Solved

Certificate error on Outlook 2007 with new Exchange 2007 server

Posted on 2009-05-04
6
537 Views
Last Modified: 2012-08-13
I just deployed a new Exchange 2007 server on a Windows 2008 platform. I have installed my SSL certificate from Verisign. When Outlook 2007 clients attach to the new server, they receive the following warning: "The name on the security certificate is invalid or does not match the name of the site."

Users can click through the warning and attach fine with Outlook 2007. Outlook users coming in with OWA or Outlook 2003 do not get this error.

I've researched and know my issue has something to do with not using a "SAN certificate", but I am under the impression I can get this fixed using my standard SSL certificate.

I currently have the SSL certificate issued to "mail.mydomain.org." My internal server name is MAIL01. If I reissue my SSL certificate and use a simple name of mail01.mydomain.org and change my external DNS to point mail01.mydomain.org correctly, do you think I can solve this error with Outloot 2007?

In the end the SSL certificate would be registered to mail01.mydomain.org, which is the internal name of my mail server. Outlook 2007 should no longer complain and give the warning would it? I then could just tell users who want to use OWA to go to https://mail01.mydomain.org.

Please let me know if my thinking is logical to fix this problem, or if there is something else I should do. I would like your feedback before I go and get a reissue from Verisign. Thanks.
0
Comment
Question by:EvilPeppard
6 Comments
 
LVL 2

Accepted Solution

by:
Debug-Exchange earned 500 total points
ID: 24296881
i belive this might resolve your issue
http://support.microsoft.com/kb/940726
0
 

Expert Comment

by:JOWEN_NCRC
ID: 24297215
First post so I'm not sure about the formatting.
Just bear with me.

I read all the articles and just could not get it right.  I threw in the towel and I spent the money for a support incident with M$ for this same issue.  

This is what I did with help from the Exchange Tech.  Keep in mind I want to eventually convert my Laptop users from VPN sync to Outlook via the web.

Added a SRV record for "AutoDiscover" to my External DNS.  http://support.microsoft.com/kb/940881

Then I followed the KB referenced in the post above. http://support.microsoft.com/kb/940726

The KB was a bit confusing for me so here is an example of the Exchange Management Shell commands.  



Set-ClientAccessServer -Identity internal-exchange-server-name -AutodiscoverServiceInternalUri https://owa.your-external-domain.com/autodiscover/autodiscover.xml 
 

Set-WebServicesVirtualDirectory -Identity "internal-exchange-server-name\EWS (Default Web Site)" -InternalUrl 
 

Set-OABVirtualDirectory -Identity "internal-exchange-server-name\oab (Default Web Site)" -InternalUrl https://owa.external-domain.com/oab
 

iisreset

Open in new window

0
 

Author Closing Comment

by:EvilPeppard
ID: 31577628
This solution worked for me.

I was a little sketchy on where to add spaces in the commands, specifically around the (Default Web Site) sections, but once I did, the commands completed fine.

My error is now gone on internal Outlook 2007 clients and my external OWA all work with no warnings. I did not have to have my certificate reissued.

Thank you for the help.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 4

Expert Comment

by:aletjolly
ID: 24297583
Hello,

The link: "http://technet.microsoft.com/en-us/library/bb332063.aspx" explains all about the Exchange 2007 Autodiscover.
You kinda have a single name Certificate and to resolve your issue there are like 4 scenario's which you can read through and implement the best which suits you.

Hope I have addressed your concerns
<>
0
 

Expert Comment

by:mariaworld
ID: 26096893
I have the exact same scenario. I followed the instructions in: http://support.microsoft.com/kb/940726. Basically, I changed all internal URLs to my externally certified site: https://webmail.mypublicdomain.com. Once I completed those steps and restarted the AppPool, I closed and re-launched outlook on my machine and at startup it asked me for my username and password, and any combination thereof (ie. domain/username, just username, etc) would not log me into outlook.

Am I just impatient? Should I have waited longer for settings to take effect, or should I have restarted some other services?

For the time being, Id rather my users have the certificate error, than not be able to log on at all.

M

0
 

Expert Comment

by:mariaworld
ID: 26097232
Sorry. Never mind. I reissued the commands per 940726, and now it works like a champ. I had cut and pasted them, so I know I didnt have a typo, but after re-entering them at the cmd shell, the certificate errors went away and i had no problems logging into outlook.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
This video discusses moving either the default database or any database to a new volume.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now