Solved

Exchange 2007 Certificate Principal Mismatch (Best Practices Anlyzer)

Posted on 2007-12-05
2
3,138 Views
Last Modified: 2012-05-05
We are setting up a new Exchange 2007 server and are running into a warning during the Best Practices Analyzer. The certificate we have created is a Comodo Multi-domain certificate that contains 4 names.

mail.mydomain.com (because Outlook 2007 requires it to work properly from what we have understood.)
autodiscover.mydomain.com (what people will be connecting to from the outside)
MX01 (name of the mail server in the domain)
MX01.mydomain.com (name of the mail server in the domain FQDN)


The error we get in the Best Practices Analyzer is this:
----------------------------------------------------
Certificate Principal Mismatch
The principal for SSL certificate 'https://mydomain.com' does not appear to match the host address. Host address: mydomain.com. Principal: C=SE, PostalCode=11641, S=STOCKHOLM, L=STO, STREET=Mystreet, O=MyCompanyname, OU=Management, OU=COMODO Multi-Domain SSL, CN=MX01.mydomain.com.
-------------------------------------------------


The command we issued to create the certificate request was:
-------------------------------------------------
New-ExchangeCertificate -generaterequest -subjectname "dc=com,dc=mydomain,o=Domain Controllers,cn=mydomain.com" -domainname mail.mydomain.com, MX01, MX01.mydomain.com,autodiscover.mydomain.com -PrivateKeyExportable $true -path c:\certrequest_mx01.txt
-------------------------------------------------


The certificate we get back from Comodo installed fine and from what I've seen so far both OWA and our older Outlook 2003 clients connect without any certificate warnings. Despite this we can't get rid of the warning in the analyze tool. Any ideas why this is? We have recalled the certificate and tried setting different domains as the primare name but this didn't help (we tried both mail.mydomain.com and MX01.mydomain.com as the primary). This might be nothing but I would really like to make sure before we go live with the system.

Thanks!
0
Comment
Question by:Debugger_systems
2 Comments
 
LVL 2

Author Comment

by:Debugger_systems
ID: 20411010
> mail.mydomain.com (because Outlook 2007 requires it to work properly from what we have understood.)
> autodiscover.mydomain.com (what people will be connecting to from the outside)

Sorry, switched the explanations on those two. People will connect to "mail" and "autodiscover" is for Outlook 2006
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 20415267
BPA has been mentioning that error since version 1.0. I ignore it. No one has a certificate for domain.com - I don't know why Microsoft test for it.

Simon.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange Online Archive 2 56
Exchange 2013 not searching 9 35
By pass website on ASA for Websense 4 48
Exchange on iphone 16 40
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Find out what you should include to make the best professional email signature for your organization.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

943 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now