Eliminating the Outlook 2007 Security Warning w/o Using a UCC Certificate

12 November 2008 Brian-Ricks

This tip was sent to me from a good friend and business associate, John Lockett.

This procedure gets rid of the security warning in Outlook 2007, in cases where you apply a standard SSL certificate to the default web site, and the FQDN is different from the AD FQDN of the exchange server. First run the following commands in the Exchange Management Shell on

your Exchange 2007 CAS so that we would have a backup listing of the current settings:

 

Get-Clientaccessserver | fl > backupCAS.txt

Get-WebServicesVirtualDirectory | fl > backupWeb.txt

 

Now change the settings to remove the warning.

 

Set-Clientaccessserver -AutoDiscoverServiceInternalUri https://public FQDN, as appears in the certificate>/Autodiscover/Autodiscover.xml

set-WebServicesVirtualDirectory "\EWS (Default Web Site)" -InternalUrl https://public FQDN, as appears in the certificate>/EWS/Exchange.asmx

 

Wait a few minutes for implementation to complete.

Free/busy (aka Calendar information) within Office Communicator 2007

26 August 2008 Brian-Ricks

I have been fielded multiple questions lately about the mysteries of the calendaring information within Office Communicator 2007. Why does my email and SIP URI need to be the same? Why does Communicator Web Access (CWA) not pull information but it can display it? Where does the information pull/push come from? What versions of Exchange server are supported?

Understanding how and where the calendering information is relatively simple - in fact, the basic concept for the user free/busy information is back-end agnostic - Outlook on the desktop is the key component. Office Communicator uses Outlook (natively 2003 sp2 and newer) to make MAPI calls to retrieve the information. This small detail means Exchange 2003, Exchange 2007, and service pack level - it really does not matter (from a free/busy perspective) - the client can and will integrate!

This integration is possible when the user's SIP URI matches the user's email address; but what happens when this is not the case? If you install Office Communicator on a home computer and sign into your corporate OCS system, can (and should) it retrieve information from your local Outlook? It can (the should is up to you) if a simple registry change is made. By default Office Communicator compares the SIP URI to the email address of the default email profile and if they do not match, it does not integrate the two. The logic is simple - if the two integrate, conversation history, contacts, and free/busy will be folded into the OC experience. If they are not the same, an integration error is presented.

To modify the registry to all integration of your free/busy and conversation history regardless of your email address run regedt32 and set the following:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Communicator
Key (you may have to create this yourself): DisableEmailComparisonCheck
DWORD: 00000001

Make sure Communicator restarts to load the new registry information (or simply log out and back in) to force the integration. Remember - this registry change will integrate ANY Outlook email address with ANY OCS login so test and make the end result is what you are looking for.