Link to home
Start Free TrialLog in
Avatar of Kacey Fern
Kacey FernFlag for United States of America

asked on

Certificate error with autodiscover.publicDomain.com

Greetings,

I read the posts on Outlook anywhere and have it working.  The problem is that when I log in, I get a Security alert:
Autodiscover.domain.com
the Name on the security certificate is invalid or does not match the name of the site.

I received a Comodo UCC certificate:
server.domain.com
mail.domain.com
autodiscover.domain.com

The internal and external domain are the same (.com) no Local.

I hit view certificate and then installed the certificate, still happens.  Do I have to copy it and install another way?  If so how on PC and Mac?
I use the server.domain.com as the https server in outlook.

On the Exchange box I imported the certificate using Exchange mgt console.
Also imported using IIS.

Any ideas what I have to do? to get rid of the security alert?

Thank you,
Kacey
Avatar of Paka
Paka

The common name on your certificate probably doesn't match the FQDN of your web site.  See:
http://searchexchange.techtarget.com/tip/0,289483,sid43_gci1270703,00.html
Run this command and what does "AutoDiscoverServiceInternalUri" show?

Get-ClientAccessServer -Identity CASServer | FL

Have a read of this webiste it helped me fix the same certificate problem.
http://www.shudnow.net/2007/08/10/outlook-2007-certificate-error/

You need to look at what URL the server is looking at. If you start Outlook 2007, then right click on the icon while holding down CTRL. You will then have an option to test Autodiscover. You can then test the autodiscover process and see which URL it is hitting. It doesn't just try autodiscover.domain.com, it could be triggered on something else.

Simon.
Avatar of Kacey Fern

ASKER

JimHendo,

When I put in the command: Get-ClientAccessServer -Identity CASServer | FL   I get an error:

the operation could not be performed because object 'casserver' could not be found on domain controller 'server.domain.com'.
At line1 car:23
+ Get-ClientAccess Server <<<< -Identity CAASServer |FL

I was able to enter the thumbprint of server.domain.com

Simon,

After I start outlook I right click on the Outlook Icon with CTL and nothing particular happens, just get the usual menu.  Can you be a bit more specific?  Maybe I'm missing something that I should know.
Thanks
Paka,

As stated, I have a UCC 3 names in the cert, one is: server.domain.com which is the FQDN.  Unless there is another trick I'm missing.  
Just to clarify, the problem is happening when I'm connecting from outside the local network.

Thanks,
ASKER CERTIFIED SOLUTION
Avatar of jimhendo
jimhendo

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I don't know how to be more specific. After starting Outlook you hold down CTRL and right click on the icon. You should get additional options of Connection Status and Test Email AutoConfiguration.

Simon.
Simon,

I figured it out, you mean the icon in the task manager.  There are a whole lot of icons out there, didn't know what you ment.  
When I did this and put in my e-mail and password,
Autoconfiguration was unable to determine your settings!
Jimhendo,

Was able to run all the commands per the document except enable outlookanywhrere, the error said it was already enabled, so it was probably redundant.
After a reboot of the server, the certificate error disappeared.  Outlook takes a little longer to connect, about 1.5min, but after that it works just fine.

By the way, if anyone reads this, CASServer should be replaced with the netbios of your server on all the commands.  Was a little confused at first.

I'll go in the office tomorrow morning, if all is well I'll close the question.

Thank you for your help.

Kacey
Just to clarify it needs to be replaced with the netbios name of your CASServer. You may have different roles on different servers.
Right...

Jimhendo,

Thanks for your help.  The error is gone.  I went to the office today and tried to connect a client using Entourage 2008 and I couldn't get it to work, but that is another issue.  
My best-
Kacey
Thanks again.