Solved

Certificate error on Outlook 2007 with new Exchange 2007 server

Posted on 2009-05-04
6
536 Views
Last Modified: 2012-08-13
I just deployed a new Exchange 2007 server on a Windows 2008 platform. I have installed my SSL certificate from Verisign. When Outlook 2007 clients attach to the new server, they receive the following warning: "The name on the security certificate is invalid or does not match the name of the site."

Users can click through the warning and attach fine with Outlook 2007. Outlook users coming in with OWA or Outlook 2003 do not get this error.

I've researched and know my issue has something to do with not using a "SAN certificate", but I am under the impression I can get this fixed using my standard SSL certificate.

I currently have the SSL certificate issued to "mail.mydomain.org." My internal server name is MAIL01. If I reissue my SSL certificate and use a simple name of mail01.mydomain.org and change my external DNS to point mail01.mydomain.org correctly, do you think I can solve this error with Outloot 2007?

In the end the SSL certificate would be registered to mail01.mydomain.org, which is the internal name of my mail server. Outlook 2007 should no longer complain and give the warning would it? I then could just tell users who want to use OWA to go to https://mail01.mydomain.org.

Please let me know if my thinking is logical to fix this problem, or if there is something else I should do. I would like your feedback before I go and get a reissue from Verisign. Thanks.
0
Comment
Question by:EvilPeppard
6 Comments
 
LVL 2

Accepted Solution

by:
Debug-Exchange earned 500 total points
Comment Utility
i belive this might resolve your issue
http://support.microsoft.com/kb/940726
0
 

Expert Comment

by:JOWEN_NCRC
Comment Utility
First post so I'm not sure about the formatting.
Just bear with me.

I read all the articles and just could not get it right.  I threw in the towel and I spent the money for a support incident with M$ for this same issue.  

This is what I did with help from the Exchange Tech.  Keep in mind I want to eventually convert my Laptop users from VPN sync to Outlook via the web.

Added a SRV record for "AutoDiscover" to my External DNS.  http://support.microsoft.com/kb/940881

Then I followed the KB referenced in the post above. http://support.microsoft.com/kb/940726

The KB was a bit confusing for me so here is an example of the Exchange Management Shell commands.  



Set-ClientAccessServer -Identity internal-exchange-server-name -AutodiscoverServiceInternalUri https://owa.your-external-domain.com/autodiscover/autodiscover.xml 
 

Set-WebServicesVirtualDirectory -Identity "internal-exchange-server-name\EWS (Default Web Site)" -InternalUrl 
 

Set-OABVirtualDirectory -Identity "internal-exchange-server-name\oab (Default Web Site)" -InternalUrl https://owa.external-domain.com/oab
 

iisreset

Open in new window

0
 

Author Closing Comment

by:EvilPeppard
Comment Utility
This solution worked for me.

I was a little sketchy on where to add spaces in the commands, specifically around the (Default Web Site) sections, but once I did, the commands completed fine.

My error is now gone on internal Outlook 2007 clients and my external OWA all work with no warnings. I did not have to have my certificate reissued.

Thank you for the help.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 4

Expert Comment

by:aletjolly
Comment Utility
Hello,

The link: "http://technet.microsoft.com/en-us/library/bb332063.aspx" explains all about the Exchange 2007 Autodiscover.
You kinda have a single name Certificate and to resolve your issue there are like 4 scenario's which you can read through and implement the best which suits you.

Hope I have addressed your concerns
<>
0
 

Expert Comment

by:mariaworld
Comment Utility
I have the exact same scenario. I followed the instructions in: http://support.microsoft.com/kb/940726. Basically, I changed all internal URLs to my externally certified site: https://webmail.mypublicdomain.com. Once I completed those steps and restarted the AppPool, I closed and re-launched outlook on my machine and at startup it asked me for my username and password, and any combination thereof (ie. domain/username, just username, etc) would not log me into outlook.

Am I just impatient? Should I have waited longer for settings to take effect, or should I have restarted some other services?

For the time being, Id rather my users have the certificate error, than not be able to log on at all.

M

0
 

Expert Comment

by:mariaworld
Comment Utility
Sorry. Never mind. I reissued the commands per 940726, and now it works like a champ. I had cut and pasted them, so I know I didnt have a typo, but after re-entering them at the cmd shell, the certificate errors went away and i had no problems logging into outlook.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now