Exchange/Outlook 2010 autodiscover certificate error name mismatch

Exchange/Outlook 2010 autodiscover certificate error name mismatch

Recently some users have been receiving the following autodiscover certificate error when opening outlook:

Security Alert: autodiscover.domainname.org

Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the site’s security certificate.

√ The security certificate is from a trusted party

√ The security certificate date is valid

X The name on the security certificate is invalid or does not match the name of the site

Firstly, we host exchange at a different hostedexchange.com, and our autodiscover uses a wildcard certificate “*.hostedexchange.com”. So starting with the client I made sure to view the certificate. The correct name on the certificate listed was “*hostedexchange.com.”

1. I installed the certificate on to the client PC into the trusted store. Closed outlook/opened again and still the same error.

2. I looked at the proxy settings in the account setup and found that the ‘server name’ and msstd: were correct, they were.

3. We used nslookup externally and found that there are no valid dns records pointing to autodiscover.domainname.org

4. We used https://www.testexchangeconnectivity.com/ and found that while it does automatically check for autodiscover.domainname.org, dns did not return a value; it failed

5. From the client we were able to ping autodiscover.domainname.com, the ping returned an internal ip address of our mail server.

6. So from the results above it appears as though the client (or citrix server’s hosted desktop in this instance) had an incorrect dns entry.

7. From a (run as administrator) command prompt I issued an “ipconfig /flushdns” command on the client server but the error persisted, and pings still replied from autodiscover.domainname.org

8. We checked the hosts file on the server (c:\windows\system32\drivers\etc), and sure enough there was an old entry for autodiscover.domainname.org

9. In order to edit the hosts file, did a “Run as administrator” to open notepad, edited the file and saved successfully.

10. Issued another ipconfig /flushdns

Now when the client opens, the request to get autodiscover.domainname.org fails, and there is no mismatch of certificate names.

 

How to grant users access to other user’s mailboxes in Office365 using PowerShell

This procedure shows how to grant users access to other user’s mailboxes in Office365 using PowerShell
How to:
*Grant a user access to a single mailbox
*Revoke the above permissions (recommended cause of action after the Administrator has finished his/her tasks)

1. Fire up PowerShell (Run As Administrator).

First make sure you have the remote signed execution policy set to true. You can do this by running PowerShell in admin mode and running:
PS> Set-ExecutionPolicy RemoteSigned

2. Next, run the following to authenticate your self and import PowerShell commands to your local session:
PS> $LiveCred = Get-Credential
(Supply credentials for MSOnline Portal: admin@company.com/Password)

3. After supplying credentials to PowerShell as $LiveCred variable, authenticate and import PowerShell commands into your local session:
PS> $Session = New-PSSession -ConfigurationName Microsoft.Exchange-ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic –AllowRedirection

You’re In!
PS> Import-PSSession $Session

4. For example, to grant user@company.com full access to admin@company.com, you would enter the command:
PS> Add-MailboxPermission user@company.com -User admin@company.com -AccessRights FullAccess -InheritanceType All

PS> Exit
Have the user who was granted access close/reopen Outlook and the new mailbox will be listed in their Outlook Account Tree
5. If you want to hide the user mailbox from appearing in the mailbox tree in Outlook who you just granted access, you can add the switch -AutoMapping $false

1. To Revoke access you would enter the command:
PS> Remove-MailboxPermission user@company.com -User admin@company.com -AccessRights FullAccess -InheritanceType All
Jason Coltrin
MCSE 2003:Security, CSSA
Engineer Consultant, CIO Solutions

 

Outlook 2010 – Cannot create new profile; An unknown error occurred, error code: 0x80070057 – Solved!

One of our Windows 7 Pro, 32 bit users (not SP1), experienced Outlook 2010 failing on a regular basis. The client was setup with Auto-discover and the application would crash / freeze/ hang randomly as well as could be made to crash by going into the Calendar, create a New Meeting->Scheduling Assistant -> and enter another user’s name.

Additionally, we tried closing Outlook, going to the Control Panel and chosing the Mail applet. Click on Profiles -> Profiles -> Show Profiles… -> Add…

The Outlook wizard would start, but then fail with the error message:

“An unknown error occurred, error code: 0x80070057”.

The Event Viewer (Local) -> (Windows Logs: Application) would have a cryptic message with the following information:

Event 1000, Application Error

Faulting application name: OUTLOOK.EXE, version: 14.0.4760.1000, time stamp: 0x4ba8fefdFaulting module name: OUTLOOK.EXE, version: 14.0.4760.1000, time stamp: 0x4ba8fefdException code: 0xc0000005Fault offset: 0x0054ac63Faulting process id: 0x1174Faulting application start time: 0x01cc0e56a826f1c7Faulting application path: C:Program FilesMicrosoft OfficeOffice14OUTLOOK.EXEFaulting module path: C:Program FilesMicrosoft OfficeOffice14OUTLOOK.EXEReport Id: 375d88cc-7a62-11e0-a74c-b8ac6fc5d92c

Running a search on these errors produced a lot of options for repairing the problem including checking OWA IIS certificates, installing .NET on the exchange server, Exchange SP2/SP3,  editing your hosts file, Exchange PowerShell setting virtual directory, and the list goes on.

The solution that resolved this issue finally for us was to install on the Outlook client, the hotfix created by Microsoft here: http://support.microsoft.com/default.aspx?scid=kb;en-US;2281463

The download is not easily accessible on this page, so don’t be discouraged and go ahead and “View and request hotfix downloads” from the link at the top of the page.

This link will send you to a Hotfix Request page where you place a checkmark on the update you wish to download. Be careful because if you visit the page with a x64 machine, you will most likely be prompted to download the x64 client. It’s best to visit the hotfix page on the client that has the problem. Enter your email address and then confirm. Type in the captcha and then hit “Request hotfix.” You will be quickly emailed the link to the hotfix download as well as a password.

*Note: Prior to installing a hotfix of this nature, it is always recommended you backup your system (Windows 7 backup is a pretty good free image-based backup, my next best recommendation is something like Acronis 10.) Also, it is a good idea to take a manual System Restore point: Start -> Right-click on Computer, choose Properties, System Protection, Create.

Once the hotfix has been downloaded, when you try to run the .exe you will be prompted for the password for the file to run. Enter the password that was emailed to you and complete the setup. After the hotfix completes, for good measure, go ahead and reboot. After the restart, keep Outlook closed and go back to the Mail control panel applet. Go to Profiles ->Show Profiles… -> Add… and create a new Outlook Profile. Under “When starting Microsoft Outlook, use the profile: -> Always use this profile -> Hit the dropdown for the newly created profile.

Start Outlook. This will create a new Outlook profile for the user. Also, a new .ost file will be created which if the mailbox size is large, it may take a considerable amount of time to rebuilt the new profile. You may need to visit the old profile in the Control Panel Mail Applet to see if any data files were attached or settings/signatures were modified or need to be created or copied to the new profile.

You can test to see if the application crashes by visiting the Calendar Scheduling Assistant.