Author Topic: Connecting Outlook to Openchange with a real.com virtual domain  (Read 2193 times)

jodel

  • Zen Monk
  • **
  • Posts: 52
  • Karma: +2/-0
    • View Profile
Connecting Outlook to Openchange with a real.com virtual domain
« on: January 21, 2016, 05:15:08 pm »
Hi,
I have just done a fresh reinstall of 4.2 Development Edition
I called my server "mail" and accepted all other defaults  i.e
domain zentyal-domain.lan etc

After the install I created a virtual email domain called myrealdomain.com ( using my actual registered domain name)
Created cert for that domain
Added some uses with emails at the domain.
Added  mail.myrealdomain.com  and myrealdomain.com   to DNS
Ticked all boxes in openchange for both zentyal-domain.lan and myrealdomain.com
Downloaded Certs for both domains and added to windows 7 .  They are both listed in the Trusted Root Certification Authority.
Windows 7 uses the Zentyal Server to resolve dns

When I try to set up an Outlook connection I get the error "An encrypted connection to you server is not available.

Where am I going wrong??

What exactly should I type into outloook when tring to set up the mail?
All the docs use "zentyal-domain.lan for the email address.  I am trying to use a real email address  i.e user @ myrealdomain.com
Any logs I can look in to see what is happening.
Several previous similar installs using 4.0 worked.
Is 4.2 broken?

Jodel

jodel

  • Zen Monk
  • **
  • Posts: 52
  • Karma: +2/-0
    • View Profile
Re: Connecting Outlook to Openchange with a real.com virtual domain
« Reply #1 on: January 21, 2016, 10:01:41 pm »
I think it must relate to installing the correct certs in Windows.  Zentyal generates 4 files in the downloaded zip.  Is there any clear guide as to which file/files should be used and how  is/(are they) installed?
Jodel

jodel

  • Zen Monk
  • **
  • Posts: 52
  • Karma: +2/-0
    • View Profile
Re: Connecting Outlook to Openchange with a real.com virtual domain
« Reply #2 on: January 21, 2016, 10:42:29 pm »
I have crt files installed in Windows for myrealdomain.com  zentyal-domain.lan  and the Zentyal CA cert.
Windows does not accept the pem files.
Do they need to be installed and if so how?

When I try to set up an email account in outlook using  user@myrealdomain.com it complains that the cert has a name mismatch.
When I check the name on the cert it says that it is zentyal-domain.lan which clearly does not match myrealdomain.com.

Is there any simple guide that explains  how to set up Zentyal with a local domain and an internet domain and how to install the necessary certs on windows to enable outlook to connect with an Internet email domain?

Any guidance would be appreciated.

Jodel


trysomething

  • Zen Warrior
  • ***
  • Posts: 119
  • Karma: +5/-0
  • Founder of The Tiki Lab
    • View Profile
    • The Tiki Lab | Bridging the gap between technology and vision impairment!
Re: Connecting Outlook to Openchange with a real.com virtual domain
« Reply #3 on: January 23, 2016, 04:15:53 pm »
Allow me to blow your mind right now...
Turns out you need to go into Mail > Openchange and UNCHECK the box for Autodiscover.  Even better you need to delete your TLD from Zentyal DNS.
I LITERALLY just stayed up all night long figuring that out.  Like seriously, I have been here for nearly 24 hours and I just figured that out!
So leave your TLD in Virtual Domains and leave the webmail and Outlook Anywhere boses checked.  The problem is that when you add your outside domain into your local Zentyal DNS then it routes traffic into itself thusly making it's own certificates invalid.
It's called a hair pin turn - DNS servers don't really like doing that.
Oh, yeah almost forgot to mention that the Autodiscover record is already and always created inside Zentyal - it doesn't go away.  You will have to go to your hosting control panel from your ISP or registrar or wherever and create a subdomain "Autodiscover.yourdomain.com" - it's important to use "A" instead of "a" for "Autodiscover" in that subdomain by the way.
If you want to get some trusted SSL certs installed and not mess with the self signed stuff I wrote a post on it.  I'm seriously too tired to go looking for it, but there's also a Zentyal Without Tears document I made and put up in these here forums too.
Good luck and enjoy!
You will have to excuse my posts not having actual links in them.  I'm blind and can never find that insert hyperlink button LoL.  If you, or someone you know has vision problems check out The Tiki Lab.

