[SOLVED] Unable to establish a secure connection to the server

[lytledd]

After a successful upgrade from Zimbra NE 7.1.0 to Zimbra NE 7.1.1, I'm getting reports of Outlook unable to connect. The complete error below:

Unable to establish a secure connection to the server because the identity of the server could not be verified due to a problem with the server's certificate.

All operations requiring a server connection, such as email send/receive and synchronization, will be disabled.

Contact your system administrator for assistance.

(As a temporary measure, you may be able to establish a non-secure connection by unchecking the 'Use Secure Connection' box on the profile dialog.)

Reverting back to ZimbraConnectorOLK_7.1.0 resolves the issue.

Anybody else seeing this?

Doug

[BBPenguin]

Hi Guys,

I can confirm this.

We recently upgraded to Zimbra 7 NE.

Using the 7.1.0 connector works.
Upgrading to 7.1.1 I receive the same as above.

I have attached ZCO logs from Outlook ( just replaced email address and servername with generic name )

[lytledd]

Opened up a bug report:

https://bugzilla.zimbra.com/show_bug.cgi?id=60614

Doug

[lytledd]

https://bugzilla.zimbra.com/show_bug.cgi?id=60614

For those that aren't following the ticket, the fix for this is:

--- Comment #7 from Dave Bound <dbound@zimbra.com> 2011-06-07 05:28:00 ---
You can revert to the old behaviour by visiting the Zimbra support dialog from
within Outlook

OL2007: View->Toolbars->Zimbra Support->Advanced button
OL2010: Zimbra ribbon->Advanced button

and ticking "Allow invalid certs". This reverts ZCO to 7.1.1 behaviour.

Doug

[dicks]

In the German version of 7.1.1 the option is called SUP_ADV_CB_ALLOW_INVALID

Confirmed that this works.

[quietas]

I too have run into this. Will it be resolved to default to the original status, or better yet be something we can set from the server side?

[BBPenguin]

This has been filed as a bug under https://bugzilla.zimbra.com/show_bug.cgi?id=60614

In the interim, at the the above link there is a "patch" script that you can run against the MSI that will allow the client connector to accept untrusted certs.

I would recommend that you run the patch script against the MSI on your server, upload the "patched" MSI to your server again, so that user's can download the "patched" version, which should resolve the access via SSL with a untrusted cert to fail problem.

[quietas]

Rather than modifying this and each installer from now on, I decided to use this as a push to get my company to finally get around to getting a proper SSL cert. Namecheap.com and a couple others have basic certs under $30/year for single addresses.

[jah732]

Can someone please post detailed "for dummies" instructions on how to deploy the patch? I am NOT the tech person for my institution and have very limited technical know-how.

My problem is that we just switched to UCS (we used to have Oracle) so I cannot revert back to an earlier version to solve the problem.

I use Outlook on my personal netbook running Windows XP but my institution does NOT support the use of Outlook, so when I had this error described above with OLC 7.1.4 there was very little support the IT department would offer. They would not install the patch, even though they did offer the link to download the connector in the first place. So I am more or less on my own for getting Zimbra to sync with Outlook on my personal netbook.

I found this thread but when I tried to run the patch against the msi using msiexec nothing happened so obviously I am missing something. Does this patch only work on the server (to which I do not have administrative rights)? If so, is there an end-user patch available?

Thus I need absolutely basic instructions on how to deploy this patch or otherwise get Zimbra to sync with Outlook.

I would appreciate the help.

thx

[BBPenguin]

Hi,

You don't have to use a secure connection, although it's highly recommended.

The Secure connection option connects over https ( port 443 )

To temporarily work around this, try this.

In Windows go to Control Panel > Mail > Select your Zimbra profile > Properties > Select E-mail accounts button > New window pop's up, highlight your account that's displayed there , type should be MAPI > click Change > deselect Use Secure Connection and apply.

Start Outlook again, it should connect without any issues as it's using a standard http ( Port 80 ) connection.

You can now enable Outlook to use the secure connection by doing the following :

In OLK 2007 go to View > Toolbars > Select Zimbra Support, a new bar should appear at the top of Outlook with Zimbra options > Select Advanced Zimbra Button > Select Allow invalid certificates.

You can now select Use Secure connection using the above steps, or from within Outlook by going to Tools > Account settings.

Hope this helps.