TheBrewer
asked on
EXCHANGE 2007 BPA: Certificate SAN mismatch
I ran the BPA on our new Exchange 2007, on our SBS 2008 and i got the folloving certificate mismatch from the health check option::
Certificate SAN mismatch
The subject alternative name (SAN) of SSL certificate for https://sites/Autodiscover/Autodiscover.xml does not appear to match the host address. Host address: sites. Current SAN: DNS Name=ssl.DOMAINXYZ.com.
Certificate SAN mismatch
The subject alternative name (SAN) of SSL certificate for https://sites/Microsoft-Server-ActiveSync does not appear to match the host address. Host address: sites. Current SAN: DNS Name=ssl.DOMAINXYZ.com.
Certificate SAN mismatch
The subject alternative name (SAN) of SSL certificate for https://sites/owa/ does not appear to match the host address. Host address: sites. Current SAN: DNS Name=ssl.DOMAINXYZ.com.
The FQDN for the server is sbs.DOMAINXYZ.local
Here is some info from the certificate that i got from Equifax Secure Certificate Authority
CN = ssl.DOMAINXYZ.com
OU = Domain Control Validated - RapidSSL(R)
OU = See www.rapidssl.com/resources/cps (c)10
OU = GT11437210
O = ssl.DOMAINXYZ.com
C = DK
SERIALNUMBER = (REMOVED)
DNS Name=ssl.DOMAINXYZ.com
I had some certificate errrors in our outlook clients, but after the fix in this link: http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/configuring-exchange-server-2007-web-services-urls.html
they are all gone.
How do i get rid of the Certificate SAN mismatch?
Thanks
Certificate SAN mismatch
The subject alternative name (SAN) of SSL certificate for https://sites/Autodiscover/Autodiscover.xml does not appear to match the host address. Host address: sites. Current SAN: DNS Name=ssl.DOMAINXYZ.com.
Certificate SAN mismatch
The subject alternative name (SAN) of SSL certificate for https://sites/Microsoft-Server-ActiveSync does not appear to match the host address. Host address: sites. Current SAN: DNS Name=ssl.DOMAINXYZ.com.
Certificate SAN mismatch
The subject alternative name (SAN) of SSL certificate for https://sites/owa/ does not appear to match the host address. Host address: sites. Current SAN: DNS Name=ssl.DOMAINXYZ.com.
The FQDN for the server is sbs.DOMAINXYZ.local
Here is some info from the certificate that i got from Equifax Secure Certificate Authority
CN = ssl.DOMAINXYZ.com
OU = Domain Control Validated - RapidSSL(R)
OU = See www.rapidssl.com/resources/cps (c)10
OU = GT11437210
O = ssl.DOMAINXYZ.com
C = DK
SERIALNUMBER = (REMOVED)
DNS Name=ssl.DOMAINXYZ.com
I had some certificate errrors in our outlook clients, but after the fix in this link: http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/configuring-exchange-server-2007-web-services-urls.html
they are all gone.
How do i get rid of the Certificate SAN mismatch?
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
EndureKona:
Thank you for the file. I did what you said, but changed it to SBS Web Applications ( Se the screen dump from my IIS)
Akhater:
Thank you too. my AD domain is DOMAINXYZ.local
I still get the errors in the Exchange BPA.
Why is the BPA error referring to https://sites/..... when we when we try to add ssl.domainxyz.com?
Thanks.
IIS.jpg
Thank you for the file. I did what you said, but changed it to SBS Web Applications ( Se the screen dump from my IIS)
Akhater:
Thank you too. my AD domain is DOMAINXYZ.local
I still get the errors in the Exchange BPA.
Why is the BPA error referring to https://sites/..... when we when we try to add ssl.domainxyz.com?
Thanks.
IIS.jpg
did you do the commands i told you ?
ASKER
Akhater:
Yes, and i get theese yellov lines:
WARNING: The command completed successfully but no settings of 'SBS\owa
(SBS Web Applications)' have been modified.
