Wildcard Certificate Causes Client Connectivity Issues for Outlook Anywhere

Source : http://technet.microsoft.com/en-us/library/cc535023%28EXCHG.80%29.aspx

When you want an Exchange organization to use a wildcard certificate for any server that is running Exchange Server 2007 and that has the Client Access server role installed, you must configure settings for the Autodiscover service so that Outlook Anywhere clients can successfully connect to the server. To do this, run the Set-OutlookProvider cmdlet in the Exchange Management Shell on the Client Access server. The Set-OutlookProvider cmdlet changes the CertPrincipalName parameter for the EXPR Outlook Provider. This sets the Subject Principal Name for Outlook Anywhere connections. Outlook 2007 clients cannot connect to the server and will receive an error message that states that the certificate has expired until the changes are picked up by the Autodiscover service.

Generally, you can resolve this issue by running the Set-OutlookProvider cmdlet. However, sometimes connectivity issues remain. When this occurs, Outlook 2007 users can resolve the issue by changing their connection settings.

Before You Begin

To resolve client connectivity issues for Outlook Anywhere by configuring settings for the Autodiscover service, the account you use must be delegated the Exchange Organization Administrator role. For more information about permissions, delegating roles, and the rights that are required to administer Exchange 2007, see Permission Considerations.

Procedures

If the first procedure is not successful, ask your users to perform the second procedure on their client computers in Outlook 2007.

To use the Exchange Management Shell to configure Autodiscover settings by using the Set-OutlookProvider cmdlet

• Run the following command:

  Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:*.contoso.com

To change Outlook 2007 connection settings to resolve a certificate error

1. In Outlook 2007, on the Tools menu, click Account Settings.

2. Select your e-mail address listed under Name, and then click Change.

3. Click More Settings.

4. On the Connection tab, click Exchange Proxy Settings.

5. Select the Connect using SSL only check box.

6. Select the Only connect to proxy servers that have this principal name in their certificate: check box, and then, in the box that follows, enter msstd:*.contoso.com.

7. Click OK, and then click OK again.

8. Click Next.

9. Click Finish.

10. Click Close.

11. The new setting will take effect after you exit Outlook and open it again.