Solved

Managing Exchange Certificates with Multiple Domain's

Posted on 2007-11-14
7
1,216 Views
Last Modified: 2012-08-14
Hi Guys,

I have another Exchange issue!

We have a customer with Exchange 07. The Exchange server manages currently two external domains, with plans for a third. Lets say they are 123.com and 321.com. The internal domain is 123.local.

We want users to use Outlook Anywhere from both inside and outside the office, im a confused as to how to manage the certificates. We have configured the Outlook Anywhere settings to use the FQDN of 123.com, however when we connect internally it gives a certificate error and shows 123.local. Does this mean we need a certificate for 123.local? Is this possible?

If a user has an email address on 321.com, do they need to put the exchange name as 123.com? If we want to use 321.com, do we need a multidomain certificate? Is this possible?

Thanks in Advance
0
Comment
Question by:The_R0CK
  • 3
  • 2
7 Comments
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
Exchange 2007 generates its own certificate, using the server's local name. You need to replace that certificate with the certificate issued to the public name.

Simon.
0
 
LVL 3

Author Comment

by:The_R0CK
Comment Utility
We have already replaced the certificate with a public certificate, however we still get a certificate error while working internally within the office.
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
Do you have your network configured to resolve the external name to the internal IP address? If not then you need to set that.
Have you also configured both internal and external URLs on the various folders to the external name? Again do that as that information is written elsewhere that the clients will use.

SSL certificate support on Exchange 2007 is a real pig to get right, because of the way that Microsoft have implemented, plus changing it with SP1 for both Exchange and Outlook 2007. I have notes for a future article for my web site, but I am not writing anything on Exchange 2007 until SP1 is released (very soon now).

Simon.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 3

Author Comment

by:The_R0CK
Comment Utility
I have set the Outlook anywhere address to mail.123.com in Exchange. I have configured split-DNS so that mail.123.com resolves to the internal Exchange IP.

Under this configuration OWA work fine inside and outside (no certificate errors).

Outlook anywhere works fine outside (no certificate errors) however inside the office Outlook shows a certificate error stating that the server name does not match the certificate, saying the server name is mail.123.local (where the certificate is for mail.123.com). So I need somehow to get the server to offer mail.123.com when Outlook anywhere is used inside the office??
0
 
LVL 104

Accepted Solution

by:
Sembee earned 300 total points
Comment Utility
Very common problem.
The name that Outlook 2007 uses to connect to the server is stored in the domain. By default it will be the server's real name. You need to ensure that all URLs in Exchange, particularly around the web services, autodiscover etc are set to the external URL. I cannot be more specific than that at the moment as I am on site without Exchange 2007 and I have written the article on it myself yet. I usually use powergui (http://www.powergui.org/) to work with the SSL certificates and URLs, it is easier than Powershell itself.

Simon.
0
 
LVL 1

Expert Comment

by:Computer101
Comment Utility
Forced accept.

Computer101
EE Admin
0

Featured Post

Want to promote your upcoming event?

Is your company attending an event or exhibiting at a trade show soon? Are you speaking at a conference? Spread the word by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now