Solved

A certification error when open MS Outlook

Posted on 2009-07-10
5
248 Views
Last Modified: 2012-05-07
This is a newly-installed MS Exchange 2007 server, that was migrated from Exchange 2003. All Outlook also upgraded from 2003 to 2007. Whenever user open the MS Outlook, he/her will see a certificate error. Even if the user select to import the cert, same error will still prompt subsequently.
All the outlook are configured to use Exchange Cache mode in RPC. Any suggestion is welcome.
0
Comment
Question by:Balack
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 20

Accepted Solution

by:
EndureKona earned 100 total points
ID: 24820943
Yes this is due to your virtual directories being different that the cert.    

EXCHANGESERVERNAME = Exchange 2007 Server name

exchange.ourcompany.com = whatever your cert is set for on OWA

The Cmdlet fix:

Set-ClientAccessServer -Identity EXCHANGESERVERNAME -AutoDiscoverServiceInternalUri https://exchange.ourcompany.com/Autodiscover/Autodiscover.xml

Set-WebServicesVirtualDirectory -Identity "EXCHANGESERVERNAME\EWS (Default Web Site)" -InternalURL https://exchange.ourcompany.com/EWS/Exchange.asmx -BasicAuthentication:$true

Set-OABVirtualDirectory -Identity "EXCHANGESERVERNAME\OAB (Default Web Site)" -InternalURL https://exchange.ourcompany.com/OAB

Set-ActiveSyncVirtualDirectory -Identity "EXCHANGESERVERNAME\Microsoft-Server-ActiveSync (Default Web Site)" -ExternalURL https://exchange.ourcompany.com/Microsoft-Server-Activesync 


0
 
LVL 13

Assisted Solution

by:lastlostlast
lastlostlast earned 100 total points
ID: 24821586
what is the certificate when you click on view certificate option in the certificate error?

By defauult for your internal clients to connect with Exchange Server, they will connect using the URL set in SCP. Default is https://FQDN/autodiscover/autodiscover.xml

If you are using a single name certificate in the IIS, then you will need to modify the SCP URL as mentioned above.

You can go through KB 940726 for more details.
0
 
LVL 65

Assisted Solution

by:Mestha
Mestha earned 100 total points
ID: 24821695
Ideally you need to change the self generated certificate that Exchange 2007 installs for a commercial SAN/UC certificate. That will allow you to use all of the Exchange 2007 features without certificate prompts.

I have outlined what needs to be done on my web site here:
http://blog.sembee.co.uk/archive/2008/05/30/78.aspx

Simon.
0
 
LVL 7

Assisted Solution

by:aslamsurve
aslamsurve earned 100 total points
ID: 24821979
Check the following......
Warning message when you start Outlook 2007 and then connect to a mailbox that is hosted on an Exchange 2007-based server: "The name of the security certificate is invalid or does not match the name of the site"
http://support.microsoft.com/kb/940726
0
 
LVL 1

Assisted Solution

by:canuc0
canuc0 earned 100 total points
ID: 24822234
Exchange 2007 assigns a self-signed certificate which is valid for a year. As you haven't installed this a year ago, and have recently done a migration, it's most likely an issue with IIS running on the Exchange server.

You can also get some information about your Outlook connectivity by ctrl and right-clicking the Outlook icon in the system tray.

If you use external connectivity, such as OWA, go with Mestha's recommendation of a SAN certificate - it will save you a lot of heartache, both for internal and external issues with certs.
Hope this is helpful,
canuc0
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses
Course of the Month3 days, 19 hours left to enroll

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question