Solved

Exchange 2007 Certificate error

Posted on 2008-10-02
4
462 Views
Last Modified: 2012-05-05
I have an Exchange 2007, which for some reason, only recently, and only on Outlook 2007 clients, produces a warning on the client saying:

"The name on the security certificate is invalid or does not match the name of the site"

I have done lots of research on this but the solutions do not seem to relate to our situation.  If i view the certificate from the above error, it says "issued to WMSvc-Meteor", there is no mention of our server name, I am not sure where this cert is from???

Here is the configuration of virtual dirs on our server:

[PS] C:\Windows\System32>Get-ExchangeCertificate -domain "meteor.mydomain.co.uk" |
 fl


AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
                     ssControl.CryptoKeyAccessRule}
CertificateDomains : {Meteor, Meteor.mydomain.co.uk}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=Meteor
NotAfter           : 13/05/2009 13:14:26
NotBefore          : 13/05/2008 13:14:26
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 905F2AA9247DA89F4DD4C853CA73132D
Services           : IMAP, POP, SMTP
Status             : Valid
Subject            : CN=Meteor
Thumbprint         : 54412056B6F134615A926794BCF67824994063C8



[PS] C:\Windows\System32>Get-OABVirtualDirectory | fl


Name                          : OAB (Default Web Site)
PollInterval                  : 480
OfflineAddressBooks           : {}
RequireSSL                    : False
MetabasePath                  : IIS://Meteor.mydomain.co.uk/W3SVC/1/ROOT/OAB
Path                          : C:\Program Files\Microsoft\Exchange Server\Clie
                                ntAccess\OAB
Server                        : METEOR
InternalUrl                   : http://meteor.mydomain.co.uk/OAB
InternalAuthenticationMethods : {WindowsIntegrated}
ExternalUrl                   : http://mail.mydomain.com/OWA
ExternalAuthenticationMethods : {WindowsIntegrated}
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=OAB (Default Web Site),CN=HTTP,CN=Protocols,
                                CN=METEOR,CN=Servers,CN=Exchange Administrative
                                 Group (FYDIBOHF23SPDLT),CN=Administrative Grou
                                ps,CN=mydomain,CN=Microsoft Exchange,CN=Services,
                                CN=Configuration,DC=mydomain,DC=co,DC=uk
Identity                      : METEOR\OAB (Default Web Site)
Guid                          : 73b44c3a-b73c-4679-b361-bf88c9eb679b
ObjectCategory                : mydomain.co.uk/Configuration/Schema/ms-Exch-OAB-V
                                irtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchOABVirtualD
                                irectory}
WhenChanged                   : 30/08/2008 00:02:42
WhenCreated                   : 13/05/2008 13:16:25
OriginatingServer             : darkangel.mydomain.co.uk
IsValid                       : True



[PS] C:\Windows\System32>Get-UMVirtualDirectory | fl


Name                          : UnifiedMessaging (Default Web Site)
InternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
BasicAuthentication           : False
DigestAuthentication          : False
WindowsAuthentication         : True
MetabasePath                  : IIS://Meteor.mydomain.co.uk/W3SVC/1/ROOT/UnifiedM
                                essaging
Path                          : C:\Program Files\Microsoft\Exchange Server\Unif
                                iedMessaging\WebService
Server                        : METEOR
InternalUrl                   : https://meteor.mydomain.co.uk/UnifiedMessaging/Se
                                rvice.asmx
ExternalUrl                   : https://mail.mydomain.com/UnifiedMessaging/Servic
                                e.asmx
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=UnifiedMessaging (Default Web Site),CN=HTTP,
                                CN=Protocols,CN=METEOR,CN=Servers,CN=Exchange A
                                dministrative Group (FYDIBOHF23SPDLT),CN=Admini
                                strative Groups,CN=mydomain,CN=Microsoft Exchange
                                ,CN=Services,CN=Configuration,DC=mydomain,DC=co,D
                                C=uk
Identity                      : METEOR\UnifiedMessaging (Default Web Site)
Guid                          : 2b8e0e58-164b-4578-934c-8d052af5678f
ObjectCategory                : mydomain.co.uk/Configuration/Schema/ms-Exch-UM-Vi
                                rtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchUMVirtualDi
                                rectory}
WhenChanged                   : 30/08/2008 00:04:55
WhenCreated                   : 13/05/2008 13:16:30
OriginatingServer             : darkangel.mydomain.co.uk
IsValid                       : True



[PS] C:\Windows\System32>Get-WebServicesVirtualDirectory | fl


InternalNLBBypassUrl          : https://meteor.mydomain.co.uk/ews/exchange.asmx
Name                          : EWS (Default Web Site)
InternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
BasicAuthentication           : False
DigestAuthentication          : False
WindowsAuthentication         : True
MetabasePath                  : IIS://Meteor.mydomain.co.uk/W3SVC/1/ROOT/EWS
Path                          : C:\Program Files\Microsoft\Exchange Server\Clie
                                ntAccess\exchweb\EWS
Server                        : METEOR
InternalUrl                   : https://meteor.mydomain.co.uk/EWS/Exchange.asmx
ExternalUrl                   : https://mail.mydomain.com/EWS/Exchange.asmx
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=EWS (Default Web Site),CN=HTTP,CN=Protocols,
                                CN=METEOR,CN=Servers,CN=Exchange Administrative
                                 Group (FYDIBOHF23SPDLT),CN=Administrative Grou
                                ps,CN=mydomain,CN=Microsoft Exchange,CN=Services,
                                CN=Configuration,DC=mydomain,DC=co,DC=uk
Identity                      : METEOR\EWS (Default Web Site)
Guid                          : 7d7d3a87-7e01-47ea-af11-e1f90bf38d94
ObjectCategory                : mydomain.co.uk/Configuration/Schema/ms-Exch-Web-S
                                ervices-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchWebServices
                                VirtualDirectory}
WhenChanged                   : 30/08/2008 00:05:27
WhenCreated                   : 13/05/2008 13:16:34
OriginatingServer             : darkangel.mydomain.co.uk
IsValid                       : True

I dont want / need a 3rd party cert, I am happy to generate one internally if this will solve the issue.  Can anyone provide steps on how to proceed?

Many thanks.
0
Comment
Question by:RossEdwards
  • 2
4 Comments
 
LVL 1

Author Comment

by:RossEdwards
Comment Utility
Just noticed, it looks like the Exchange server (meteor) is using some certificate issued by our CA server (darkangel) rather than its own pre-installed one as detailed when I run Get-ExchangeCertificate -domain "meteor.mydomain.co.uk". I guess I need to tell it to use this original cert???
0
 
LVL 6

Accepted Solution

by:
RemcovC earned 500 total points
Comment Utility
The certificate error is normal in this case with exchange 2007 and Outlook 2007 (this error will not occur with Outlook 2003) because you use a privat certificate.

There are 2 ways to solve this problem
- Install a public trusted certificate
- Follow the procedure from this kb aticle: http://support.microsoft.com/kb/940726

Good luck,
Remco
0
 
LVL 1

Author Closing Comment

by:RossEdwards
Comment Utility
Thanks for this input - this was resovled following the MS KB article provided.
0

Featured Post

Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
how to add IIS SMTP to handle application/Scanner relays into office 365.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now