Question

Q: Win 8 RP Mail "Unable to connect" to Exchange 2010 (with Self-Signed certificates)

I just loaded Windows 8 RP on my EP121. I was never able to setup my exchange mail account on here in CP but expected that I could in RP. I still get the same error as before:

"Unable to connect. Ensure the information you've entered is correct."

My exchange server is Exchagne 2010 SP1. I have self-signed certs with my domain's CA for SSL. My e-mail address is the "Microsoft Account" address for my computer. The domain, username, and password works on OWA from IE10 on the same computer.

I also verified that it is not security policies that is blocking.

 



* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

Same here ... why???

 

Sepp

Did this solve your problem?

Sorry this didn't help.


Same here on Exchange 2007

Did this solve your problem?

Sorry this didn't help.


Same issue here
Andrea Gallazzi

Did this solve your problem?

Sorry this didn't help.


Hello,

 

This issue may be related to the installation of the self-signed certificates for your Domain’s Certification Authority.

 

 

In order for self-signed certificates to work the administrator needs to provide a certificate file that will be installed on client machines that are to be connected to the server that uses self-signed certificates. The certificates need to be installed to the trusted root certificate authority store for either the current user (doesn’t require admin rights but needs to be completed for each user on the machine) or the local machine (requires admin rights and needs to be done only once for a machine).

 

Important:

The following section contains steps that require administrative privileges to perform. Serious problems might occur if these steps are performed incorrectly. Please make sure that you follow these steps carefully.

 

Certificates can be installed using the following means.

 

Command Line:

Running the following from an admin elevated command prompt will install the certificate to the trusted root certificate authorities for all users using that machine.

 

certutil.exe -f -addstore root <name_of_certificatefile>.cer

 

User Interface:

1.        Double click the certificate file provided by the administrator. This will open a certificate dialog.

2.        From the Certificate dialog, click the “Install Certificate” button located on the general tab. This will open a Certificate Import Wizard Window.

3.        Select the option to install the certificate for only the current user or for the Local Machine.

4.        Select “Place all certificates in the following store”.

5.        Click the browse button to open the store selection dialog.

6.        Select “Trusted Root Certification Authorities”

7.        Once the store is selected, click ok. This will return you to Certificate Import Wizard dialog and will display the certificate store and certificate to be installed into that store.

8.        Click finish to install the certificate.

 

Did this solve your problem?

Sorry this didn't help.


i had tried that already. had to import that also for my lumia.did not work.

 

i did read a few times now, that mail only works with ms hosted Exchange Solutions. Maybe they still want people to use outlook anyway ? Does not make sense to me though. Especially considering tablets, but ms does not always think things through.

Did this solve your problem?

Sorry this didn't help.


The Certificate Authority is in my "Trusted Root Certification Authorities" as I joined the Windows 8 RP box to my domain. Verified that SSL certs created from the domain are being seen proper in IE. Other thoughts?

Did this solve your problem?

Sorry this didn't help.


In my case with self-signed certificate I can synchronize mailbox only once. When I start Metro Mail application next time and try to synchronize mailbox application reports that "<name>@<domain> is unavailable". It can be fixed only by deletion and recreation of account in mail application.

GMail account works fine

Did this solve your problem?

Sorry this didn't help.


It's a certificate validation issue. Experienced the same issue here, using a certificate for Exchange issued by my own CA. As usual I trusted my CA by adding it to the trusted root certification authorities. This works fine for the desktop apps (Outlook, IE, complete with autodiscover and all) and also Metro IE correctly validates my self signed cert.

Metro mail (and calendar etc.) however kept giving me the incredible uninformative "Unable to Connect" message when adding Exchange accounts hosted on my own server. After purchasing a valid SSL certificate and adding it to my exchange server, I was suddenly able to add my accounts without a hitch and everything started working like a charm.

Looks like the metro mail/calendar/people apps don't work with your own root CA at this moment.. Quite a disappointment, I can imagine lot's of test/development setups use their own root CA's..

Did this solve your problem?

Sorry this didn't help.


Sorry but that's not correct... have a look at my first replay above... when you install fiddler2 and let fiddler monitor the traffic it will work. So it works with self created certificates... because that one that fiddler creates on the fly is definetly NOT an official certificate ;-)

Did this solve your problem?

Sorry this didn't help.


I'm quite sure it has something to do with certificate validation, but it interesting it seems to work with fiddler in the middle.. 

Let's dig a bit deeper then..

I don't know fiddler very well, but as I understand it acts as a man-in-the-middle. It seems it actually adds itself as a root ca authority when you tick the "Decrypt HTTPS Traffic" checkbox.

And i'm not a PKI expert either but this could mean traffic is using your self singed cert from exchange to fiddler, then fiddler decrypts it (enabling you to view the traffic), then fiddler signs it again with it's own certificate and sends it to the mail app.

Interestingly, this could mean Fiddler is somehow able to trust it's CA in a way the metro mail app accepts (or otherwise alter the traffic so it works). Also, BelPav mentions in his post he get's it to sync once and I've come accross a post on another forum where it was reported to started working after adding a certificate somehow (no details where given). Strange, the functionality might just not be finished yet..

Since this is not quite my area of expertise, I could offcourse be wrong. All I know is that my exchange server suddenly started working with the mail app when I changed my certificate from a self signed one to a "real" one..

Did this solve your problem?

Sorry this didn't help.


* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

 
Question Info

Views: 2,783 Last updated: September 17, 2013 Applies to: