Legacy Windows XP clients must match the Certificate Common Name in Outlook for (RPC over HTTP) Exchange 2013

In this post I am going to discuss these two topics a bit further as this issue will impact many organisations moving to Exchange 2013 for those still running Windows XP (despite the fact it is no longer supported) seeming Exchange 2013 only supports RPC over HTTP or MAPI over HTTP (out of scope for this article). To recap what I wrote about in the previous articles 5 years ago, for RPC over HTTP(s) aka Outlook Anywhere to work on any version of the Outlook Client on the XP, the MSSTD value must match the "Common Name" on the certificate. What am I talking about? Well let me show you...
The MSSTD is specified under "Only connect to proxy servers that have this principal name in their certificate" which can be found within Outlook under Account Settings, Open the Account, More Settings, Connection Tab and finally Exchange Proxy Settings.
This value must match the "Common Name" of the certificate which in this example is mail.example.com as shown below next to "Issued to:"
From Windows Vista onwards the MSSTD can match any name in the Certificate which includes the Certificate Common Name as shown above and any Subject Alternative Names (SAN) which may exist on the certificate. 
For Windows XP the "Only connect to proxy servers that have this principal name in their certificate" value MUST MATCH the common name on the Certificate. The symptom for having this not matching is the user continuously being prompted for credentials in an infinite loop as I addressed under the article Outlook Anywhere keeps prompting for Password.

Comments

Popular posts from this blog

Troubleshooting IMAP Connectivity: Unable to authenticate to IMAP server. IMAP command failed: Login failed.

How to Configure ActiveSync Virtual Directories in coexistence between exchange 2007 and 2013, when you have different external and internal namespaces