jodel

  • Zen Monk
  • **
  • Posts: 52
  • Karma: +2/-0
    • View Profile
Re: Connecting Outlook to Openchange with a real.com virtual domain
« Reply #4 on: January 26, 2016, 01:25:05 pm »
Thanks so much for your reply and sorry for not responding sooner.  I was away for the week end and away from wifi and computers.
I will try as you suggest, later on today and report back.
Thanks,

Jodel

jodel

  • Zen Monk
  • **
  • Posts: 52
  • Karma: +2/-0
    • View Profile
Re: Connecting Outlook to Openchange with a real.com virtual domain
« Reply #5 on: January 28, 2016, 12:02:31 pm »
I tried as you suggested but still had a problem with certificates.  I reinstalled using the suggested settings in this thread:
https://forum.zentyal.org/index.php/topic,26714.0.html

Here is what I entered in the setup:

Hostname:
mail

Domain:
lan.mydomain.com

Mail Domain:
mydomain.com
(NB by default the installer wants this to be "lan.mydomain.com" and you have to change this)

First Organisation:
MyOrganisation


I downloaded the CA cert for the server and the cert for the mail domain and installed them on windows.

I then followed your advise re autodiscover and dns.

The connection did not happen automatically.  I had to go into advanced settings in mail on windows and tick always prompt for login.
After logging in it found the user and set up outlook after that.

Jodel


trysomething

  • Zen Warrior
  • ***
  • Posts: 119
  • Karma: +5/-0
  • Founder of The Tiki Lab
    • View Profile
    • The Tiki Lab | Bridging the gap between technology and vision impairment!
Re: Connecting Outlook to Openchange with a real.com virtual domain
« Reply #6 on: January 28, 2016, 10:04:59 pm »
When you say you're installing the certs are you just letting the wizard handle everything or are you installing them to the Trusted Root CA?
Also, it's actually just the Root CA that you need to install.  Go into your Zentyal WebAdmin then browse to Mail>Openchange, on there is a big button to download your certs.  That's it, just that single crt will do it.  Keep in mind it has to be installed to the local user (default for cert installer on Windows) and it has to be installed to the Trusted Rooc CA's (not default, pick choose > Browse > Trusted Root CA) you may be warned about installing an untrusted ssl cert as a trusted Root, yes you want to do that since it's your own cert.
Anyways, glad to hear you got it up and running, keep on reading the Wiki and Zentyal Documentation and you'll keep figuring more out.  Never mind the trolls who keep coming in the forums complaining about this free, beta test software not working as they expect.  As we are beta testing new, cutting or bleeding edge solutions for Zentyal they are letting us use a fully functional, super solid server product at not cost.  Microsoft NEVER does that, I know because I've been a certified partner for 20 years now.  I'm also a MOS Master III, a SBS MVP and blah blah blah, they never gave me much more than a few versions of Office for free and it wasn't even the Pro Plus LoL.
Keep up the good work and I hope you get things dialed in soon.
You will have to excuse my posts not having actual links in them.  I'm blind and can never find that insert hyperlink button LoL.  If you, or someone you know has vision problems check out The Tiki Lab.

jodel

  • Zen Monk
  • **
  • Posts: 52
  • Karma: +2/-0
    • View Profile
Re: Connecting Outlook to Openchange with a real.com virtual domain
« Reply #7 on: January 29, 2016, 09:58:29 pm »
Thanks for your response and help, which I appreciate.
Yes, I am putting them into the Trusted Root CA, using certmgr.msc .
However, I was running it in Virtualbox and Zentyal kept freezing so I made a new direct standard  install on a stand alone server.  I used all the same settings (as I had written them down),  I deleted the old certs in windows, reinstalled the certs from the new install and believe it or not Outlook will not connect again!!

