Thursday, 24 April 2008

Post SBS Migration - Outlook RPC/HTTPS - change that certificate

After completing a Swing Migration, one thing to remember after the new SBS server is in place: Users that use Outlook to connect to Exchange on their laptops via RPC/HTTPS will no longer be able to connect.

This is the case for those SBS installations that are using the self-signed certificate. One should not encounter this problem after importing their Internet trusted certificate.

If the user visits the Remote Web Workplace in IE, the SSL lock will show, and nothing will appear out of the ordinary.

IE does not notice that the previous SBS certificate signer is no longer in existence, but Outlook does.

So, we need to remove that certificate:
  1. Open IE
  2. Tools
  3. Internet Options
  4. Centent tab
  5. Click the certificates button
  6. Trusted Root Certification Authorities tab
  7. Click on the myrww.mysbsdomain.com certificate
  8. Click the Remove button
  9. Close
  10. Apply and OK
  11. Restart IE and import that certificate again.
The user will now be able to connect their Outlook while out of the office.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

2 comments:

Anonymous said...

Just a thought for you in this case. Instead of replacing the certificate on all the client computers, before you swing, export the certificate from IIS, this will allow you to use the certificate on the new server and keep the old certificate intact, including the public and private keys.
This would just save you the step of going to all the laptops and home computers.
HTH
David

Philip Elder Cluster MVP said...

David,

You are right on!

That is an excellent suggestion. We will add it to our Swing Migration checklist for those times where we are working with a live SBS migration.

Now, since we are mostly dealing with ISA on our SBS installations, it seems to me that we would need to export the cert from IE on one of the laptop clients and use that during the ISA phase of the CEICW.

How does that sound?

Thanks for that.

Philip