tjwo94
asked on
Exchange Certificate update failure
I have an SBS 2011 Standard server with Exchange 2010.
The business recently changed it's name/domain. As a result I have changed the email domain in exchange. Exchange is being used for internal send/receive mail only, no remote access.
After completing the process, everything looks and is operating appropriately, with the exception of the certificate being updated in some fashion.
Users are using outlook 2010, as they also have some pop3 emails configured. Upon launching outlook, they immediately get a certificate warning that pops up twice. They can say yes to proceed and function normally.
The certificate warning is attached below. It references the email domain name at the top, but when I open the certificate, it appears to be for the new email domain name.
I have run the internet setup wizard multiple time, as well as the fix my network wizard without success. Is there another manual means of updating/correcting this issue?
Untitled.jpg
The business recently changed it's name/domain. As a result I have changed the email domain in exchange. Exchange is being used for internal send/receive mail only, no remote access.
After completing the process, everything looks and is operating appropriately, with the exception of the certificate being updated in some fashion.
Users are using outlook 2010, as they also have some pop3 emails configured. Upon launching outlook, they immediately get a certificate warning that pops up twice. They can say yes to proceed and function normally.
The certificate warning is attached below. It references the email domain name at the top, but when I open the certificate, it appears to be for the new email domain name.
I have run the internet setup wizard multiple time, as well as the fix my network wizard without success. Is there another manual means of updating/correcting this issue?
Untitled.jpg
If you are just using for internal purposes the Exchange organization, you can generate a new certificate with your internal CA, if you have one.
The SAN certificate name is probably wrong you have to generate a new SAN certificate with the correct domain .
Please take a look here:Create a New Exchange Certificate to see how you accomplish that.
Regards
The SAN certificate name is probably wrong you have to generate a new SAN certificate with the correct domain .
Please take a look here:Create a New Exchange Certificate to see how you accomplish that.
Regards
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Will,
I have not updated exchange virtual directories, and can't say that I know how. There is only one exchange server which is what I have updated.
I have not updated exchange virtual directories, and can't say that I know how. There is only one exchange server which is what I have updated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Your mistake was making the changes in Exchange directly.
If you had ran the wizards in SBS Console it would have changed the domain for you AND generated an SSL certificate that was suitable for the task. SBS should not be managed in the same way as the full product, as you will never make all of the changes the wizards make (I read somewhere it was over 200).
Simon.
If you had ran the wizards in SBS Console it would have changed the domain for you AND generated an SSL certificate that was suitable for the task. SBS should not be managed in the same way as the full product, as you will never make all of the changes the wizards make (I read somewhere it was over 200).
Simon.
ASKER
I re ran the wizards first Simon. First the internet setup wizard to change the email domain, then a fix network wizard ti hopefully clean up any lose ends. The certificate was created, however the wizard failed to apply all the changes necessary to other exchange components in order for everything to work properly. The url I posted shows the pieces the wizard failed to complete, otherwise the wizard did a great job.
ASKER
What I found did the trick, no more cert errors. Thank for getting me looking in the right place.
ASKER
When I run an autodiscover test from an outlook client I notice these things are still referencing the old domain:
Exchange RPC
Availability URL service
OOF URL
OAB URL
Unified Message Service URL
Exchange HTTP
Availability URL service
OOF URL
OAB URL
Unified Message Service URL
Certificate Principle Name