Wildcard Certificate Causes Client Connectivity Issues for Outlook Anywhere

Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.

 

Applies to: Exchange Server 2007, Exchange Server 2007 SP1

This topic explains how to resolve Microsoft Office Outlook 2007 client connectivity issues when you are using Outlook Anywhere to connect to Microsoft Exchange and wildcard certificates are deployed across Exchange Client Access servers in your organization.

When you want an Exchange organization to use a wildcard certificate for any server that is running Exchange Server 2007 and that has the Client Access server role installed, you must configure settings for the Autodiscover service so that Outlook Anywhere clients can successfully connect to the server. To do this, run the Set-OutlookProvider cmdlet in the Exchange Management Shell on the Client Access server. The Set-OutlookProvider cmdlet changes the CertPrincipalName parameter for the EXPR Outlook Provider. This sets the Subject Principal Name for Outlook Anywhere connections. Outlook 2007 clients cannot connect to the server and will receive an error message that states that the certificate has expired until the changes are picked up by the Autodiscover service.

Generally, you can resolve this issue by running the Set-OutlookProvider cmdlet. However, sometimes connectivity issues remain. When this occurs, Outlook 2007 users can resolve the issue by changing their connection settings.

Before You Begin

To resolve client connectivity issues for Outlook Anywhere by configuring settings for the Autodiscover service, the account you use must be delegated the Exchange Organization Administrator role. For more information about permissions, delegating roles, and the rights that are required to administer Exchange 2007, see Permission Considerations.

Procedures

If the first procedure is not successful, ask your users to perform the second procedure on their client computers in Outlook 2007.

To use the Exchange Management Shell to configure Autodiscover settings by using the Set-OutlookProvider cmdlet

  • Run the following command:

    Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:*.contoso.com
    

To change Outlook 2007 connection settings to resolve a certificate error

  1. In Outlook 2007, on the Tools menu, click Account Settings.

  2. Select your e-mail address listed under Name, and then click Change.

  3. Click More Settings.

  4. On the Connection tab, click Exchange Proxy Settings.

  5. Select the Connect using SSL only check box.

  6. Select the Only connect to proxy servers that have this principal name in their certificate: check box, and then, in the box that follows, enter msstd:*.contoso.com.

  7. Click OK, and then click OK again.

  8. Click Next.

  9. Click Finish.

  10. Click Close.

  11. The new setting will take effect after you exit Outlook and open it again.

For More Information

For more information about certificates in Exchange 2007, see Certificate Use in Exchange Server 2007.

For detailed syntax and parameter information, see Set-OutlookProvider.