From: Rich Matheisen [MVP] on
On Thu, 24 Jun 2010 07:15:35 -0700 (PDT), Mikey <texan767(a)hotmail.com>
wrote:

>On Jun 24, 8:59�am, Mikey <texan...(a)hotmail.com> wrote:
>> On Jun 24, 1:38�am, "Cliff Galiher - MVP" <cgali...(a)gmail.com> wrote:
>>
>>
>>
>>
>>
>> > Could be a couple of things. �So now we are back on track with the
>> > certificate (I think, I haven't checked.)
>>
>> > So lets make sure Outlook Anywhere works. �www.testexchangeconnectivity.com
>>
>> > As far as the repeated credentials, have you patched up Exchange on your SBS
>> > server? �Repeated credentials could be a symptom of a conflict between an
>> > outlook security update without the matching Exchange security update. �Have
>> > *at least* Exchange SP1 UR9 installed on the SBS server. SP2 is preferrable.
>> > As always, have a backup.
>>
>> > --
>> > Cliff Galiher
>> > Microsoft has opened the Small Business Server forum on Technet! �Check it
>> > out!http://social.technet.microsoft.com/Forums/en-us/smallbusinessserver/...
>> > Addicted to newsgroups? �Read about the NNTP Bridge for MS Forums.
>>
>> I tried the rollup 9 back in the begining. I didn't want to apply SP2
>> until the weekend, in the event there were any problems.
>> You had said earlier that it didn't matter if some parts of the test
>> fail, find one area, pick that & work it out (or something along those
>> lines!).
>> I tried the test, manually entering the info & the message that I got
>> regarding the failure was:
>>
>> SSL mutual authentication with the RPC proxy server is being tested.
>> � Verification of mutual authentication failed.
>> � �Tell me more about this issue and how to resolve it
>> � �Additional Details
>> � The certificate common name remote.domain.com, doesn't validate
>> against Mutual Authentication string provided
>> msstd:exchange.domain.com
>>
>> Is this basically saying that it's not finding the name
>> msstd:exchange.domain.com on my certificate? I that's the case, do I
>> need to add that name, or is this an indicator of a mismatched
>> authentication setting? ON the 'tell me how to fix it' link, it talks
>> about a resolution that changes the name on the cert, but I'm assuming
>> it changes it on the self generated one, right? So I'm thinking that
>> probably won't help me. Or, do I need to do that, request a new
>> certificate, rinse lather & repeat?- Hide quoted text -
>>
>> - Show quoted text -
>
>I did change the name to msstd:remote.domain.com on the client & it
>worked, but it prompts you for a password everytime you open outlook.
>The 'Always prompt for log on credentials' is NOT checked - is there a
>way to 'fix' this?
>Now, if I apply SP2 this weekend, can if mess up anything we've done
>so far?

Try this:
Get-OutlookAnywhere|fl *authen*

What do you see for authentication methods?

Have a look at "Authentication and Access Controls" on the "Rpc"
virtual directory with IIS Admin.

