Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Troubleshooting
Research
Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

MS Exchange 2007, Entourage 2008 and security certificate errors

Avatar of clafhn
clafhn asked on
ExchangeOutlookSSL / HTTPS
4 Comments1 Solution1628 ViewsLast Modified:
Hi everyone,

Have got so far from a whole lot of help from the EE community - but this one has me stumped, as most of the SSL guides are written for Windows Server 2003...

I was running Exchange on Windows SBS 2003 and have [almost] successfully migrated to Exchange 2007 on Windows Server 2008. The SBS server always used a self-signed certificate, but I decided to go and get a proper UCC SSL certificate from GoDaddy to make Exchange 2007 work properly. I am using Entourage 2008 on Macs to connect to the Exchange server.

My DNS setup is as follows:
internal:
SBS - srv2.domain.lan
Ex2007 - srv3.domain.lan
external:
SBS - portal.domain.org
Ex2007 - exchange.domain.org

The UCC SSL certificate is registered to exchange.domain.org as the CN and then the following SANs:
autodiscover.domain.org
portal.domain.org
eesrv3.domain.lan
eesrv3

When I start Entourage, I get the following certificate errors:
"Unable to establish a secure connection to srv2.domain.lan because the server name or IP address does not match the name or IP address on the server's certificate." AND
"Unable to establish a secure connection to domain.org because the server name or IP address does not match the name or IP address on the server's certificate."
(note - Entourage DOES connect, and OWA works fine)

Questions:
1) why is it trying to reference SRV2 when the mailbox and Exchange should be running off SRV3?
2) why does it need to verify my root domain (domain.org) when SRV3 should be reachable at exchange.domain.org and srv3.domain.lan

Any thoughts anyone?

Thanks!
ASKER CERTIFIED SOLUTION
Avatar of Paranormastic
ParanormasticFlag of United States of America imageCryptographic Engineer

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Commented:
This problem has been solved!
Unlock 1 Answer and 4 Comments.
See Answers