?
Solved

Managing Exchange Certificates with Multiple Domain's

Posted on 2007-11-14
7
Medium Priority
?
1,221 Views
Last Modified: 2012-08-14
Hi Guys,

I have another Exchange issue!

We have a customer with Exchange 07. The Exchange server manages currently two external domains, with plans for a third. Lets say they are 123.com and 321.com. The internal domain is 123.local.

We want users to use Outlook Anywhere from both inside and outside the office, im a confused as to how to manage the certificates. We have configured the Outlook Anywhere settings to use the FQDN of 123.com, however when we connect internally it gives a certificate error and shows 123.local. Does this mean we need a certificate for 123.local? Is this possible?

If a user has an email address on 321.com, do they need to put the exchange name as 123.com? If we want to use 321.com, do we need a multidomain certificate? Is this possible?

Thanks in Advance
0
Comment
Question by:The_R0CK
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
7 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 20287844
Exchange 2007 generates its own certificate, using the server's local name. You need to replace that certificate with the certificate issued to the public name.

Simon.
0
 
LVL 3

Author Comment

by:The_R0CK
ID: 20304155
We have already replaced the certificate with a public certificate, however we still get a certificate error while working internally within the office.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20304248
Do you have your network configured to resolve the external name to the internal IP address? If not then you need to set that.
Have you also configured both internal and external URLs on the various folders to the external name? Again do that as that information is written elsewhere that the clients will use.

SSL certificate support on Exchange 2007 is a real pig to get right, because of the way that Microsoft have implemented, plus changing it with SP1 for both Exchange and Outlook 2007. I have notes for a future article for my web site, but I am not writing anything on Exchange 2007 until SP1 is released (very soon now).

Simon.
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 3

Author Comment

by:The_R0CK
ID: 20326286
I have set the Outlook anywhere address to mail.123.com in Exchange. I have configured split-DNS so that mail.123.com resolves to the internal Exchange IP.

Under this configuration OWA work fine inside and outside (no certificate errors).

Outlook anywhere works fine outside (no certificate errors) however inside the office Outlook shows a certificate error stating that the server name does not match the certificate, saying the server name is mail.123.local (where the certificate is for mail.123.com). So I need somehow to get the server to offer mail.123.com when Outlook anywhere is used inside the office??
0
 
LVL 104

Accepted Solution

by:
Sembee earned 1200 total points
ID: 20327265
Very common problem.
The name that Outlook 2007 uses to connect to the server is stored in the domain. By default it will be the server's real name. You need to ensure that all URLs in Exchange, particularly around the web services, autodiscover etc are set to the external URL. I cannot be more specific than that at the moment as I am on site without Exchange 2007 and I have written the article on it myself yet. I usually use powergui (http://www.powergui.org/) to work with the SSL certificates and URLs, it is easier than Powershell itself.

Simon.
0
 
LVL 1

Expert Comment

by:Computer101
ID: 20558591
Forced accept.

Computer101
EE Admin
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question