• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 479
  • Last Modified:

Exchange 2007 Certificate error

I have an Exchange 2007, which for some reason, only recently, and only on Outlook 2007 clients, produces a warning on the client saying:

"The name on the security certificate is invalid or does not match the name of the site"

I have done lots of research on this but the solutions do not seem to relate to our situation.  If i view the certificate from the above error, it says "issued to WMSvc-Meteor", there is no mention of our server name, I am not sure where this cert is from???

Here is the configuration of virtual dirs on our server:

[PS] C:\Windows\System32>Get-ExchangeCertificate -domain "meteor.mydomain.co.uk" |
 fl


AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
                     ssControl.CryptoKeyAccessRule}
CertificateDomains : {Meteor, Meteor.mydomain.co.uk}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=Meteor
NotAfter           : 13/05/2009 13:14:26
NotBefore          : 13/05/2008 13:14:26
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 905F2AA9247DA89F4DD4C853CA73132D
Services           : IMAP, POP, SMTP
Status             : Valid
Subject            : CN=Meteor
Thumbprint         : 54412056B6F134615A926794BCF67824994063C8



[PS] C:\Windows\System32>Get-OABVirtualDirectory | fl


Name                          : OAB (Default Web Site)
PollInterval                  : 480
OfflineAddressBooks           : {}
RequireSSL                    : False
MetabasePath                  : IIS://Meteor.mydomain.co.uk/W3SVC/1/ROOT/OAB
Path                          : C:\Program Files\Microsoft\Exchange Server\Clie
                                ntAccess\OAB
Server                        : METEOR
InternalUrl                   : http://meteor.mydomain.co.uk/OAB
InternalAuthenticationMethods : {WindowsIntegrated}
ExternalUrl                   : http://mail.mydomain.com/OWA
ExternalAuthenticationMethods : {WindowsIntegrated}
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=OAB (Default Web Site),CN=HTTP,CN=Protocols,
                                CN=METEOR,CN=Servers,CN=Exchange Administrative
                                 Group (FYDIBOHF23SPDLT),CN=Administrative Grou
                                ps,CN=mydomain,CN=Microsoft Exchange,CN=Services,
                                CN=Configuration,DC=mydomain,DC=co,DC=uk
Identity                      : METEOR\OAB (Default Web Site)
Guid                          : 73b44c3a-b73c-4679-b361-bf88c9eb679b
ObjectCategory                : mydomain.co.uk/Configuration/Schema/ms-Exch-OAB-V
                                irtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchOABVirtualD
                                irectory}
WhenChanged                   : 30/08/2008 00:02:42
WhenCreated                   : 13/05/2008 13:16:25
OriginatingServer             : darkangel.mydomain.co.uk
IsValid                       : True



[PS] C:\Windows\System32>Get-UMVirtualDirectory | fl


Name                          : UnifiedMessaging (Default Web Site)
InternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
BasicAuthentication           : False
DigestAuthentication          : False
WindowsAuthentication         : True
MetabasePath                  : IIS://Meteor.mydomain.co.uk/W3SVC/1/ROOT/UnifiedM
                                essaging
Path                          : C:\Program Files\Microsoft\Exchange Server\Unif
                                iedMessaging\WebService
Server                        : METEOR
InternalUrl                   : https://meteor.mydomain.co.uk/UnifiedMessaging/Se
                                rvice.asmx
ExternalUrl                   : https://mail.mydomain.com/UnifiedMessaging/Servic
                                e.asmx
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=UnifiedMessaging (Default Web Site),CN=HTTP,
                                CN=Protocols,CN=METEOR,CN=Servers,CN=Exchange A
                                dministrative Group (FYDIBOHF23SPDLT),CN=Admini
                                strative Groups,CN=mydomain,CN=Microsoft Exchange
                                ,CN=Services,CN=Configuration,DC=mydomain,DC=co,D
                                C=uk
Identity                      : METEOR\UnifiedMessaging (Default Web Site)
Guid                          : 2b8e0e58-164b-4578-934c-8d052af5678f
ObjectCategory                : mydomain.co.uk/Configuration/Schema/ms-Exch-UM-Vi
                                rtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchUMVirtualDi
                                rectory}
WhenChanged                   : 30/08/2008 00:04:55
WhenCreated                   : 13/05/2008 13:16:30
OriginatingServer             : darkangel.mydomain.co.uk
IsValid                       : True



[PS] C:\Windows\System32>Get-WebServicesVirtualDirectory | fl


InternalNLBBypassUrl          : https://meteor.mydomain.co.uk/ews/exchange.asmx
Name                          : EWS (Default Web Site)
InternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
BasicAuthentication           : False
DigestAuthentication          : False
WindowsAuthentication         : True
MetabasePath                  : IIS://Meteor.mydomain.co.uk/W3SVC/1/ROOT/EWS
Path                          : C:\Program Files\Microsoft\Exchange Server\Clie
                                ntAccess\exchweb\EWS
Server                        : METEOR
InternalUrl                   : https://meteor.mydomain.co.uk/EWS/Exchange.asmx
ExternalUrl                   : https://mail.mydomain.com/EWS/Exchange.asmx
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=EWS (Default Web Site),CN=HTTP,CN=Protocols,
                                CN=METEOR,CN=Servers,CN=Exchange Administrative
                                 Group (FYDIBOHF23SPDLT),CN=Administrative Grou
                                ps,CN=mydomain,CN=Microsoft Exchange,CN=Services,
                                CN=Configuration,DC=mydomain,DC=co,DC=uk
Identity                      : METEOR\EWS (Default Web Site)
Guid                          : 7d7d3a87-7e01-47ea-af11-e1f90bf38d94
ObjectCategory                : mydomain.co.uk/Configuration/Schema/ms-Exch-Web-S
                                ervices-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchWebServices
                                VirtualDirectory}
WhenChanged                   : 30/08/2008 00:05:27
WhenCreated                   : 13/05/2008 13:16:34
OriginatingServer             : darkangel.mydomain.co.uk
IsValid                       : True

I dont want / need a 3rd party cert, I am happy to generate one internally if this will solve the issue.  Can anyone provide steps on how to proceed?

Many thanks.
0
Ross Edwards
Asked:
Ross Edwards
  • 2
1 Solution
 
Ross EdwardsTechnical DirectorAuthor Commented:
Just noticed, it looks like the Exchange server (meteor) is using some certificate issued by our CA server (darkangel) rather than its own pre-installed one as detailed when I run Get-ExchangeCertificate -domain "meteor.mydomain.co.uk". I guess I need to tell it to use this original cert???
0
 
RemcovCCommented:
The certificate error is normal in this case with exchange 2007 and Outlook 2007 (this error will not occur with Outlook 2003) because you use a privat certificate.

There are 2 ways to solve this problem
- Install a public trusted certificate
- Follow the procedure from this kb aticle: http://support.microsoft.com/kb/940726

Good luck,
Remco
0
 
Ross EdwardsTechnical DirectorAuthor Commented:
Thanks for this input - this was resovled following the MS KB article provided.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now