SBS 2008: using cert and dyndns.info and Outlook anywhere

In SBS 2003, we could generate a cert based on need.

Now upgraded from 03 to 08. Client has dynamic DNS that points to their
server: xxx.dyndns.info

MX still point to xxx.dyndns.info.
Mail works fine just like in 03
If you goto: xxx.dyndns.info/remote or owa - it works

NS have a Cname that points remote.xxx.com to xxx.dyndns.info/remote
(also a redirect in the NS control Panel)

On LAN, outlook anywhere works fine(assuming that the server pushes out the
cert when logging into mobile laptop)

PROBLEM:
From Remote for mobile laptop, outlook anywhere does not connect.

says server not available.(tried correct auth )
Tried the test exchange site and it times out and cert fails.

Question:
How can I generate my own unique cert like sbs 2003 for xxx.dyndns.info?
or
What other options should we do?

Thanks.

GC

You need to physically have the cert on the remote computer. With SBS 03,
you could install the cert while remote, but not with SBS 08.

But you can still generate your own certificate, which you've probably done
already.

In the SBS console, Network > Connectivity tab - click under Web Server
Certificate, and then on the right hand side, Open Certificate Installation
Package. You'll see a zip file - put that on a USB key and run it on the
remote computer to install the certificate.

There's an "announcement" on your companyweb with full details.

--
-----------------------------------------------
Les Connor [SBS MVP]

"GARETT - TVGTECH" <> wrote in
message news:11B3B6CA-9D8E-4DB3-90A5-...
> In SBS 2003, we could generate a cert based on need.
>
> Now upgraded from 03 to 08. Client has dynamic DNS that points to their
> server: xxx.dyndns.info
>
> MX still point to xxx.dyndns.info.
> Mail works fine just like in 03
> If you goto: xxx.dyndns.info/remote or owa - it works
>
> NS have a Cname that points remote.xxx.com to xxx.dyndns.info/remote
> (also a redirect in the NS control Panel)
>
> On LAN, outlook anywhere works fine(assuming that the server pushes out
> the
> cert when logging into mobile laptop)
>
> PROBLEM:
> From Remote for mobile laptop, outlook anywhere does not connect.
>
> says server not available.(tried correct auth )
> Tried the test exchange site and it times out and cert fails.
>
> Question:
> How can I generate my own unique cert like sbs 2003 for xxx.dyndns.info?
> or
> What other options should we do?
>
> Thanks.
>
> GC
>
>

Thanks Les.

Remote user said they installed. (we uploaded to a secure FTP and they dload
it and ran it.)

That cert says installed.

Is the problem the fact that xxx.dyndns.info is the external server and the
internal is remote.xxx.com and that's where the cert is having an issue?

What else can I do?

Thanks Les.


"Les Connor [SBS MVP]" wrote:

> You need to physically have the cert on the remote computer. With SBS 03,
> you could install the cert while remote, but not with SBS 08.
>
> But you can still generate your own certificate, which you've probably done
> already.
>
> In the SBS console, Network > Connectivity tab - click under Web Server
> Certificate, and then on the right hand side, Open Certificate Installation
> Package. You'll see a zip file - put that on a USB key and run it on the
> remote computer to install the certificate.
>
> There's an "announcement" on your companyweb with full details.
>
> --
> -----------------------------------------------
> Les Connor [SBS MVP]
>
> "GARETT - TVGTECH" <> wrote in
> message news:11B3B6CA-9D8E-4DB3-90A5-...
> > In SBS 2003, we could generate a cert based on need.
> >
> > Now upgraded from 03 to 08. Client has dynamic DNS that points to their
> > server: xxx.dyndns.info
> >
> > MX still point to xxx.dyndns.info.
> > Mail works fine just like in 03
> > If you goto: xxx.dyndns.info/remote or owa - it works
> >
> > NS have a Cname that points remote.xxx.com to xxx.dyndns.info/remote
> > (also a redirect in the NS control Panel)
> >
> > On LAN, outlook anywhere works fine(assuming that the server pushes out
> > the
> > cert when logging into mobile laptop)
> >
> > PROBLEM:
> > From Remote for mobile laptop, outlook anywhere does not connect.
> >
> > says server not available.(tried correct auth )
> > Tried the test exchange site and it times out and cert fails.
> >
> > Question:
> > How can I generate my own unique cert like sbs 2003 for xxx.dyndns.info?
> > or
> > What other options should we do?
> >
> > Thanks.
> >
> > GC
> >
> >
>

The cert name must match what you use to access the site, so if you built
your cert for remtote.whatever.whatever, you'd need a matching dns record
and would use that to access the site. If that's not the case, then you can
create a dns record that matches the name in the cert, or, create a new cert
that matches a dns record you already have - like mail.whatever.whatever.

