TR Forums

I am working with a company to migrate them to a new server running Exchange 2007 on 2008 server standard. Around 90% of their desktops / laptops are macs and the rest are pcs. So far the migration has gone smoothly except for one hickup with Entourage. I enabled Outlook Anywhere and setup WebDav then configured their Entourage clients. Internally they work perfect but when used outisde the network they receive this error when they connect to the server "Unable to establish a secure connection to [domain] because the correct root certificate is not installed". They can send and receive email fine and their other folders sync ok. We are using a third party generated certificate through Go Daddy and it is installed in IIS. From what I can tell OSX has Go Daddy listed in the trusted root CA section of the keychain. When they visit the owa website the certificate works fine in Safari and they do not receive errors. Here is what I have done so far:

1. Installed the certificate in every possible keychain folder (x509 anchor, login, etc.) and made sure to select always trust for all of the options.
2. Tried to use the Office 2008 certificate manger to import it. For some reason it always forces it to the personal certificate section.
3. Done several searches on this through Google and I cannot decide if this is a known bug with Entourage or something I am doing wrong.

Any suggestions?

Hi,

It is actually a bug in Entourage. It was there in Entourage 2004 and it was partially fixed in Entourage 2008 as per some users on : http://www.macwindows.com and on http://blog.entourage.mvps.org/ .

However when MS released Entourage 2008 SP1 (12.1), they put the bug back in.. go figure.

I have the same problem as you. Luckilly for me, i'm the only one with a Mac here (one of the advantages of being a network admin ) so i just dismiss the message and everything works fine whether i'm connecting through VPN or directly on the network.

I should note that i get the message in both cases but after i dismiss it, Entourage 2008 works just fine.

Also, i'm running on a Server 2003R2 with Exchange 2003 SPlatest. I've researched this issue left and right as well and i've wasted a lot of time on but in the end i just gave up seeing i'm not the only one with the problem and no resolution in sight.. :S

Adi

Microsoft released an update for Office 2008 as of yesterday and I installed it today but that did not help. I don't think I want to spin my wheels on this much longer. The error only occurs once when it is opened and after that it works perfect.

After doing a little more investigation, it turns out that there is an error generated on the server in the application log whenever this error occurs in Entourage. The error is basically saying that there is not a valid certificate setup for the SMTP service. After going in circles I was able to force the certificate then verify that it is assigned to the smtp service through the Get-Exchangecertificate | fl command. No luck with that. Back to the drawing board.

Not sure if this helps or not, but Entourage pretty much uses WebDAV via OWA to simulate MAPI.

Good work dolemitecomputers ! Too bad it didn't work

Thanks for the update though, it's really appreciated.

Adi

Another Update:

I have been working with Microsoft support on this. According to them it is an issue related to the autodiscover service. The first thing I had to correct was to get a unified communication certificate installed. I created a certificate signing request through the Exchange shell for the required domains (external, netbios name and autodiscover) then created an external dns record for the autodiscover subdomain. I installed the certificate using the shell (it is not advisable to use the IIS 7 GUI since it will not enable the certificate for the required services). After that I was still getting the error.

I switched from someone on the Entourage support team to someone on the Exchange team at Microsoft. According to them it appears that the url for the autodiscover address in IIS is not correct and neither is the internal address for the server. I should be working on that tomorrow.

I finally got rid of the error. I removed and reinstalled the client access role. I made sure to rename the autodiscover folder before reinstalling it. Everyone was receiving certificate errors in both Entourage and Outlook. This time it was not a root certificate error in Entourage. I manually changed the internal urls for a few things by following this article: http://support.microsoft.com/kb/940726. So far so good. Even the out of office assistant works in Entourage and Outlook now.

yay, glad to hear about the happy ending (hopefully).

Hi dolemitecomputers,

Can you elaborate a bit on the steps you took to get rid of the problem ?

At my workplace, i have Exchange 2003 with Outlook 2003 clients and 2 Entourage 2008 macs. The certificate warning only happens on the macs and not on the Outlook clients.

Did you pinpoint the exact cause of it ?

Your resolution is giving me hope of one day getting rid of this problem as well..

Thanks,

Adi

In my case it was a problem with the autodiscover service. It seems that one of the files used by it (web.config) was corrupted and reinstalling the service did not fix it. According to Microsoft, Entourage relies on that service as well as having the right certificate. So I had to get a UCC then I ended up reinstalling the client access role on the server. Autodiscover is a feature of 2007 Exchange but it is not in 2003 Exchange. Maybe in your case it is the certificate? Are you using a multi domain cert?