The authentication settings in both of those should match. What you
DON'T want to do is use the GUI in the EMC to manage the
authentication settings foe OA.
---
Rich Matheisen
MCSE+I, Exchange MVP
From: Mikey on
On Jun 24, 9:02 pm, "Rich Matheisen [MVP]"
<richn...(a)rmcons.com.NOSPAM.COM> wrote:
> On Thu, 24 Jun 2010 07:15:35 -0700 (PDT), Mikey <texan...(a)hotmail.com>
> wrote:
>
>
>
>
>
> >On Jun 24, 8:59 am, Mikey <texan...(a)hotmail.com> wrote:
> >> On Jun 24, 1:38 am, "Cliff Galiher - MVP" <cgali...(a)gmail.com> wrote:
>
> >> > Could be a couple of things.  So now we are back on track with the
> >> > certificate (I think, I haven't checked.)
>
> >> > So lets make sure Outlook Anywhere works.  www.testexchangeconnectivity.com
>
> >> > As far as the repeated credentials, have you patched up Exchange on your SBS
> >> > server?  Repeated credentials could be a symptom of a conflict between an
> >> > outlook security update without the matching Exchange security update.  Have
> >> > *at least* Exchange SP1 UR9 installed on the SBS server. SP2 is preferrable.
> >> > As always, have a backup.
>
> >> > --
> >> > Cliff Galiher
> >> > Microsoft has opened the Small Business Server forum on Technet!  Check it
> >> > out!http://social.technet.microsoft.com/Forums/en-us/smallbusinessserver/...
> >> > Addicted to newsgroups?  Read about the NNTP Bridge for MS Forums.
>
> >> I tried the rollup 9 back in the begining. I didn't want to apply SP2
> >> until the weekend, in the event there were any problems.
> >> You had said earlier that it didn't matter if some parts of the test
> >> fail, find one area, pick that & work it out (or something along those
> >> lines!).
> >> I tried the test, manually entering the info & the message that I got
> >> regarding the failure was:
>
> >> SSL mutual authentication with the RPC proxy server is being tested.
> >>   Verification of mutual authentication failed.
> >>    Tell me more about this issue and how to resolve it
> >>    Additional Details
> >>   The certificate common name remote.domain.com, doesn't validate
> >> against Mutual Authentication string provided
> >> msstd:exchange.domain.com
>
> >> Is this basically saying that it's not finding the name
> >> msstd:exchange.domain.com on my certificate? I that's the case, do I
> >> need to add that name, or is this an indicator of a mismatched
> >> authentication setting? ON the 'tell me how to fix it' link, it talks
> >> about a resolution that changes the name on the cert, but I'm assuming
> >> it changes it on the self generated one, right? So I'm thinking that
> >> probably won't help me. Or, do I need to do that, request a new
> >> certificate, rinse lather & repeat?- Hide quoted text -
>
> >> - Show quoted text -
>
> >I did change the name to msstd:remote.domain.com on the client & it
> >worked, but it prompts you for a password everytime you open outlook.
> >The 'Always prompt for log on credentials' is NOT checked - is there a
> >way to 'fix' this?
> >Now, if I apply SP2 this weekend, can if mess up anything we've done
> >so far?
>
> Try this:
> Get-OutlookAnywhere|fl *authen*
>
> What do you see for authentication methods?
>
> Have a look at "Authentication and Access Controls" on the "Rpc"
> virtual directory with IIS Admin.
>
> The authentication settings in both of those should match. What you
> DON'T want to do is use the GUI in the EMC to manage the
> authentication settings foe OA.
> ---
> Rich Matheisen
> MCSE+I, Exchange MVP- Hide quoted text -
>
> - Show quoted text -

ClientAuthenticationMethod : Basic
IISAuthenticationMethods : {Basic, Ntlm}

Authentications settings in IIS were right.
I just changed Outlook settings to remote.mydomain.com & we are in
business baby!!!
You guys ROCK!
If you're ever (or are currently) in the Houston area, shots of
Patrone are on me!
Woo-Hoo!!!
Now, if I can do something about the slooooow network access of files
on this thing...
From: Rich Matheisen [MVP] on
On Fri, 25 Jun 2010 01:16:23 -0700 (PDT), Mikey <texan767(a)hotmail.com>
wrote:

[ snip ]


>ClientAuthenticationMethod : Basic
>IISAuthenticationMethods : {Basic, Ntlm}
>
>Authentications settings in IIS were right.
>I just changed Outlook settings to remote.mydomain.com & we are in
>business baby!!!
>You guys ROCK!
>If you're ever (or are currently) in the Houston area, shots of
>Patrone are on me!

Given the domain name I'da thunk you wuz in Oklahoma!
---
Rich Matheisen
MCSE+I, Exchange MVP
From: Mikey on
On Jun 25, 4:17 pm, "Rich Matheisen [MVP]"
<richn...(a)rmcons.com.NOSPAM.COM> wrote:
> On Fri, 25 Jun 2010 01:16:23 -0700 (PDT), Mikey <texan...(a)hotmail.com>
> wrote:
>
>                                         [ snip ]
>
> >ClientAuthenticationMethod : Basic
> >IISAuthenticationMethods   : {Basic, Ntlm}
>
> >Authentications settings in IIS were right.
> >I just changed Outlook settings to remote.mydomain.com & we are in
> >business baby!!!
> >You guys ROCK!
> >If you're ever (or are currently) in the Houston area, shots of
> >Patrone are on me!
>
> Given the domain name I'da thunk you wuz in Oklahoma!
> ---
> Rich Matheisen
> MCSE+I, Exchange MVP

The owner is from there & the troublesome remote office is there, as
well.
Thanks, again.