Michael: Certificate was installed on Saturday and users reported the issue today. Of note, which I probably should have also included in the original post, all Win7 PCs picked up the change no problem, but all XP PCs had to be updated manually (mix of Outlook 2007/2010 across both WinXP/7). We have everyone working again, as it was only about 10 people affected. But I was under the impression that because the wildcard cert would cover the subdomain of "mail." That it would not interrupt service. But in reading some of the Technet articles while troubleshooting, I can see why it matters to have the FQDN or cert name for the different areas.
Thankfully these XP stations will be retired by March, just wish I had understood the scope of the change better. "Good judgment is the result of experience. Experience is usually the result of bad judgment." At least I have the experience now. But SHOULD the XP PCs have updated as well, since this seems to be a function of Outlook? Or is there other pieces that tie into the OS and its ability to dynamically update the certificate settings? Thanks. From: [email protected] [mailto:[email protected]] On Behalf Of Michael B. Smith Sent: Monday, February 03, 2014 11:11 AM To: [email protected] Subject: [Exchange] RE: Certificate Renewal Breaking Outlook Anywhere: How long did you wait for Outlook to update? I would expect it to do so in about 30 minutes. If you run the OA test at exrca.com, does it return the proper values? If so, the Outlook should use them also, after the next OA resync. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Geoff Orlebeck Sent: Monday, February 3, 2014 2:04 PM To: [email protected]<mailto:[email protected]> Subject: [Exchange] Certificate Renewal Breaking Outlook Anywhere: We have a customer with a single Exchange 2010 SP3 CAS that has Outlook Anywhere enabled. We originally had a single-name SSL cert of "mail.domain.com". That cert was replaced with a wildcard certificate in anticipation of some future changes coming. However, now all existing Outlook Anywhere clients are broken. New profiles work just fine, but existing profiles will not connect. I checked an existing Outlook profile, it still has the proper "mail.domain.com" URL but the "only connect to proxy servers..." is checked and the entry shows the old "msstd:mail.domain.com". I reset the "Set-OutlookProvider" command to the wildcard cert name on the Exchange server and if I modify the existing Outlook profile manually to *.domain.com it all begins to work. I am aware this was oversight/inexperience on my part, with that said, anyway clients will auto-update or is a manual edit (or new profile) the only way to resolve the Outlook Anywhere connectivity issue? Thanks. This message and any attached documents may be privileged or confidential and contain information protected by state and federal privacy statutes. They are intended only for the use of the addressee. If you are not the intended recipient, any disclosure, copying, or distribution of this information is strictly prohibited. If you received this transmission in error, please accept our apologies and notify the sender. This message and any attached documents may be privileged or confidential and contain information protected by state and federal privacy statutes. They are intended only for the use of the addressee. If you are not the intended recipient, any disclosure, copying, or distribution of this information is strictly prohibited. If you received this transmission in error, please accept our apologies and notify the sender.
