Managing Exchange Certificates with Multiple Domain's

Hi Guys,

I have another Exchange issue!

We have a customer with Exchange 07. The Exchange server manages currently two external domains, with plans for a third. Lets say they are 123.com and 321.com. The internal domain is 123.local.

We want users to use Outlook Anywhere from both inside and outside the office, im a confused as to how to manage the certificates. We have configured the Outlook Anywhere settings to use the FQDN of 123.com, however when we connect internally it gives a certificate error and shows 123.local. Does this mean we need a certificate for 123.local? Is this possible?

If a user has an email address on 321.com, do they need to put the exchange name as 123.com? If we want to use 321.com, do we need a multidomain certificate? Is this possible?

Thanks in Advance
LVL 3
The_R0CKAsked:
Who is Participating?
 
SembeeConnect With a Mentor Commented:
Very common problem.
The name that Outlook 2007 uses to connect to the server is stored in the domain. By default it will be the server's real name. You need to ensure that all URLs in Exchange, particularly around the web services, autodiscover etc are set to the external URL. I cannot be more specific than that at the moment as I am on site without Exchange 2007 and I have written the article on it myself yet. I usually use powergui (http://www.powergui.org/) to work with the SSL certificates and URLs, it is easier than Powershell itself.

Simon.
0
 
SembeeCommented:
Exchange 2007 generates its own certificate, using the server's local name. You need to replace that certificate with the certificate issued to the public name.

Simon.
0
 
The_R0CKAuthor Commented:
We have already replaced the certificate with a public certificate, however we still get a certificate error while working internally within the office.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
SembeeCommented:
Do you have your network configured to resolve the external name to the internal IP address? If not then you need to set that.
Have you also configured both internal and external URLs on the various folders to the external name? Again do that as that information is written elsewhere that the clients will use.

SSL certificate support on Exchange 2007 is a real pig to get right, because of the way that Microsoft have implemented, plus changing it with SP1 for both Exchange and Outlook 2007. I have notes for a future article for my web site, but I am not writing anything on Exchange 2007 until SP1 is released (very soon now).

Simon.
0
 
The_R0CKAuthor Commented:
I have set the Outlook anywhere address to mail.123.com in Exchange. I have configured split-DNS so that mail.123.com resolves to the internal Exchange IP.

Under this configuration OWA work fine inside and outside (no certificate errors).

Outlook anywhere works fine outside (no certificate errors) however inside the office Outlook shows a certificate error stating that the server name does not match the certificate, saying the server name is mail.123.local (where the certificate is for mail.123.com). So I need somehow to get the server to offer mail.123.com when Outlook anywhere is used inside the office??
0
 
Computer101Commented:
Forced accept.

Computer101
EE Admin
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.