Entourage 2008 giving root certificate error
in [Microsoft Exchange]
|
From: Brian Roden on 5 Apr 2010 10:51 Our Mac users are getting new Snow Leopard machines, and upgrading from Office2004 to Office2008 in the process. The Mac techs have applied all Office2008 patches. We're getting the error about the root certificate. Our e-mail domain is leisurearts.com. But our in-house servers, including Exchange2007, are all leisurearts.net (.com is reserved for our consumer-facing web site managed through public DNS). Even externally, we access OWA on a leisurearts.net URL. Our SSL certs on the Exchange servers are all for leisurearts.net, and that is the domain used in the Entourage settings (e.g., https://mailgateway.leisurearts.net/exchange/user(a)leisurearts.com ) The error about the root certificate not being installed refers to leisurearts.com, which is not a domain included in either SSL certificate on our Exchange servers (we have a mailbox server and a hub transport server, which is the one with the public internet connection for inbound/outbound SMTP traffic). Is this domain-ending difference a cause for the error?
From: Ed Crowley [MVP] on 5 Apr 2010 20:42 Sure sounds like it. -- Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." .. "Brian Roden" <BrianRoden(a)discussions.microsoft.com> wrote in message news:9699918B-1C6A-4E7C-8592-8675FC8FA041(a)microsoft.com... > Our Mac users are getting new Snow Leopard machines, and upgrading from > Office2004 to Office2008 in the process. The Mac techs have applied all > Office2008 patches. We're getting the error about the root certificate. > > Our e-mail domain is leisurearts.com. But our in-house servers, including > Exchange2007, are all leisurearts.net (.com is reserved for our > consumer-facing web site managed through public DNS). Even externally, we > access OWA on a leisurearts.net URL. Our SSL certs on the Exchange servers > are all for leisurearts.net, and that is the domain used in the Entourage > settings (e.g., > https://mailgateway.leisurearts.net/exchange/user(a)leisurearts.com ) > > The error about the root certificate not being installed refers to > leisurearts.com, which is not a domain included in either SSL certificate > on > our Exchange servers (we have a mailbox server and a hub transport server, > which is the one with the public internet connection for inbound/outbound > SMTP traffic). > > Is this domain-ending difference a cause for the error? >
From: Brian Roden on 6 Apr 2010 15:33 So is the solution to get an additional SSL certificate for the hub transport server? Do I get a wildcard for *.leisurearts.com, or can I just get the one for autodiscover.leisurearts.com? This hasn't been an issue until now, because on the PC side we're still using Office 2003 (when we installed Exchange 2007, we still had a lot of Win2K stations, which couldn't take Office 2007, so we kept our Office environment homogeneous) and autodiscover wasn't introduced until Outlook2007. "Ed Crowley [MVP]" wrote: > Sure sounds like it. > -- > Ed Crowley MVP > "There are seldom good technological solutions to behavioral problems." > .. > > "Brian Roden" <BrianRoden(a)discussions.microsoft.com> wrote in message > news:9699918B-1C6A-4E7C-8592-8675FC8FA041(a)microsoft.com... > > Our Mac users are getting new Snow Leopard machines, and upgrading from > > Office2004 to Office2008 in the process. The Mac techs have applied all > > Office2008 patches. We're getting the error about the root certificate. > > > > Our e-mail domain is leisurearts.com. But our in-house servers, including > > Exchange2007, are all leisurearts.net (.com is reserved for our > > consumer-facing web site managed through public DNS). Even externally, we > > access OWA on a leisurearts.net URL. Our SSL certs on the Exchange servers > > are all for leisurearts.net, and that is the domain used in the Entourage > > settings (e.g., > > https://mailgateway.leisurearts.net/exchange/user(a)leisurearts.com ) > > > > The error about the root certificate not being installed refers to > > leisurearts.com, which is not a domain included in either SSL certificate > > on > > our Exchange servers (we have a mailbox server and a hub transport server, > > which is the one with the public internet connection for inbound/outbound > > SMTP traffic). > > > > Is this domain-ending difference a cause for the error? > > > > . >
