I'm dealing with a tricky issue after renewing the SSL certificate for our Exchange 2013 server, and now users can't connect their Outlook 2010 clients. The environment includes Windows Server 2012 R2, and I've verified that OWA and ECP are inaccessible by design, which means I need to focus on Outlook's configuration. After the old certificate expired, I successfully installed a new DigiCert certificate and made sure it's bound in IIS for HTTPS access. However, when users try to connect to Outlook, they get the following message: "Outlook cannot log on. Verify you are connected to the network and are using the proper server and mailbox name. The connection to Microsoft Exchange is unavailable." I've done a thorough check-up: installed the new cert for IIS, SMTP, IMAP, and POP, verified the Autodiscover DNS entry, and ensured that port 443 is open. Clients also trust the necessary DigiCert certificates and I've confirmed that TLS 1.2 is enabled. Running Test-OutlookConnectivity fails with RPC-related errors, and I've noticed multiple Event Viewer logs indicating potential certificate issues. What steps can I take to restore Outlook connectivity given that OWA and ECP are not options? Any advice on overlooked configurations or diagnostic steps would be greatly appreciated.
3 Answers
Have you checked if the root certificate is actually trusted on your machines? Sometimes, older versions of Windows like 7 might not support newer root certificates by default. Just to be safe, double-check the DigiCert Global Root G2 against your trust store.
For what it’s worth, you might want to recommend an upgrade to your boss. Running all this outdated software isn't sustainable and could lead to major security vulnerabilities. They might have reasons for staying on them, but point out that security should come first.
Unfortunately, they said they have legacy software that’s tied to these systems, so upgrades might not be an option for another year or two. It's a tough situation!
Honestly, I think you should drop this whole setup if you're in a professional setting. All those versions you’re using are out of support, and it’s crazy to be dealing with this. That said, it sounds like a certificate issue. Make sure the new cert is using the same private key and is correctly bound to the Exchange services. Also, check if it’s trusted on all machines since those older systems might not recognize the new certificate properly due to encryption settings or missing root trust.
Yeah, it's pretty wild how old these systems are! If they're trying to run a business on this setup, they might hit a wall sooner or later with security updates being a big risk.
I did try adding it manually for testing, but it didn't work out. The DigiCert tech looked over everything and thought it was done right; sadly, the age of the system complicates things.