I have not applied all the updates, as on my last install, when I did, SoGo stopped working on port 443.
See post
https://forum.zentyal.org/index.php/topic,27346.0.html

You mention that "we are beta testing new, cutting or bleeding edge solutions for Zentyal they are letting us use a fully functional, super solid server product "
I am not sure if beta versions and super solid go together :)
While we must be grateful for anything that is given to us at no cost, It would be nice if, like other opensource projects, Zentyal gave the Community open access to the stable repositories as opposed to the testing ones.  Is 4.1 considered stable or is it only the repositories that the commercially supported version of Zentyal use that are stable?

Meanwhile  Outlook tells me "The name cannot be resolved, The connection to MS Exchange is unavailable.  Outlook must be online or connected to complete this action."
Also I can't figure that if you have "autodiscover" , you must turn it off to discover the server.  Its a little counterintuitive :)

Jodel



trysomething

  • Zen Warrior
  • ***
  • Posts: 119
  • Karma: +5/-0
  • Founder of The Tiki Lab
    • View Profile
    • The Tiki Lab | Bridging the gap between technology and vision impairment!
Re: Connecting Outlook to Openchange with a real.com virtual domain
« Reply #8 on: February 03, 2016, 09:01:22 pm »
Holy cow I thought I had replied to you on this one.  Here's a quick breakdown of things.
1.  Openchange/Sogo/Samba/Apache2 already creates the autodiscover record and you should NOT try to manually make that.
2.  Adding your TLD into Zentyal DNS will ONLY create a local DNS entry, that means that the alias of autodiscover created in the local Zentyal will only be able to resolve inside of your LAN. 
So if your publid IP is 123.45.67.89 and your TLD is example.com but your internal IP is 192.168.1.1 then inside of your LAN you'll see autodiscover.example.com resolve to autodiscover.192.168.1.2 BUT outside the external DNS directs to autodiscover.123.45.67.89
Ironically in looking at that it kind of makes sense to me now though.  Now I'm going to go back and hit the books to see if I can figure this out some more.
By the way did you ever get this up and running?  I'm still struggling with an Openchange issue on another post so I'm kind of distracted right now LoL.
Sorry for the lag in replying.

******I'm an idiot - all the stuff I said about NOT putting your TLD in local DNS was wrong and based on me coming down off of a 36 or so hour work day.  Turns out it does actually make sense from the DNS side of things and in fact has solved one of my current issues.  Which is strange since doing the opposite (removing my TLD) solved another issue some time ago.
Anyways If you're behind a router and you set a local IP to your Zentyal 4+ server then you deffinately want to add it into your DNS.  You ABSOLUTELY DO NOT want to try and assign the Public IP address to it though.  That is where the secret is!
Say for example your router IP address is 192.168.1.1 and your Zentyal IP address is 192.168.1.10, in the Zentyal DNS you'll put 192.168.1.10 ONLY for the TLD IP address.  This way your external DNS routes traffic into your router with the public IP, then your router directs it into your Zentyal box and finally your Zentyal DNS resolves it appropriately.
Having your external DNS point to "Autodiscover.yourdomain.com" to your IP address is still imperative, but checking the box inside Openchange to enable Autodiscover is still worth the effort.
Sorry I was wrong before, and I'm still curious to know if you'd ever sorted this all out.
« Last Edit: February 03, 2016, 11:26:59 pm by trysomething »
You will have to excuse my posts not having actual links in them.  I'm blind and can never find that insert hyperlink button LoL.  If you, or someone you know has vision problems check out The Tiki Lab.