connection to exchange 2003

[Helpdesk]

I am getting a message when I try to create an exchange email account with
Entourage 2004. The message is "Unable to establish a secure connection to
my exchange server because the correct root certificate is not installed."
Has anybody come across this problem and also if so what and where did you
get the certificate.

 

[Jim Cowan]

I am getting a message when I try to create an exchange email account with
Entourage 2004. The message is "Unable to establish a secure connection to
my exchange server because the correct root certificate is not installed."
Has anybody come across this problem and also if so what and where did you
get the certificate.

I have been having the same problem for months, and have yet to resolve the
problem. There have been several postings on this subject, but none seem to
work for me.

 

[J. M. De Moor]

I am getting a message when I try to create an exchange email account with

Entourage 2004. The message is "Unable to establish a secure connection to
my exchange server because the correct root certificate is not installed."

We have Entourage 2004, SBS 2003 (Exchange 2003), Mac OS 10.3 Panther. Here
is what I have done, following all the directions I can find on the subject:

1. Tested our OWA connection internally using {internal url}/exchange.
Logged in without any problem
2. Used the Copy function for the certificate belonging to Default WebSite
in IIS on the server. (I selected DER encoded binary X.509)
3. Dragged the .cer file over the Keychain app, where I was prompted for a
password. Installation worked fine.
4. Copied the system level anchors using the following in terminal to verify
the keychain entry:
$ cp ~/System/Library/Keychains/X509Anchors
~/Library/Keychains/X509.keychain
$ open ~/Library/Keychains/X509.keychain
(actually you can open from the Keychain utility)

Everything seems OK. BUT I STILL GET THE MESSAGE when I open Entourage!!!
Why is this so difficult? This is all Microsoft stuff. All of us who have
been struggling with this may be idiots, but if so few can get it to
work...it has to be more than our collective incompetence! I am tired and
am going to bed...

Joe De Moor

 

[Wallace Karraker]

I was getting the same message when I tried to set up our Entourage X
applications with our Exchange 2003 server. I did not create the key but our
Exchange admin followed the steps on the Microsoft website. Where we had the
issue was the name of the approved server was not the name that we had
anticipated, when the key was created it used the external webmail address
instead of the internal address of the Exchange box. Our key ended in a
different extension too, the key generated by the Exchange Server 2003 app
was a '.pfx', not ".cer", but that may not be an issue.

After using the Microsoft Cert manager to install the key, I used the
Keychain Access app to verify the contents of the key. In the details of the
key there is a section called "Subject Name" and a sub-section called
"Common Name". This had the name of the server as generated by the Exchange
Server app. Once we identified the authenticated server within the keychain
we inserted it in the each of the setup windows in Entourage and it has been
working fine for us.

We achieved this installation procedure after opening up a ticket with
Microsoft and working with one of the support techs for about 90 minutes.
After noticing the difference between what we thought we needed and what the
keychain had embedded in it, we made the change on our end and then advised
the Microsoft support tech that it was working. To their credit, they
refunded our service fee because they were not the ones who figured it out.

 

[J. M. De Moor]

Wallace

Thank you for your response.

In the details of the
key there is a section called "Subject Name" and a sub-section called
"Common Name". This had the name of the server as generated by the Exchange
Server app.

Actually, our certificate shows 4 entries each for Subject Name and Common
Name. They look like this (ephesus is the NETBIOS name of the server and
objectpac.office is the internal domain name):

ephesus.objectpac.office
localhost
ephesus
publishing.objectpac.office

I used the top one by itself and also tried in the OWA format
(https://ephesus.objectpac.office/exchange). Both work OK, but I still get
the "Unable to establish secure connection" message when I bring up
Entourage.

Joe