Hello all. We are experiencing a problem where our internal Outlook 2007
clients are reporting a certificate error on startup/connection to our
Exchange 2007 server. Here is a brief overview of our setup:
Domain: Windows Server 2003 AD domain with 2 DCs running Windows Server 2008 (64)
Exchange setup: 1 member server running Server 2008 (64) w/ 1 HUB Server and
1 Mailbox Server - 1 member server running Server 2008 (64) w/ 1 CAS server. (All Exchange 2007 SP1).
On the CAS server, we've implemented 2 certificates. One is a 3rd party SAN cert containing all necessary
names for external access (which is working fine). We've also enabled the default simple cert that ships with Ex2K7 strictly for internal clients. We've done this because our external domain name is different than our internal domain name. This saved us quite a bit of money on the 3rd party cert what with not having to add the internal names to it. I read several posts at the Exchange Teams blog that gave me the impression that this would work fine as that cert would be trusted on the internal domain.
Now for the issue at hand - when an internal client w/ Outlook 2K7 opens
Outlook, they receive a cert error (twice) stating that the name on the cert doesn't
match the name of the site. When you view the cert, it is showing the external site name, not the internal localhost name of the CAS server. I've checked
both certs on the CAS server: both are correct and valid and the internal cert
does list both the internal NETBIOS and FQDN names of the CAS server. I've also checked
the SCP and it too is listing the correct internal names for the CAS server.
I've run "test-outlookwebservices -identity <my username>" and it only returns one error:
Id : 1005
Type : Error
Message : When accessing
https://<localhostname>/Au
todiscover
/
Autodiscover.xml the error "RemoteCertificateNameMism
atch:CN=<h
ere it lists the information that is on our extrnal certificate>" was reported.
Any help would be greatly appreciated.
Adam