If you don't want to use the default of remote., you need to click
'advanced' (I think it is) in the wizard and you can then specify an
alternate name.

--
-----------------------------------------------
Les Connor [SBS MVP]

"GARETT - TVGTECH" <> wrote in
message news:8F832712-C5CE-4F89-AC09-...
> Thanks Les.
>
> Remote user said they installed. (we uploaded to a secure FTP and they
> dload
> it and ran it.)
>
> That cert says installed.
>
> Is the problem the fact that xxx.dyndns.info is the external server and
> the
> internal is remote.xxx.com and that's where the cert is having an issue?
>
> What else can I do?
>
> Thanks Les.
>
>
> "Les Connor [SBS MVP]" wrote:
>
>> You need to physically have the cert on the remote computer. With SBS 03,
>> you could install the cert while remote, but not with SBS 08.
>>
>> But you can still generate your own certificate, which you've probably
>> done
>> already.
>>
>> In the SBS console, Network > Connectivity tab - click under Web Server
>> Certificate, and then on the right hand side, Open Certificate
>> Installation
>> Package. You'll see a zip file - put that on a USB key and run it on the
>> remote computer to install the certificate.
>>
>> There's an "announcement" on your companyweb with full details.
>>
>> --
>> -----------------------------------------------
>> Les Connor [SBS MVP]
>>
>> "GARETT - TVGTECH" <> wrote in
>> message news:11B3B6CA-9D8E-4DB3-90A5-...
>> > In SBS 2003, we could generate a cert based on need.
>> >
>> > Now upgraded from 03 to 08. Client has dynamic DNS that points to their
>> > server: xxx.dyndns.info
>> >
>> > MX still point to xxx.dyndns.info.
>> > Mail works fine just like in 03
>> > If you goto: xxx.dyndns.info/remote or owa - it works
>> >
>> > NS have a Cname that points remote.xxx.com to xxx.dyndns.info/remote
>> > (also a redirect in the NS control Panel)
>> >
>> > On LAN, outlook anywhere works fine(assuming that the server pushes out
>> > the
>> > cert when logging into mobile laptop)
>> >
>> > PROBLEM:
>> > From Remote for mobile laptop, outlook anywhere does not connect.
>> >
>> > says server not available.(tried correct auth )
>> > Tried the test exchange site and it times out and cert fails.
>> >
>> > Question:
>> > How can I generate my own unique cert like sbs 2003 for
>> > xxx.dyndns.info?
>> > or
>> > What other options should we do?
>> >
>> > Thanks.
>> >
>> > GC
>> >
>> >
>>

Thanks Les.

Tried that but when advanced option, had difficult time figuring out what
option.

NOTICED:
Cert enrollment requests - actually had the cert I needed. xxx.dyndns.info
Intended purpose: ALL

I copied to trusted, then to personal certificates.
Now it still says intended purpose - all

The original remote.xxx.com says IP: server

QUESTION:
For this to work, it's now in trusted and root, do I have to change it to
server only, or will this work?

Do i just have to run FIX network and will include that in the sbs cert for
installing?

Thanks alot Les.

"Les Connor [SBS MVP]" wrote:

