Twitter

Tuesday, December 4, 2012

Lync/ Exchange Certificates CRL Check (Proxy Servers)

In Exchange, as well as in Lync in always have some customers using proxy server.
Due to nature of proper certificate validation processes, windows server need to validate the CRL (Certificate Revocation List). Since the CRL is a normal file, which we can download from CA provider, we need to ensure the accessibility of those files.

in some customer environments we also find a mysterious behavior and we need to modify the WINHTTP proxy settings manually.

there are two ways how to do so, if the normal IE setting will not work:

netsh winhttp import proxy ie
or
netsh winhttp set proxy proxy-server="http://wstmg.customer.com:3128" bypass-list="*.customer.com,<local>"



while with the bypass-list we need to play around till it fits.
Also happened, especially in Exchange, I had to reboot the server before the settings got activated.

Also don't forget about the IE Setting:
for installation purposes (also for service packs), you should disable these setting if you DONT have an Internet connection, but later make sure its enabled again.


3 comments:

  1. Awesome! I was thinking this is more work then this, i will need just few clicks.

    ReplyDelete
  2. Hi Jessica,
    well, even if you link to another proxy server website, what kind of information you are lacking?

    ReplyDelete