Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Certificate for Exchange 2007 Mail/Hub Server

Posted on 2009-04-07
6
Medium Priority
?
682 Views
Last Modified: 2013-11-29
I have two exchange servers, one is a Mail/Hub server and the other is a CAS server.  The CAS server has a working UCC Certificate on it, we are having no problems.  I recently setup secure imap for our field offices to use and had to get secure smtp working for their outgoing mail.  We are currently in a mixed environement during migration and have 2 2003 servers up also.  I set a NAT rule in the firewall for any traffic coming in on port 587 (send connector already in place for smtp) to be pushed to the 2007 Mail/Hub server.  I can set it all up in thunderbird (or any other app) and point both incoming and outgoing to go to my CAS.  It all works well, except every time i send a message I get prompted with an error:

"You have attempted to establish a connection with "CAS Server".  However, the security certificate presented belongs to "Mail/Hub Server".  It is possible, though unlikely, that someone may be trying to intercept your communication with this website."

Then I can either cancel, hit ok, or view cert.  If I hit ok, it goes through, but prompts me for every send.  The only public facing cert is on the CAS, yet the error indicates the cert is on the mail/hub.  Is this a thunderbird issue, or is there some certificate work I can do to solve this?  Do I need a certificate for my mail/hub.  Do I need to add the Mail/Hub server as a SAN in the UCC?
0
Comment
Question by:Lucas Bruch
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 31

Assisted Solution

by:Paranormastic
Paranormastic earned 400 total points
ID: 24090952
Your UC cert should have at minimum:
servername (netbios name)
mail.domain.com
autodiscover.domain.com
autodiscover.domain.local

Is this the case?  If not, contact your cert vendor and see if you can get the UC cert reissued with the correct names - usually you can do this for free within 14 or 30 days, depending on the vendor.
0
 
LVL 1

Author Comment

by:Lucas Bruch
ID: 24091027
My UCC cert has:
servername
mail.domain.com
autodiscover.domain.com

I do not have the .local.  But I do not believe that this has anything to do with autodiscover portion.
0
 
LVL 31

Expert Comment

by:Paranormastic
ID: 24091844
yes, typo - last should be server.domain.local, but if that doesn't apply it doesn't really matter anyways I guess...

Take a look at this - see if it helps... skip ahead to the instructions and ignore the opening paragraph.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 31

Expert Comment

by:Paranormastic
ID: 24091845
0
 
LVL 1

Author Comment

by:Lucas Bruch
ID: 24435021
Well, I got a new UCC Cert with my mail server name on there and it appears to be working.
0
 
LVL 1

Accepted Solution

by:
Lucas Bruch earned 0 total points
ID: 24435043
I should note that the server i had to add was for my mail hub server, not my CAS.  If you are going to do secure smtp, be sure to have that in the ucc cert.
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question