From: Ed Crowley [MVP] on 6 Apr 2010 23:17 Seriously, I think the best answer is for you to implement a split-brain DNS and use the same domain externally and internally for Exchange services. That is, add leisurearts.com to your internal DNS and populate it with internal IP addresses for hostnames. -- Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." .. "Brian Roden" <BrianRoden(a)discussions.microsoft.com> wrote in message news:2AF6A091-C376-4DA0-B783-25F9276D1AFA(a)microsoft.com... > So is the solution to get an additional SSL certificate for the hub > transport > server? Do I get a wildcard for *.leisurearts.com, or can I just get the > one > for autodiscover.leisurearts.com? This hasn't been an issue until now, > because on the PC side we're still using Office 2003 (when we installed > Exchange 2007, we still had a lot of Win2K stations, which couldn't take > Office 2007, so we kept our Office environment homogeneous) and > autodiscover > wasn't introduced until Outlook2007. > > "Ed Crowley [MVP]" wrote: > >> Sure sounds like it. >> -- >> Ed Crowley MVP >> "There are seldom good technological solutions to behavioral problems." >> .. >> >> "Brian Roden" <BrianRoden(a)discussions.microsoft.com> wrote in message >> news:9699918B-1C6A-4E7C-8592-8675FC8FA041(a)microsoft.com... >> > Our Mac users are getting new Snow Leopard machines, and upgrading from >> > Office2004 to Office2008 in the process. The Mac techs have applied all >> > Office2008 patches. We're getting the error about the root certificate. >> > >> > Our e-mail domain is leisurearts.com. But our in-house servers, >> > including >> > Exchange2007, are all leisurearts.net (.com is reserved for our >> > consumer-facing web site managed through public DNS). Even externally, >> > we >> > access OWA on a leisurearts.net URL. Our SSL certs on the Exchange >> > servers >> > are all for leisurearts.net, and that is the domain used in the >> > Entourage >> > settings (e.g., >> > https://mailgateway.leisurearts.net/exchange/user(a)leisurearts.com ) >> > >> > The error about the root certificate not being installed refers to >> > leisurearts.com, which is not a domain included in either SSL >> > certificate >> > on >> > our Exchange servers (we have a mailbox server and a hub transport >> > server, >> > which is the one with the public internet connection for >> > inbound/outbound >> > SMTP traffic). >> > >> > Is this domain-ending difference a cause for the error? >> > >> >> . >>
From: Brian Roden on 7 Apr 2010 09:13
That would involve renaming our AD domain, with all the attendant changes. IS there not a way to make Entourage bypass Autodiscover and work like the previous version? "Ed Crowley [MVP]" wrote: > Seriously, I think the best answer is for you to implement a split-brain DNS > and use the same domain externally and internally for Exchange services. > That is, add leisurearts.com to your internal DNS and populate it with > internal IP addresses for hostnames. > -- > Ed Crowley MVP > "There are seldom good technological solutions to behavioral problems." > .. > > "Brian Roden" <BrianRoden(a)discussions.microsoft.com> wrote in message > news:2AF6A091-C376-4DA0-B783-25F9276D1AFA(a)microsoft.com... > > So is the solution to get an additional SSL certificate for the hub > > transport > > server? Do I get a wildcard for *.leisurearts.com, or can I just get the > > one > > for autodiscover.leisurearts.com? This hasn't been an issue until now, > > because on the PC side we're still using Office 2003 (when we installed > > Exchange 2007, we still had a lot of Win2K stations, which couldn't take > > Office 2007, so we kept our Office environment homogeneous) and > > autodiscover > > wasn't introduced until Outlook2007. > > > > "Ed Crowley [MVP]" wrote: > > > >> Sure sounds like it. > >> -- > >> Ed Crowley MVP > >> "There are seldom good technological solutions to behavioral problems." > >> .. > >> > >> "Brian Roden" <BrianRoden(a)discussions.microsoft.com> wrote in message > >> news:9699918B-1C6A-4E7C-8592-8675FC8FA041(a)microsoft.com... > >> > Our Mac users are getting new Snow Leopard machines, and upgrading from > >> > Office2004 to Office2008 in the process. The Mac techs have applied all > >> > Office2008 patches. We're getting the error about the root certificate. > >> > > >> > Our e-mail domain is leisurearts.com. But our in-house servers, > >> > including > >> > Exchange2007, are all leisurearts.net (.com is reserved for our > >> > consumer-facing web site managed through public DNS). Even externally, > >> > we > >> > access OWA on a leisurearts.net URL. Our SSL certs on the Exchange > >> > servers > >> > are all for leisurearts.net, and that is the domain used in the > >> > Entourage > >> > settings (e.g., > >> > https://mailgateway.leisurearts.net/exchange/user(a)leisurearts.com ) > >> > > >> > The error about the root certificate not being installed refers to > >> > leisurearts.com, which is not a domain included in either SSL > >> > certificate > >> > on > >> > our Exchange servers (we have a mailbox server and a hub transport > >> > server, > >> > which is the one with the public internet connection for > >> > inbound/outbound > >> > SMTP traffic). > >> > > >> > Is this domain-ending difference a cause for the error? > >> > > >> > >> . > >> > > . > |