Solved

Exchange 2007 Certificate error

Posted on 2008-10-02
4
469 Views
Last Modified: 2012-05-05
I have an Exchange 2007, which for some reason, only recently, and only on Outlook 2007 clients, produces a warning on the client saying:

"The name on the security certificate is invalid or does not match the name of the site"

I have done lots of research on this but the solutions do not seem to relate to our situation.  If i view the certificate from the above error, it says "issued to WMSvc-Meteor", there is no mention of our server name, I am not sure where this cert is from???

Here is the configuration of virtual dirs on our server:

[PS] C:\Windows\System32>Get-ExchangeCertificate -domain "meteor.mydomain.co.uk" |
 fl


AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
                     ssControl.CryptoKeyAccessRule}
CertificateDomains : {Meteor, Meteor.mydomain.co.uk}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=Meteor
NotAfter           : 13/05/2009 13:14:26
NotBefore          : 13/05/2008 13:14:26
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 905F2AA9247DA89F4DD4C853CA73132D
Services           : IMAP, POP, SMTP
Status             : Valid
Subject            : CN=Meteor
Thumbprint         : 54412056B6F134615A926794BCF67824994063C8



[PS] C:\Windows\System32>Get-OABVirtualDirectory | fl


Name                          : OAB (Default Web Site)
PollInterval                  : 480
OfflineAddressBooks           : {}
RequireSSL                    : False
MetabasePath                  : IIS://Meteor.mydomain.co.uk/W3SVC/1/ROOT/OAB
Path                          : C:\Program Files\Microsoft\Exchange Server\Clie
                                ntAccess\OAB
Server                        : METEOR
InternalUrl                   : http://meteor.mydomain.co.uk/OAB
InternalAuthenticationMethods : {WindowsIntegrated}
ExternalUrl                   : http://mail.mydomain.com/OWA
ExternalAuthenticationMethods : {WindowsIntegrated}
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=OAB (Default Web Site),CN=HTTP,CN=Protocols,
                                CN=METEOR,CN=Servers,CN=Exchange Administrative
                                 Group (FYDIBOHF23SPDLT),CN=Administrative Grou
                                ps,CN=mydomain,CN=Microsoft Exchange,CN=Services,
                                CN=Configuration,DC=mydomain,DC=co,DC=uk
Identity                      : METEOR\OAB (Default Web Site)
Guid                          : 73b44c3a-b73c-4679-b361-bf88c9eb679b
ObjectCategory                : mydomain.co.uk/Configuration/Schema/ms-Exch-OAB-V
                                irtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchOABVirtualD
                                irectory}
WhenChanged                   : 30/08/2008 00:02:42
WhenCreated                   : 13/05/2008 13:16:25
OriginatingServer             : darkangel.mydomain.co.uk
IsValid                       : True



[PS] C:\Windows\System32>Get-UMVirtualDirectory | fl


Name                          : UnifiedMessaging (Default Web Site)
InternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
BasicAuthentication           : False
DigestAuthentication          : False
WindowsAuthentication         : True
MetabasePath                  : IIS://Meteor.mydomain.co.uk/W3SVC/1/ROOT/UnifiedM
                                essaging
Path                          : C:\Program Files\Microsoft\Exchange Server\Unif
                                iedMessaging\WebService
Server                        : METEOR
InternalUrl                   : https://meteor.mydomain.co.uk/UnifiedMessaging/Se
                                rvice.asmx
ExternalUrl                   : https://mail.mydomain.com/UnifiedMessaging/Servic
                                e.asmx
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=UnifiedMessaging (Default Web Site),CN=HTTP,
                                CN=Protocols,CN=METEOR,CN=Servers,CN=Exchange A
                                dministrative Group (FYDIBOHF23SPDLT),CN=Admini
                                strative Groups,CN=mydomain,CN=Microsoft Exchange
                                ,CN=Services,CN=Configuration,DC=mydomain,DC=co,D
                                C=uk
Identity                      : METEOR\UnifiedMessaging (Default Web Site)
Guid                          : 2b8e0e58-164b-4578-934c-8d052af5678f
ObjectCategory                : mydomain.co.uk/Configuration/Schema/ms-Exch-UM-Vi
                                rtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchUMVirtualDi
                                rectory}
WhenChanged                   : 30/08/2008 00:04:55
WhenCreated                   : 13/05/2008 13:16:30
OriginatingServer             : darkangel.mydomain.co.uk
IsValid                       : True



[PS] C:\Windows\System32>Get-WebServicesVirtualDirectory | fl


InternalNLBBypassUrl          : https://meteor.mydomain.co.uk/ews/exchange.asmx
Name                          : EWS (Default Web Site)
InternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
BasicAuthentication           : False
DigestAuthentication          : False
WindowsAuthentication         : True
MetabasePath                  : IIS://Meteor.mydomain.co.uk/W3SVC/1/ROOT/EWS
Path                          : C:\Program Files\Microsoft\Exchange Server\Clie
                                ntAccess\exchweb\EWS
Server                        : METEOR
InternalUrl                   : https://meteor.mydomain.co.uk/EWS/Exchange.asmx
ExternalUrl                   : https://mail.mydomain.com/EWS/Exchange.asmx
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=EWS (Default Web Site),CN=HTTP,CN=Protocols,
                                CN=METEOR,CN=Servers,CN=Exchange Administrative
                                 Group (FYDIBOHF23SPDLT),CN=Administrative Grou
                                ps,CN=mydomain,CN=Microsoft Exchange,CN=Services,
                                CN=Configuration,DC=mydomain,DC=co,DC=uk
Identity                      : METEOR\EWS (Default Web Site)
Guid                          : 7d7d3a87-7e01-47ea-af11-e1f90bf38d94
ObjectCategory                : mydomain.co.uk/Configuration/Schema/ms-Exch-Web-S
                                ervices-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchWebServices
                                VirtualDirectory}
WhenChanged                   : 30/08/2008 00:05:27
WhenCreated                   : 13/05/2008 13:16:34
OriginatingServer             : darkangel.mydomain.co.uk
IsValid                       : True

I dont want / need a 3rd party cert, I am happy to generate one internally if this will solve the issue.  Can anyone provide steps on how to proceed?

Many thanks.
0
Comment
Question by:RossEdwards
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 1

Author Comment

by:RossEdwards
ID: 22622787
Just noticed, it looks like the Exchange server (meteor) is using some certificate issued by our CA server (darkangel) rather than its own pre-installed one as detailed when I run Get-ExchangeCertificate -domain "meteor.mydomain.co.uk". I guess I need to tell it to use this original cert???
0
 
LVL 6

Accepted Solution

by:
RemcovC earned 500 total points
ID: 22622908
The certificate error is normal in this case with exchange 2007 and Outlook 2007 (this error will not occur with Outlook 2003) because you use a privat certificate.

There are 2 ways to solve this problem
- Install a public trusted certificate
- Follow the procedure from this kb aticle: http://support.microsoft.com/kb/940726

Good luck,
Remco
0
 
LVL 1

Author Closing Comment

by:RossEdwards
ID: 31502317
Thanks for this input - this was resovled following the MS KB article provided.
0

Featured Post

Ready to trade in that old firewall?

Whether you need to trade-up to a shiny new Firebox or just ready to upgrade from whatever appliance you're using now, WatchGuard has the right appliance for you! Find your perfect Firebox today with appliance sizing tool!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses
Course of the Month6 days, 13 hours left to enroll

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question