..and theese red lines:
Set-OwaVirtualDirectory : "InternalUrl" only applies to Exchange 2007 virtual d
irectories.
At line:1 char:50
+ Get-OwaVirtualDirectory | Set-OwaVirtualDirectory <<<< -InternalURL https://
ssl.domainxyz.com/owa -ExternalUrl https://ssl.domainxyz.com/owa
Set-OwaVirtualDirectory : "ExternalUrl" only applies to Exchange 2007 virtual d
irectories.
At line:1 char:50
+ Get-OwaVirtualDirectory | Set-OwaVirtualDirectory <<<< -InternalURL https://
ssl.domainxyz.com/owa -ExternalUrl https://ssl.domainxyz.com/owa
Set-OwaVirtualDirectory : "InternalUrl" only applies to Exchange 2007 virtual d
irectories.
At line:1 char:50
+ Get-OwaVirtualDirectory | Set-OwaVirtualDirectory <<<< -InternalURL https://
ssl.domainxyz.com/owa -ExternalUrl https://ssl.domainxyz.com/owa
Set-OwaVirtualDirectory : "ExternalUrl" only applies to Exchange 2007 virtual d
irectories.
At line:1 char:50
+ Get-OwaVirtualDirectory | Set-OwaVirtualDirectory <<<< -InternalURL https://
ssl.domainxyz.com/owa -ExternalUrl https://ssl.domainxyz.com/owa
Set-OwaVirtualDirectory : "InternalUrl" only applies to Exchange 2007 virtual d
irectories.
At line:1 char:50
+ Get-OwaVirtualDirectory | Set-OwaVirtualDirectory <<<< -InternalURL https://
ssl.domainxyz.com/owa -ExternalUrl https://ssl.domainxyz.com/owa
Set-OwaVirtualDirectory : "ExternalUrl" only applies to Exchange 2007 virtual d
irectories.
At line:1 char:50
+ Get-OwaVirtualDirectory | Set-OwaVirtualDirectory <<<< -InternalURL https://
ssl.domainxyz.com/owa -ExternalUrl https://ssl.domainxyz.com/owa
Set-OwaVirtualDirectory : "InternalUrl" only applies to Exchange 2007 virtual d
irectories.
At line:1 char:50
+ Get-OwaVirtualDirectory | Set-OwaVirtualDirectory <<<< -InternalURL https://
ssl.domainxyz.com/owa -ExternalUrl https://ssl.domainxyz.com/owa
Set-OwaVirtualDirectory : "ExternalUrl" only applies to Exchange 2007 virtual d
irectories.
At line:1 char:50
+ Get-OwaVirtualDirectory | Set-OwaVirtualDirectory <<<< -InternalURL https://
ssl.domainxyz.com/owa -ExternalUrl https://ssl.domainxyz.com/owa
Now only this certificate SAN mismatch left:
The subject alternative name (SAN) of SSL certificate for https://sites/Autodiscover/Autodiscover.xml does not appear to match the host address. Host address: sites. Current SAN: DNS Name=ssl.mydomainxyz.com.
Thanks
Yes, and i get theese yellov lines:
WARNING: The command completed successfully but no settings of 'SBS\owa
(SBS Web Applications)' have been modified.
..and theese red lines:
Set-OwaVirtualDirectory : "InternalUrl" only applies to Exchange 2007 virtual d
irectories.
At line:1 char:50
+ Get-OwaVirtualDirectory | Set-OwaVirtualDirectory <<<< -InternalURL https://
ssl.domainxyz.com/owa -ExternalUrl https://ssl.domainxyz.com/owa
Set-OwaVirtualDirectory : "ExternalUrl" only applies to Exchange 2007 virtual d
irectories.
At line:1 char:50
+ Get-OwaVirtualDirectory | Set-OwaVirtualDirectory <<<< -InternalURL https://
ssl.domainxyz.com/owa -ExternalUrl https://ssl.domainxyz.com/owa
Set-OwaVirtualDirectory : "InternalUrl" only applies to Exchange 2007 virtual d
irectories.
