Avatar of clafhn
clafhn asked on

MS Exchange 2007, Entourage 2008 and security certificate errors

Hi everyone,

Have got so far from a whole lot of help from the EE community - but this one has me stumped, as most of the SSL guides are written for Windows Server 2003...

I was running Exchange on Windows SBS 2003 and have [almost] successfully migrated to Exchange 2007 on Windows Server 2008. The SBS server always used a self-signed certificate, but I decided to go and get a proper UCC SSL certificate from GoDaddy to make Exchange 2007 work properly. I am using Entourage 2008 on Macs to connect to the Exchange server.

My DNS setup is as follows:
SBS - srv2.domain.lan
Ex2007 - srv3.domain.lan
SBS - portal.domain.org
Ex2007 - exchange.domain.org

The UCC SSL certificate is registered to exchange.domain.org as the CN and then the following SANs:

When I start Entourage, I get the following certificate errors:
"Unable to establish a secure connection to srv2.domain.lan because the server name or IP address does not match the name or IP address on the server's certificate." AND
"Unable to establish a secure connection to domain.org because the server name or IP address does not match the name or IP address on the server's certificate."
(note - Entourage DOES connect, and OWA works fine)

1) why is it trying to reference SRV2 when the mailbox and Exchange should be running off SRV3?
2) why does it need to verify my root domain (domain.org) when SRV3 should be reachable at exchange.domain.org and srv3.domain.lan

Any thoughts anyone?

ExchangeOutlookSSL / HTTPS

Avatar of undefined
Last Comment

8/22/2022 - Mon

Just something to add into the mix: it's only when accessed through the internal DNS that I get the certificate errors. When accessing through the external DNS, everything seems to work fine!

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

I have used the self generated certificate scenario (Entourage connects internaly only).
Got the same error msg when feeding Entourage with anything other than the FQDN of the Exchage server...


also, if you dont already have it :-)  try the Entourage 2008 Web Services update (free from M$), it works with Exchange 2007 SP1 and later.

Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes