0

Here's a bit of an odd issue for you all that started on Friday of last week.

It started off with GoDaddy revoking our SHA1 certificate, so I had to install the SHA2 certificate. No big deal, it's recognized and accepted.

I come into work today, and find that most people in the company are unable to connect to exchange in Outlook. Weird right? I fire up my VPN to my house and low and behold, it connects perfectly fine.

Could this be an SSL cache issue? Nothing has changed client wise. I'd also like to mention that at least 60 users still have email at various office locations across the US (we're connected via MPLS).

I've rebooted the exchange cluster (in proper order I might add), deleted my .OST and started fresh, cleared SSL cache, imported the cert that I exported from the Exchange server, rebooted multiple times, etc.

Could this be a client problem? I don't see how as nothing has changed with Outlook; the only thing that changed between it working and now is the SSL Certificate.

We're on Exchange 2010 with about 200 users. Let me know if you need any more detail or have an questions.

Thanks for any help anyone can provide! I'm pulling my hair out on this one.

David Fries
  • 1
  • 1
  • 1
  • Try the Microsoft Remote Connectivity Analyzer to see what it can glean about the problem - https://testconnectivity.microsoft.com – joeqwerty Jul 27 '15 at 21:30
  • It said it was successful with some errors. Mainly with autodiscover, which shouldn't matter for connecting via Outlook 2010. – David Fries Jul 27 '15 at 21:37
  • 1
    Why do you say that? Outlook 2007 and 2010 connect to Autodiscover on every startup and at background intervals. - https://technet.microsoft.com/en-us/library/JJ591328(v=EXCHG.141).aspx – joeqwerty Jul 27 '15 at 21:48
  • When you say cluster? What is the server configuration? Client access role, mailbox role etc? Load balanced? – Drifter104 Jul 27 '15 at 21:54

2 Answers2

1

Please check if you have installed a SAN certificate and it has all the SANs lists in the previous certificate as well. If there is the name mismatch then outlook anywhere will not connect.

It works internally and via VPN because it is not using HTTPS or outlook anywhere connection, but it is a MAPI connection and hence it works

Regards, Krishna

smtpport25
  • 11
  • 5
0

It sounds like a DNS problem. A VPN usually only works with IP addresses and connects to your exchange over IP rather than hostnames. This could be the reason why it works over VPN. Maybe your clients simply can't resolve the exchange properly, so try to let connect a Outlook client over IP address. Check your FQDN in your new ssl certificate if it's correct.

DjangoUnchained
  • 96
  • 4