At line:1 char:50
+ Get-OwaVirtualDirectory | Set-OwaVirtualDirectory <<<< -InternalURL https://
ssl.domainxyz.com/owa -ExternalUrl https://ssl.domainxyz.com/owa
Set-OwaVirtualDirectory : "ExternalUrl" only applies to Exchange 2007 virtual d
irectories.
At line:1 char:50
+ Get-OwaVirtualDirectory | Set-OwaVirtualDirectory <<<< -InternalURL https://
ssl.domainxyz.com/owa -ExternalUrl https://ssl.domainxyz.com/owa
Set-OwaVirtualDirectory : "InternalUrl" only applies to Exchange 2007 virtual d
irectories.
At line:1 char:50
+ Get-OwaVirtualDirectory | Set-OwaVirtualDirectory <<<< -InternalURL https://
ssl.domainxyz.com/owa -ExternalUrl https://ssl.domainxyz.com/owa
Set-OwaVirtualDirectory : "ExternalUrl" only applies to Exchange 2007 virtual d
irectories.
At line:1 char:50
+ Get-OwaVirtualDirectory | Set-OwaVirtualDirectory <<<< -InternalURL https://
ssl.domainxyz.com/owa -ExternalUrl https://ssl.domainxyz.com/owa
Set-OwaVirtualDirectory : "InternalUrl" only applies to Exchange 2007 virtual d
irectories.
At line:1 char:50
+ Get-OwaVirtualDirectory | Set-OwaVirtualDirectory <<<< -InternalURL https://
ssl.domainxyz.com/owa -ExternalUrl https://ssl.domainxyz.com/owa
Set-OwaVirtualDirectory : "ExternalUrl" only applies to Exchange 2007 virtual d
irectories.
At line:1 char:50
+ Get-OwaVirtualDirectory | Set-OwaVirtualDirectory <<<< -InternalURL https://
ssl.domainxyz.com/owa -ExternalUrl https://ssl.domainxyz.com/owa
Now only this certificate SAN mismatch left:
The subject alternative name (SAN) of SSL certificate for https://sites/Autodiscover/Autodiscover.xml does not appear to match the host address. Host address: sites. Current SAN: DNS Name=ssl.mydomainxyz.com.
Thanks
get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceIntern
ASKER
Akhater:
Command ran succesfully.
Stil the same Certificate SAN Mismatch:
The subject alternative name (SAN) of SSL certificate for https://sites/Autodiscover/Autodiscover.xml does not appear to match the host address. Host address: sites. Current SAN: DNS Name=ssl.mydomainxyz.com
Command ran succesfully.
Stil the same Certificate SAN Mismatch:
The subject alternative name (SAN) of SSL certificate for https://sites/Autodiscover/Autodiscover.xml does not appear to match the host address. Host address: sites. Current SAN: DNS Name=ssl.mydomainxyz.com
get-clientaccessserver | fl *uri*
get-AutodiscverVirtualDire
can you give me the output?
get-AutodiscverVirtualDire
can you give me the output?
ASKER
AutoDiscoverServiceInterna
InternalUrl : https://sites/Autodiscover/Autodiscover.xml
ExternalUrl :
InternalUrl : https://sites/Autodiscover/Autodiscover.xml
ExternalUrl :
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Solved
Thank you very much for all the time you spent on helping me.
Thank you very much for all the time you spent on helping me.
You are most welcome
is domainxyz.com your ad domain ?
you should continue what you started with
Get-OwaVirtualDirectory | fl *url*
then
Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -InternalURL https://ssl.domainxyz.com/owa -ExternalUrl https://ssl.domainxyz.com/owa
Get-ActiveSyncVirtualDirec
Get-ActiveSyncVirtualDirec
Get-ClientAccessServer | fl *uri*
get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceIntern