Solved

Office 2007 Security certificate warning (certificate invalid or does not match.)

Posted on 2009-05-07
9
516 Views
Last Modified: 2012-05-06

  Recently upgraded one of my users pc's to MS office 2007. Now when he opens outlook he recieves a windows security box that states "The name on the security certificate is invalid or does not match the name on the site".  This is an Exchange 2007 Environment.
0
Comment
Question by:CJ27
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 65

Expert Comment

by:Mestha
ID: 24328351
Do you have a commercial certificate on your Exchange server?
It is probably autodiscover doing its thing.
Check whether autodiscover.example.com resolves internally to an external host (where example.com is the domain on the email address). That can cause this error.

Simon.
0
 

Author Comment

by:CJ27
ID: 24330310

  Could you please give me a little more detail in how to do this? I'm not an exchange expert, I just recently inherited it when another admin left the company.  Yes there is a commercial certificate on the Exchange server.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24330843
It has nothing to do with Exchange. It is name resolution.
You need to check where autodiscover.example.com resolves to inside the network. Ping will do that. If you ping autodiscover.example.com and get a response from an external IP address then that may well be your problem.

It usually caused by a wild card DNS entry in your DNS, pointing to your web site, which is probably hosting another SSL site.

Simon.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:CJ27
ID: 24336146
I tried to ping autodiscover.mydomainname.com and I'm getting "the ping request could not find host"  am I doing something wrong? could you please elaborate more. Also, Outlook owa is the only ssl site that is being hosted in our orginization.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24338676
Have you looked at the certificate that comes up? See what it is issued to?

Simon.
0
 

Expert Comment

by:pkftx_IT
ID: 24496481
In our case, the users who got this message were using "open these additional mailboxes" with a mailbox that no longer existed. The message was not widespread.

However, in researching this issue, I found this Microsoft knowledge base article: http://support.microsoft.com/kb/940726.
0
 

Expert Comment

by:pkftx_IT
ID: 24714829
In other cases, our users who had not been viewing additional mailboxes would not receive this prompt after we went to Send\Receive in Outlook 2007, Download Address Book.., choose Global Address List, and clicked Ok.
0
 

Author Comment

by:CJ27
ID: 25345738

"Have you looked at the certificate that comes up? See what it is issued to?"

Yes, the name is different which I suspect is the problem. But, How would I fix this?

0
 
LVL 65

Accepted Solution

by:
Mestha earned 250 total points
ID: 25349737
If the certificate hasn't been setup correctly then it can cause problems.
You need to verify
a - whether the certificate is the one installed on your server
b - whether the certificate is a single name or SAN/UC certificate.
To check the second object, browse to the site, then look at the certificate through IE. On the Details tab, look through the fields for a line "Subject Alternative Name". If that exists then it is a UC certificate. If it does not then it is a single name certificate.

SSL certificates are a major pain point for Exchange 2007 deployments at the best of times, so undoing a bad SSL certificate installation can be troublesome.

Simon.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
In-place Upgrading Dirsync to Azure AD Connect
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question