> The cert name must match what you use to access the site, so if you built
> your cert for remtote.whatever.whatever, you'd need a matching dns record
> and would use that to access the site. If that's not the case, then you can
> create a dns record that matches the name in the cert, or, create a new cert
> that matches a dns record you already have - like mail.whatever.whatever.
>
> If you don't want to use the default of remote., you need to click
> 'advanced' (I think it is) in the wizard and you can then specify an
> alternate name.
>
> --
> -----------------------------------------------
> Les Connor [SBS MVP]
>
> "GARETT - TVGTECH" <> wrote in
> message news:8F832712-C5CE-4F89-AC09-...
> > Thanks Les.
> >
> > Remote user said they installed. (we uploaded to a secure FTP and they
> > dload
> > it and ran it.)
> >
> > That cert says installed.
> >
> > Is the problem the fact that xxx.dyndns.info is the external server and
> > the
> > internal is remote.xxx.com and that's where the cert is having an issue?
> >
> > What else can I do?
> >
> > Thanks Les.
> >
> >
> > "Les Connor [SBS MVP]" wrote:
> >
> >> You need to physically have the cert on the remote computer. With SBS 03,
> >> you could install the cert while remote, but not with SBS 08.
> >>
> >> But you can still generate your own certificate, which you've probably
> >> done
> >> already.
> >>
> >> In the SBS console, Network > Connectivity tab - click under Web Server
> >> Certificate, and then on the right hand side, Open Certificate
> >> Installation
> >> Package. You'll see a zip file - put that on a USB key and run it on the
> >> remote computer to install the certificate.
> >>
> >> There's an "announcement" on your companyweb with full details.
> >>
> >> --
> >> -----------------------------------------------
> >> Les Connor [SBS MVP]
> >>
> >> "GARETT - TVGTECH" <> wrote in
> >> message news:11B3B6CA-9D8E-4DB3-90A5-...
> >> > In SBS 2003, we could generate a cert based on need.
> >> >
> >> > Now upgraded from 03 to 08. Client has dynamic DNS that points to their
> >> > server: xxx.dyndns.info
> >> >
> >> > MX still point to xxx.dyndns.info.
> >> > Mail works fine just like in 03
> >> > If you goto: xxx.dyndns.info/remote or owa - it works
> >> >
> >> > NS have a Cname that points remote.xxx.com to xxx.dyndns.info/remote
> >> > (also a redirect in the NS control Panel)
> >> >
> >> > On LAN, outlook anywhere works fine(assuming that the server pushes out
> >> > the
> >> > cert when logging into mobile laptop)
> >> >
> >> > PROBLEM:
> >> > From Remote for mobile laptop, outlook anywhere does not connect.
> >> >
> >> > says server not available.(tried correct auth )
> >> > Tried the test exchange site and it times out and cert fails.
> >> >
> >> > Question:
> >> > How can I generate my own unique cert like sbs 2003 for
> >> > xxx.dyndns.info?
> >> > or
> >> > What other options should we do?
> >> >
> >> > Thanks.
> >> >
> >> > GC
> >> >
> >> >
> >>
>

Hello,

Thanks for your post and Les's input.

In addition, to use Office Outlook 2003 or Outlook 2007 for "Outlook Anywhere" in SBS 2008 domain, you may also refer to the following articles for detailed
information:

Using "Outlook Anywhere" in Small Business Server 2008
http://technet.microsoft.com/en-us/l.../cc794265.aspx

Windows Small Business Server 2008 Client Computer Help
http://technet.microsoft.com/en-us/l.../cc546096.aspx

More Information
======================
Configuring Internet Mail in Windows Small Business Server 2008
http://technet.microsoft.com/en-us/l.../cc527480.aspx

Hope this helps.


Best regards,
Robbin Meng(MSFT)
Microsoft Online Newsgroup Support

Thanks Robbin: Didn't see what I was looking for.

Here is what I am looking for(I think):

Location and how(steps) to setup a new CERT, that authenticates
xxx.dyndns.info pass-through to the server?

Do I choose server or webserver?
What encryption?
How to publish it so it precedes the remote.xxx.com certificate?

I have been searching and need something so I don't screw it up when
creating a new cert on SBS 2008 that overrides the remote.xx.com native cert
so it works with non common url authentication using dyndns.info?

Does this help clear up my question or completely no?

Thanks all.


""Robbin Meng [MSFT]"" wrote:

>
> Hello,
>
> Thanks for your post and Les's input.
>
> In addition, to use Office Outlook 2003 or Outlook 2007 for "Outlook Anywhere" in SBS 2008 domain, you may also refer to the following articles for detailed
> information:
>
> Using "Outlook Anywhere" in Small Business Server 2008
> http://technet.microsoft.com/en-us/l.../cc794265.aspx
>
> Windows Small Business Server 2008 Client Computer Help
> http://technet.microsoft.com/en-us/l.../cc546096.aspx
>
> More Information
> ======================
> Configuring Internet Mail in Windows Small Business Server 2008
> http://technet.microsoft.com/en-us/l.../cc527480.aspx
>
> Hope this helps.
>
>
> Best regards,
> Robbin Meng(MSFT)
> Microsoft Online Newsgroup Support
>
>
>