?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2007] >> General >> restricted access to exchange07? Page: [1]
Login
Message << Older Topic   Newer Topic >>
restricted access to exchange07? - 3.Feb.2009 9:57:34 PM   
sleepywe

 

Posts: 7
Joined: 3.Feb.2009
Status: offline
hi guys,

My exchange server seems to have a very selective problem on who it allows to get their messages through exchange.

All clients can access their mail boxes through outlook as long as their client computer is running outlook 07, and windows vista, or windows 7.

Anyone trying to use either outlook 2003 or windows XP  (or both) can not authenticate to the server to set up their mail box, after contacting the exchange server during set up the credentials dialog for user name and password keeps popping up over and over not allowing them to complete the setup of their mail client.

owa and IMAP work for any configuration, as does the accounts them selves through exchange as long as they are using outlook07 and vista/win7.

Is there some security feature regarding access to the exchange server when using older software I have missed?

our exchange 2007 server has sp1 running on win2k3 x64.
Post #: 1
RE: restricted access to exchange07? - 4.Feb.2009 9:02:06 AM   
Sembee

 

Posts: 4093
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
When you installed Exchange did you select the option to allow access from the older versions of Outlook?

Simon.

_____________________________

Simon Butler,
Exchange MVP
Blog: http://blog.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.sembee.co.uk/
Exchange Resources: http://exbpa.com/

(in reply to sleepywe)
Post #: 2
RE: restricted access to exchange07? - 4.Feb.2009 9:27:57 AM   
sleepywe

 

Posts: 7
Joined: 3.Feb.2009
Status: offline
I do not recall the option, but even an XP client running outlook 2007 wont be able to auth to the the server.

would it also affect XP as it does outlook 2003?

(in reply to Sembee)
Post #: 3
RE: restricted access to exchange07? - 5.Feb.2009 6:56:59 AM   
Sembee

 

Posts: 4093
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
The only restriction on Exchange client connectivity is at the Outlook level, not the Windows version level. Therefore an Outlook 2007 client would be able to connect to Exchange 2007 on Windows XP if the support for older versions of Outlook had been turned off.

I would start by running the best practises tool from the Toolbox to see whether that flags anything of interest.

Simon.

_____________________________

Simon Butler,
Exchange MVP
Blog: http://blog.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.sembee.co.uk/
Exchange Resources: http://exbpa.com/

(in reply to sleepywe)
Post #: 4
RE: restricted access to exchange07? - 5.Feb.2009 12:09:00 PM   
sleepywe

 

Posts: 7
Joined: 3.Feb.2009
Status: offline
Thanks Sembee, I do have all outlook versions enabled, in addition..


ExBPA gives me:

Certificate SAN mismatch

The subject alternative name (SAN) of SSL certificate for https://1.2.com/EWS/Exchange.asmx does not appear to match the host address. Host address: 1.2.com. Current SAN: DNS Name=*.2.com, DNS Name=2.com.


This sorta makes sense to me in that XP is overly anal about authenticating (more so in sp3), maybe vista/win7 just gloss over it. or this may not be the cause at all of my problem.

question now is.. I take it the * does not actually cover anything in its place, and I need to use a real name for the SAN? My certificate is from godady and it is supposed to be unlimited sub domains (wild card). but does exchange not see it that way?

< Message edited by sleepywe -- 5.Feb.2009 12:34:02 PM >

(in reply to Sembee)
Post #: 5
RE: restricted access to exchange07? - 5.Feb.2009 1:25:16 PM   
Sembee

 

Posts: 4093
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
Outlook has issues with a wildcard certificate. That isn't a SAN/UC certificate. A SAN/UC certificate has multiple names in it. You aren't the first to make that mistake.

Outlook is looking at the complete name, so mail.domain.com is not the same as *.domain.com .

Simon.

_____________________________

Simon Butler,
Exchange MVP
Blog: http://blog.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.sembee.co.uk/
Exchange Resources: http://exbpa.com/

(in reply to sleepywe)
Post #: 6
RE: restricted access to exchange07? - 5.Feb.2009 1:33:19 PM   
sleepywe

 

Posts: 7
Joined: 3.Feb.2009
Status: offline
Thanks Sembee!, thought that would be the issue.


has anyone had this type of cert from godaddy before? will it be possible for me to just add the names in the management shell even though godaddy is expecting the *.

in IIS i have the SAN as *. and it "seems" to be ok... I can not find anywhere on godaddys site to add the names to my cert, they just want to keep it at *.


basically, is there anyway I can get around it without buying a new certificate :)

(in reply to Sembee)
Post #: 7
RE: restricted access to exchange07? - 7.Feb.2009 2:14:07 PM   
Sembee

 

Posts: 4093
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
It isn't what the certificate is expecting, but how Outlook sees the certificate. It is seeing *.domain.com, so is expecting an exact match. Of course you can't have *.example.com resolve anywhere because * is not a valid host name - it is a wild card.

I don't you will get full functionality without changing the certificate to the correct type.

Simon.

_____________________________

Simon Butler,
Exchange MVP
Blog: http://blog.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.sembee.co.uk/
Exchange Resources: http://exbpa.com/

(in reply to sleepywe)
Post #: 8
RE: restricted access to exchange07? - 4.May2009 6:44:09 PM   
sleepywe

 

Posts: 7
Joined: 3.Feb.2009
Status: offline
well the wildcard ssl cert finally ran up and I was able to replace it with a proper UC cert. low and behold all works perfectly now.

Sembee, you're awsome


many thanks

(in reply to Sembee)
Post #: 9

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2007] >> General >> restricted access to exchange07? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter