Deploy OWA Certificate in the Domain network automatically?

Discussion in 'Exchange Exams' started by Darkfunnyguy, Oct 21, 2010.

  1. Darkfunnyguy

    Darkfunnyguy Byte Poster

    195
    3
    22
    I am looling answers on how to deploy and import the Outlook Web Access certificate into the Trusted Root Certiicate Authorities folder to client computers in the domain network using Windows 2003 Server so when client log in double on click on Outlook Web Access they will have manually install the certiificate themselves.

    I have created the OWA certificate and can manually install the certificate on on Windows XP machine or through the MMC console adding the certificate connected to the Windows Xp machine on the Windows 2003 Server. Opening the Outlook Web Access work fine.

    My problem when trying to install the certificate on several machine is not the way to do it.

    I looked at using logon scripts using the certutil.exe command but cannot be done because Xp computer does not have the certutil.exe command installed by default.

    Tried using the group policy through computer configuration/windows setting/security settings\public key polices\Trusted Root Certificate Authorities but does not work.

    So does ANY expert people with exchange 2003 server and outlook web acess knwoledge know to do this please as I have tried searching google for answers?
     
    Certifications: A+, N+, MCP, MCDST, MCSA 2003
    WIP: Server+, Vista,
  2. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    Perhaps get a proper certificate, no?
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs
  3. Darkfunnyguy

    Darkfunnyguy Byte Poster

    195
    3
    22
    No there is nothing wrong with my certificate it work find using when imported into Trusted Root Certification Authorities and open up Outlook Web Access.

    I am trying to figure a way how to deploy the certificate to several workstation without having to import it manually on each workstation.

    On Windows 2008 Server you can use the TMG Forefront using the web policy node as I understand but I am using Windows 2003 Server.
     
    Certifications: A+, N+, MCP, MCDST, MCSA 2003
    WIP: Server+, Vista,
  4. kevicho

    kevicho Gigabyte Poster

    1,219
    58
    116
    IF i remember correctly when i did something similar to this but it was about 3 years ago so not sure if this is right ,but you can use GPOs to assign certificates to users via - user config - windows settings - security settings - public key policy - trusted root..., then import
    Try it in a test account first
     
    Last edited: Oct 22, 2010
    Certifications: A+, Net+, MCSA Server 2003, 2008, Windows XP & 7 , ITIL V3 Foundation
    WIP: CCNA Renewal
  5. Darkfunnyguy

    Darkfunnyguy Byte Poster

    195
    3
    22
    It is actually in computer configuration anyway what I did a gpupdate /force command the client machine and ask me to reboot and logged in and double clicked on Outlook Web Access and it worked, the certificate has been imported but would I have to do a gpupdate /force command on all client machines?

    I will try this command gpupdate /force in logon scripts or is there another command I can used on the domain controller to update or refresh group policy on all client machines?
     
    Certifications: A+, N+, MCP, MCDST, MCSA 2003
    WIP: Server+, Vista,
  6. LukeP

    LukeP Gigabyte Poster

    1,194
    41
    90
    You shouldn't need to force GP Update on clients. Sometmies though GPO changes are delayed a few logons due to "Group Policy optimization being in progress" according to Event Viewer. Have seen it before.
     
    WIP: Uhmm... not sure
  7. Darkfunnyguy

    Darkfunnyguy Byte Poster

    195
    3
    22
    My problem is I deployed the group policy using software installation of Office 2003 is assigned or Logon scripts to create map network drive the Outlook Profile Generator to automatically configured Outlook for users to connect to the Exchange using the Logon/Logoff etc and is applied and worked when I logged on to the client machine but not does import the certificate which I am forced to used the gpudate /force command and reboot in order to import the certificate for OWA to open. :(
     
    Certifications: A+, N+, MCP, MCDST, MCSA 2003
    WIP: Server+, Vista,
  8. kevicho

    kevicho Gigabyte Poster

    1,219
    58
    116
    Have you tried creating and linking a seperate policy just for adding the certificate?

    As stated above sometimes GPOs take two reboots to take effect, depending on your configuration, and how often you have have set client policy refresh, so you may need to reboot the machines twice to apply the new policy
     
    Last edited: Oct 22, 2010
    Certifications: A+, Net+, MCSA Server 2003, 2008, Windows XP & 7 , ITIL V3 Foundation
    WIP: CCNA Renewal
  9. Darkfunnyguy

    Darkfunnyguy Byte Poster

    195
    3
    22
    I used the Group Policy Management console. Yes I create policy for just the organization unit and imported the certificate in Public Key Policies. Also applied the adminstrative templates policies like not allowing run in startup or cannot used control panel or see my properties from documents to check they work, logged in and the administrative templates restriction worked except for OWA certificate still does not import into Trusted Root Certification Authorities. :(
     
    Certifications: A+, N+, MCP, MCDST, MCSA 2003
    WIP: Server+, Vista,
  10. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    Really? So why doesn’t it work then? :tongue

    Want to avoid this world of pain? Buy a certificate for £90 and you can even publish Exchange on the web as well for PDAs\Webmail\Outlook Anywhere. All good. :biggrin

    Edit: If you want to carry on with self signed cert then this should help.
    http://technet.microsoft.com/en-us/library/cc778954(WS.10).aspx
     
    Last edited: Oct 22, 2010
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs
  11. Darkfunnyguy

    Darkfunnyguy Byte Poster

    195
    3
    22
    I like to thank all your help and the useful links. I managed to solved the problem I believe the certificate templates I was using was the problem and possibly the Autoenrollment in group policy. Problem is fixed, thank you for your help. :D:D:D:D
     
    Certifications: A+, N+, MCP, MCDST, MCSA 2003
    WIP: Server+, Vista,

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.