Cannot connect entourage 2004 to SBS 2003

[stephenh2]

I have been able to bind my powermac at work to active directory on Win
SBS 2003. I cannot connect to exchange server when I open entourage
2004. I get the message: "Unable to establish a secure connection to
hrimsbs1.highrock.loc becuase the correct root certificate is not
isntalled." Under the help menu, it mentions copying the PEM (base-64)
root certificate to desktop and adding the certificate using Keychain
access to X509 anchors.

I have asked my IT guy to supply me with a copy of the certificate. He
is befuddled by this request. (only knows Win XP machines).

When I open keychain access and select certificates, a certificate
appears as hrimsbs1.highrock.loc.
Under info, the public key is 128 bytes and key size is 1024 bits. I
have set the trust settings to always trust for all selections.

I can open OWA using safari. Does that mean that WebDAV is active on
the server?

Is the wrong root certificate type being generated and how do I fix
that?

 

[William Smith]

I have been able to bind my powermac at work to active directory on Win
SBS 2003. I cannot connect to exchange server when I open entourage
2004. I get the message: "Unable to establish a secure connection to
hrimsbs1.highrock.loc becuase the correct root certificate is not
isntalled." Under the help menu, it mentions copying the PEM (base-64)
root certificate to desktop and adding the certificate using Keychain
access to X509 anchors.

Hi Stephen!

Have a look at this great article on themachelpdesk.com
<http://www.themachelpdesk.com/modules.php?op=modload&name=News&file=inde
x&catid=&topic=19>.

The following is a snippet of the text on that page that explains what's
happening.

======================================

Exchange 2000 and 2003 both generate a self-signing SSL certificate for
use with Outlook Web Access, due to the fact that not using SSL sends
your login information in clear text form, leaving you open to
miscreants who would steal your passwords.

Many organizations rely on these certificates for peace of mind.
Enabling Outlook Web Access without SSL is not good for a network
administrator's job security or corporate trade secrets. To effectively
and securely use WebDAV, from inside a firewall or out, it's necessary
to use an SSL certificate, and Entourage 2004 needs WebDav to do its
job. Some organizations pay for Verisign certificates for this purpose,
but in reality there's no good reason to do so, since the certificate
generated by the Exchange server is sufficient for a Mac web browser
connecting to Outlook Web Access.

======================================

The rest of the article provides step by step instructions for what you
can do.

Hope this helps! bill

 

[stephenh2]

Ok,

I followed the directions in the themachelpdek.com article. I think
their screen shots are for Entourage X. I am using 2004. After
exporting and installing the cert using MS cert manager, I was able to
sync with exchange with my personal folder.

However, I cannot get access to the global company address list. Is
this a limitation of Entourage 2004 or have I omitted a setting
somewhere.

Stephen Hsieh

 

[stephenh2]

Ok,

I followed the directions in the themachelpdek.com article. I think
their screen shots are for Entourage X. I am using 2004. After
exporting and installing the cert using MS cert manager, I was able to
sync with exchange with my personal folder.

However, I cannot get access to the global company address list. Is
this a limitation of Entourage 2004 or have I omitted a setting
somewhere.

Stephen Hsieh

 

[stephenh2]

OK, I got the public folders working now. I installed the cert using MS
cert manager. When I dragged it to Keychain.app, I asked for two
passwords (one for the cert, the other for keychain.app). I tried all
my admin passwords for keychain and none of them worked.

Whenever I open entourage, I get the same message " unable to establish
secure connection etc" but as soon as I enter OK, it then syncs
exchange without trouble.

Is their a special admin password for keychain? if not, can I reset it?

 

[William Smith]

Ok,

I followed the directions in the themachelpdek.com article. I think
their screen shots are for Entourage X. I am using 2004. After
exporting and installing the cert using MS cert manager, I was able to
sync with exchange with my personal folder.

However, I cannot get access to the global company address list. Is
this a limitation of Entourage 2004 or have I omitted a setting
somewhere.

Hi Stephen!

Good to hear you're making progress. If you're synchronizing then the
certificate is installed correctly. If you're unable to access the GAL
then you may not have the correct information entered for your LDAP
server.

Go to Tools --> Accounts --> your Exchange account --> Advanced and look
for the LDAP field. Enter the fully qualified name of your company's
LDAP server. It'll be in the form of server.domain.com. If you're not
sure what you should use for an LDAP server try a domain controller or
consult with your Exchange admin.

Hope this helps! bill

 

[stephenh2]

Thanks for the encouragement. Why does the message still appear that
"unable to establish secure connection---root certificate not properly
installed" when I am synching to exchange and receiving my email?