Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Exchange 2007 Certificate error

Posted on 2008-10-02
4
466 Views
Last Modified: 2012-05-05
I have an Exchange 2007, which for some reason, only recently, and only on Outlook 2007 clients, produces a warning on the client saying:

"The name on the security certificate is invalid or does not match the name of the site"

I have done lots of research on this but the solutions do not seem to relate to our situation.  If i view the certificate from the above error, it says "issued to WMSvc-Meteor", there is no mention of our server name, I am not sure where this cert is from???

Here is the configuration of virtual dirs on our server:

[PS] C:\Windows\System32>Get-ExchangeCertificate -domain "meteor.mydomain.co.uk" |
 fl


AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
                     ssControl.CryptoKeyAccessRule}
CertificateDomains : {Meteor, Meteor.mydomain.co.uk}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=Meteor
NotAfter           : 13/05/2009 13:14:26
NotBefore          : 13/05/2008 13:14:26
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 905F2AA9247DA89F4DD4C853CA73132D
Services           : IMAP, POP, SMTP
Status             : Valid
Subject            : CN=Meteor
Thumbprint         : 54412056B6F134615A926794BCF67824994063C8



[PS] C:\Windows\System32>Get-OABVirtualDirectory | fl


Name                          : OAB (Default Web Site)
PollInterval                  : 480
OfflineAddressBooks           : {}
RequireSSL                    : False
MetabasePath                  : IIS://Meteor.mydomain.co.uk/W3SVC/1/ROOT/OAB
Path                          : C:\Program Files\Microsoft\Exchange Server\Clie
                                ntAccess\OAB
Server                        : METEOR
InternalUrl                   : http://meteor.mydomain.co.uk/OAB
InternalAuthenticationMethods : {WindowsIntegrated}
ExternalUrl                   : http://mail.mydomain.com/OWA
ExternalAuthenticationMethods : {WindowsIntegrated}
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=OAB (Default Web Site),CN=HTTP,CN=Protocols,
                                CN=METEOR,CN=Servers,CN=Exchange Administrative
                                 Group (FYDIBOHF23SPDLT),CN=Administrative Grou
                                ps,CN=mydomain,CN=Microsoft Exchange,CN=Services,
                                CN=Configuration,DC=mydomain,DC=co,DC=uk
Identity                      : METEOR\OAB (Default Web Site)
Guid                          : 73b44c3a-b73c-4679-b361-bf88c9eb679b
ObjectCategory                : mydomain.co.uk/Configuration/Schema/ms-Exch-OAB-V
                                irtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchOABVirtualD
                                irectory}
WhenChanged                   : 30/08/2008 00:02:42
WhenCreated                   : 13/05/2008 13:16:25
OriginatingServer             : darkangel.mydomain.co.uk
IsValid                       : True



[PS] C:\Windows\System32>Get-UMVirtualDirectory | fl


Name                          : UnifiedMessaging (Default Web Site)
InternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
BasicAuthentication           : False
DigestAuthentication          : False
WindowsAuthentication         : True
MetabasePath                  : IIS://Meteor.mydomain.co.uk/W3SVC/1/ROOT/UnifiedM
                                essaging
Path                          : C:\Program Files\Microsoft\Exchange Server\Unif
                                iedMessaging\WebService
Server                        : METEOR
InternalUrl                   : https://meteor.mydomain.co.uk/UnifiedMessaging/Se
                                rvice.asmx
ExternalUrl                   : https://mail.mydomain.com/UnifiedMessaging/Servic
                                e.asmx
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=UnifiedMessaging (Default Web Site),CN=HTTP,
                                CN=Protocols,CN=METEOR,CN=Servers,CN=Exchange A
                                dministrative Group (FYDIBOHF23SPDLT),CN=Admini
                                strative Groups,CN=mydomain,CN=Microsoft Exchange
                                ,CN=Services,CN=Configuration,DC=mydomain,DC=co,D
                                C=uk
Identity                      : METEOR\UnifiedMessaging (Default Web Site)
Guid                          : 2b8e0e58-164b-4578-934c-8d052af5678f
ObjectCategory                : mydomain.co.uk/Configuration/Schema/ms-Exch-UM-Vi
                                rtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchUMVirtualDi
                                rectory}
WhenChanged                   : 30/08/2008 00:04:55
WhenCreated                   : 13/05/2008 13:16:30
OriginatingServer             : darkangel.mydomain.co.uk
IsValid                       : True



[PS] C:\Windows\System32>Get-WebServicesVirtualDirectory | fl


InternalNLBBypassUrl          : https://meteor.mydomain.co.uk/ews/exchange.asmx
Name                          : EWS (Default Web Site)
InternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
BasicAuthentication           : False
DigestAuthentication          : False
WindowsAuthentication         : True
MetabasePath                  : IIS://Meteor.mydomain.co.uk/W3SVC/1/ROOT/EWS
Path                          : C:\Program Files\Microsoft\Exchange Server\Clie
                                ntAccess\exchweb\EWS
Server                        : METEOR
InternalUrl                   : https://meteor.mydomain.co.uk/EWS/Exchange.asmx
ExternalUrl                   : https://mail.mydomain.com/EWS/Exchange.asmx
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=EWS (Default Web Site),CN=HTTP,CN=Protocols,
                                CN=METEOR,CN=Servers,CN=Exchange Administrative
                                 Group (FYDIBOHF23SPDLT),CN=Administrative Grou
                                ps,CN=mydomain,CN=Microsoft Exchange,CN=Services,
                                CN=Configuration,DC=mydomain,DC=co,DC=uk
Identity                      : METEOR\EWS (Default Web Site)
Guid                          : 7d7d3a87-7e01-47ea-af11-e1f90bf38d94
ObjectCategory                : mydomain.co.uk/Configuration/Schema/ms-Exch-Web-S
                                ervices-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchWebServices
                                VirtualDirectory}
WhenChanged                   : 30/08/2008 00:05:27
WhenCreated                   : 13/05/2008 13:16:34
OriginatingServer             : darkangel.mydomain.co.uk
IsValid                       : True

I dont want / need a 3rd party cert, I am happy to generate one internally if this will solve the issue.  Can anyone provide steps on how to proceed?

Many thanks.
0
Comment
Question by:RossEdwards
  • 2
4 Comments
 
LVL 1

Author Comment

by:RossEdwards
ID: 22622787
Just noticed, it looks like the Exchange server (meteor) is using some certificate issued by our CA server (darkangel) rather than its own pre-installed one as detailed when I run Get-ExchangeCertificate -domain "meteor.mydomain.co.uk". I guess I need to tell it to use this original cert???
0
 
LVL 6

Accepted Solution

by:
RemcovC earned 500 total points
ID: 22622908
The certificate error is normal in this case with exchange 2007 and Outlook 2007 (this error will not occur with Outlook 2003) because you use a privat certificate.

There are 2 ways to solve this problem
- Install a public trusted certificate
- Follow the procedure from this kb aticle: http://support.microsoft.com/kb/940726

Good luck,
Remco
0
 
LVL 1

Author Closing Comment

by:RossEdwards
ID: 31502317
Thanks for this input - this was resovled following the MS KB article provided.
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Find out what you should include to make the best professional email signature for your organization.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question