Solved

Exchange 2007 Certificate error

Posted on 2008-10-02
4
463 Views
Last Modified: 2012-05-05
I have an Exchange 2007, which for some reason, only recently, and only on Outlook 2007 clients, produces a warning on the client saying:

"The name on the security certificate is invalid or does not match the name of the site"

I have done lots of research on this but the solutions do not seem to relate to our situation.  If i view the certificate from the above error, it says "issued to WMSvc-Meteor", there is no mention of our server name, I am not sure where this cert is from???

Here is the configuration of virtual dirs on our server:

[PS] C:\Windows\System32>Get-ExchangeCertificate -domain "meteor.mydomain.co.uk" |
 fl


AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
                     ssControl.CryptoKeyAccessRule}
CertificateDomains : {Meteor, Meteor.mydomain.co.uk}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=Meteor
NotAfter           : 13/05/2009 13:14:26
NotBefore          : 13/05/2008 13:14:26
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 905F2AA9247DA89F4DD4C853CA73132D
Services           : IMAP, POP, SMTP
Status             : Valid
Subject            : CN=Meteor
Thumbprint         : 54412056B6F134615A926794BCF67824994063C8



[PS] C:\Windows\System32>Get-OABVirtualDirectory | fl


Name                          : OAB (Default Web Site)
PollInterval                  : 480
OfflineAddressBooks           : {}
RequireSSL                    : False
MetabasePath                  : IIS://Meteor.mydomain.co.uk/W3SVC/1/ROOT/OAB
Path                          : C:\Program Files\Microsoft\Exchange Server\Clie
                                ntAccess\OAB
Server                        : METEOR
InternalUrl                   : http://meteor.mydomain.co.uk/OAB
InternalAuthenticationMethods : {WindowsIntegrated}
ExternalUrl                   : http://mail.mydomain.com/OWA
ExternalAuthenticationMethods : {WindowsIntegrated}
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=OAB (Default Web Site),CN=HTTP,CN=Protocols,
                                CN=METEOR,CN=Servers,CN=Exchange Administrative
                                 Group (FYDIBOHF23SPDLT),CN=Administrative Grou
                                ps,CN=mydomain,CN=Microsoft Exchange,CN=Services,
                                CN=Configuration,DC=mydomain,DC=co,DC=uk
Identity                      : METEOR\OAB (Default Web Site)
Guid                          : 73b44c3a-b73c-4679-b361-bf88c9eb679b
ObjectCategory                : mydomain.co.uk/Configuration/Schema/ms-Exch-OAB-V
                                irtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchOABVirtualD
                                irectory}
WhenChanged                   : 30/08/2008 00:02:42
WhenCreated                   : 13/05/2008 13:16:25
OriginatingServer             : darkangel.mydomain.co.uk
IsValid                       : True



[PS] C:\Windows\System32>Get-UMVirtualDirectory | fl


Name                          : UnifiedMessaging (Default Web Site)
InternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
BasicAuthentication           : False
DigestAuthentication          : False
WindowsAuthentication         : True
MetabasePath                  : IIS://Meteor.mydomain.co.uk/W3SVC/1/ROOT/UnifiedM
                                essaging
Path                          : C:\Program Files\Microsoft\Exchange Server\Unif
                                iedMessaging\WebService
Server                        : METEOR
InternalUrl                   : https://meteor.mydomain.co.uk/UnifiedMessaging/Se
                                rvice.asmx
ExternalUrl                   : https://mail.mydomain.com/UnifiedMessaging/Servic
                                e.asmx
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=UnifiedMessaging (Default Web Site),CN=HTTP,
                                CN=Protocols,CN=METEOR,CN=Servers,CN=Exchange A
                                dministrative Group (FYDIBOHF23SPDLT),CN=Admini
                                strative Groups,CN=mydomain,CN=Microsoft Exchange
                                ,CN=Services,CN=Configuration,DC=mydomain,DC=co,D
                                C=uk
Identity                      : METEOR\UnifiedMessaging (Default Web Site)
Guid                          : 2b8e0e58-164b-4578-934c-8d052af5678f
ObjectCategory                : mydomain.co.uk/Configuration/Schema/ms-Exch-UM-Vi
                                rtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchUMVirtualDi
                                rectory}
WhenChanged                   : 30/08/2008 00:04:55
WhenCreated                   : 13/05/2008 13:16:30
OriginatingServer             : darkangel.mydomain.co.uk
IsValid                       : True



[PS] C:\Windows\System32>Get-WebServicesVirtualDirectory | fl


InternalNLBBypassUrl          : https://meteor.mydomain.co.uk/ews/exchange.asmx
Name                          : EWS (Default Web Site)
InternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
BasicAuthentication           : False
DigestAuthentication          : False
WindowsAuthentication         : True
MetabasePath                  : IIS://Meteor.mydomain.co.uk/W3SVC/1/ROOT/EWS
Path                          : C:\Program Files\Microsoft\Exchange Server\Clie
                                ntAccess\exchweb\EWS
Server                        : METEOR
InternalUrl                   : https://meteor.mydomain.co.uk/EWS/Exchange.asmx
ExternalUrl                   : https://mail.mydomain.com/EWS/Exchange.asmx
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=EWS (Default Web Site),CN=HTTP,CN=Protocols,
                                CN=METEOR,CN=Servers,CN=Exchange Administrative
                                 Group (FYDIBOHF23SPDLT),CN=Administrative Grou
                                ps,CN=mydomain,CN=Microsoft Exchange,CN=Services,
                                CN=Configuration,DC=mydomain,DC=co,DC=uk
Identity                      : METEOR\EWS (Default Web Site)
Guid                          : 7d7d3a87-7e01-47ea-af11-e1f90bf38d94
ObjectCategory                : mydomain.co.uk/Configuration/Schema/ms-Exch-Web-S
                                ervices-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchWebServices
                                VirtualDirectory}
WhenChanged                   : 30/08/2008 00:05:27
WhenCreated                   : 13/05/2008 13:16:34
OriginatingServer             : darkangel.mydomain.co.uk
IsValid                       : True

I dont want / need a 3rd party cert, I am happy to generate one internally if this will solve the issue.  Can anyone provide steps on how to proceed?

Many thanks.
0
Comment
Question by:RossEdwards
  • 2
4 Comments
 
LVL 1

Author Comment

by:RossEdwards
ID: 22622787
Just noticed, it looks like the Exchange server (meteor) is using some certificate issued by our CA server (darkangel) rather than its own pre-installed one as detailed when I run Get-ExchangeCertificate -domain "meteor.mydomain.co.uk". I guess I need to tell it to use this original cert???
0
 
LVL 6

Accepted Solution

by:
RemcovC earned 500 total points
ID: 22622908
The certificate error is normal in this case with exchange 2007 and Outlook 2007 (this error will not occur with Outlook 2003) because you use a privat certificate.

There are 2 ways to solve this problem
- Install a public trusted certificate
- Follow the procedure from this kb aticle: http://support.microsoft.com/kb/940726

Good luck,
Remco
0
 
LVL 1

Author Closing Comment

by:RossEdwards
ID: 31502317
Thanks for this input - this was resovled following the MS KB article provided.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
how to add IIS SMTP to handle application/Scanner relays into office 365.

939 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now