Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

CUPS 8.6 - Exchange Calender Integration

We have CUPS 8.6 on production, we are planning to integrate CUPC with exchange calender.

We have configured Presence gateway with AD users, AD users are configured Exchange view only, Receive As permissions ect.

Once we configured it, we are getting below error.

Exchange Reachability (pingable) Reachable
Exchange SSL Connection/Certificate Verification

We would like to know what cerificate is missing and what certificate needs to be installed on CUPS.

I have attached the screen shot of gateway configuration and certificate error.

Pls. suggest.

Everyone's tags (1)
2 ACCEPTED SOLUTIONS

Accepted Solutions
Super Bronze

Re: CUPS 8.6 - Exchange Calender Integration

Yes. You need to look at the certificate chain, and ensure all the certs involved are installed. If there are multiple server (i.e. that ISA-02 is not the root CA) then you need the intermediate server certs as well.

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
Super Bronze

Re: CUPS 8.6 - Exchange Calender Integration

Hi

If the two cluster members share the SAME subject name/certificate (e.g. regardess of which one is active, you accces it via CAS-CLUSTER) then you don't need to import both.

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
9 REPLIES
Super Bronze

CUPS 8.6 - Exchange Calender Integration

Hi

From what I can gather CUPS can pull the certificates from your Exchange server if it has a certificate issued directly by a root CA, by lcking the 'accept certificate chain' option. If you have a cert issued by a subordinate CA (which is very common) it doesn't seem to work.

Here's what I do:

1) Browse to OWA, then click the 'padlock' icon in IE or Firefox to view the certificate details.

2) On one of the tabs, you can export that certificate.

3) You can also view the certificate chain, do this and then view each certificate in the chain. Export each one to a file.

4) Once done, go to OS admin, and upload all the certificates (some may already have been imported, but one will  be missing at least). Import them as presence-trust certificates.

Once that's all done you should be able to validate the cert chain in presence admin.

Aaron Harrison

Principal Engineer at Logicalis UK

Please rate helpful posts...

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
Community Member

Re: CUPS 8.6 - Exchange Calender Integration

Hi Aaron

I have did the same as you mentioned.

through OWA export the certificate and installed on CUPS through OS

Back in Gateway, I have  clicked "Configure" and checked Accept Cerificate Chain.

Exchange SSL Connection/Certificate Verification Missing Certificates 

I am getting same error.

Pls. advice.

I have attached the screenshot of OWA and CUPS certificate upload

Message was edited by: RAJESH KUMAR

Super Bronze

Re: CUPS 8.6 - Exchange Calender Integration

Hi

In that cert2.jpg I don't see the cert for your the root CA (whatever that server is that ends in ISA-02 in the cert chain display).

You've highlighed something with CUPS in the hostame in the OS cert admin page - that looks like the CUPS  server certiicate, not your root CA.

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
Community Member

Re: CUPS 8.6 - Exchange Calender Integration

Thanks,

I have below certificate(CAS-CLUSTER)installed on CUPS, which is downloaded from OWA.

Under Cups OS certificate,

--------------------------------------

cup-trust    trust-certs    CAS-CLUSTER.pem    CAS-CLUSTER.der

What you suggest is, we also need to install root certificate form the server ends with ISA-02 ?

Pls. suggest.

Rgds

Rajesh

Super Bronze

Re: CUPS 8.6 - Exchange Calender Integration

Yes. You need to look at the certificate chain, and ensure all the certs involved are installed. If there are multiple server (i.e. that ISA-02 is not the root CA) then you need the intermediate server certs as well.

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
Community Member

Re: CUPS 8.6 - Exchange Calender Integration

Thanks for the information,

ISA-02 is the root CA.

All the exchange CAS servered certificates are issued by ISA-02.

I will install exchannge CAS-CLUSTER ansd ISA-02 certifcate and update you.

One more question, we have ISA-01 and ISA-02 and CAS-CLUSTER (CAS-01 server, CAS-02 server), we need to install individual server certificate on CUPS ?

Thanks & Rgds

Rajesh

Super Bronze

Re: CUPS 8.6 - Exchange Calender Integration

Hi

If the two cluster members share the SAME subject name/certificate (e.g. regardess of which one is active, you accces it via CAS-CLUSTER) then you don't need to import both.

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
Community Member

Re: CUPS 8.6 - Exchange Calender Integration

Dear Aaron

Thanks a lot. Problem resolved after installing certiface chain (root CA and cas-cluster) on CUPS.

Rgds

Rajesh

Community Member

CUPS 8.6 - Exchange Calender Integration

What if ICMP isn't allowed to the exchange server, does this have to be enabled for this to work?

Thanks,

Joe

995
Views
0
Helpful
9
Replies
CreatePlease to create content