?
Solved

Outlook 2007 clients getting password + "invalid or does not match" cert error popups

Posted on 2009-12-16
12
Medium Priority
?
615 Views
Last Modified: 2012-05-08
Just setup a new SBS 2008, added 2 mail domains and after the 2nd one, the local outlook clients keep getting password nags that don't work and cert errors when you cancel the password nags. (outlook/exchange work fine once you skip the error screens)
"The name of the security certificate is invalid or does not match the name of the site"

This KB fits my symptoms exactly.
http://support.microsoft.com/default.aspx/kb/940726
but I can't complete step 3
"The operation could not be performed because object 'FS1\EWS (Default Web Site)' could not be found on domain controller.
I don't know what the correct syntax is for this step ?
Do I replace default web site with something and/or EWS ?
A 2nd server location (not connected to the 1st one) has phoned today with the same error appearing, its a plague :(  and i'm all googled out of options, my normal higher level tech support people are stumped)  

cert-error.jpg
0
Comment
Question by:Novahux
  • 7
  • 2
  • 2
  • +1
12 Comments
 
LVL 3

Expert Comment

by:McClane
ID: 26063808
First you need to setup autodiscover correctly to avoid problems with outlook 2007 or above. Autodiscover is used to find all necessary data alone. It depends on DNS and SSL.
0
 
LVL 20

Expert Comment

by:Rick Fee
ID: 26064058

The cert issue usually due to the cert set to IIS having a different namespace than what the virtual directories are set at in IIS.    Change the cmdlets below as the server name and exchange.ourcompany.com as the namespace of the cert you are using.  

Set-ClientAccessServer -Identity EXCHANGESERVERNAME -AutoDiscoverServiceInternalUri https://exchange.ourcompany.com/Autodiscover/Autodiscover.xml 

Set-WebServicesVirtualDirectory -Identity "EXCHANGESERVERNAME\EWS (Default Web Site)" -InternalURL https://exchange.ourcompany.com/EWS/Exchange.asmx -BasicAuthentication:$true

Set-OABVirtualDirectory -Identity "EXCHANGESERVERNAME\OAB (Default Web Site)" -InternalURL https://exchange.ourcompany.com/OAB 

Set-ActiveSyncVirtualDirectory -Identity "EXCHANGESERVERNAME\Microsoft-Server-ActiveSync (Default Web Site)" -ExternalURL https://exchange.ourcompany.com/Microsoft-Server-Activesync 
Reference:
http://www.shudnow.net/2007/08/10/outlook-2007-certificate-error/ 

0
 
LVL 65

Expert Comment

by:Mestha
ID: 26064681
Have you patched the server? There are reports of password prompts which are resolved by the latest rollup for Exchange 2007. You may have to approve it in updates.

Where does autodiscover.example.com resolve to?
If it does not resolve to your server, then that is the problem. Outlook makes calls to autodiscover at frequent intervals. You need to ensure that autodiscover.example.com either does not resolve (usually because there is a wildcard on the domain) or if it does resolve, it resolves to your server. However unless you have a SAN/UC certificate on the server with autodiscover.example.com as one of additional names, the prompts will continue.

Simon.
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
LVL 2

Author Comment

by:Novahux
ID: 26065463
re EndureKona:
Set-WebServicesVirtualDirectory -Identity "EXCHANGESERVERNAME\EWS (Default Web Site)" -InternalURL https://exchange.ourcompany.com/EWS/Exchange.asmx -BasicAuthentication:$true

This is where im getting stuck, I don't know the correct syntax for this command, I keep getting could not be found errors

Ive tried many variations, my exchange server is "FS1" my email/remote domain is "mail.abcdcompany.com.au" can you type up how it should be entered.

This
Set-ClientAccessServer -Identity EXCHANGESERVERNAME -AutoDiscoverServiceInternalUri https://exchange.ourcompany.com/Autodiscover/Autodiscover.xml 
Works ok with my server/domain information.
0
 
LVL 20

Expert Comment

by:Rick Fee
ID: 26065491
This should work:  
Set-WebServicesVirtualDirectory -Identity "FS1\EWS (Default Web Site)" -InternalURL https://mail.abcdcompany.com.au/EWS/Exchange.asmx -BasicAuthentication:$true
 
What happens if you run get-webservicesvirtualdirectory  ?   or get-webservicesvirtualdirectory | fl    any errors?      I wonder if this virtual directory is there.
0
 
LVL 2

Author Comment

by:Novahux
ID: 26091405
re: endure,
I still get " could not be found on domain controller" errors.

get-webservicesvirtualdirectory =
name/ EWS : Server/ FS1 : InternalUrl/https://mail.company.com.au/EWS/Exchange...
 
 get-webservicesvirtualdirectory | fl =
Lots of stuff (what should I be checking ? )
0
 
LVL 2

Author Comment

by:Novahux
ID: 26091688
After trying quite a few googled solutions, I have managed to kill owa and company web plus any access to "mail.company.com.au" remote site, internally and externally, and to top it off Ive still got the autodiscover pointing to a non existant cert giving errors.
Luckly pop3 still works,
This is what Ive done: removed all mail.company.com.au entries from IIS manager/server http://www.smallbizserver.net/Forums/tabid/53/aff/103/aft/111214/afv/topic/Default.aspx
and added a DNS entry
http://support.microsoft.com/kb/940881
0
 
LVL 2

Author Comment

by:Novahux
ID: 26091904
re-run the set internet address wizard and removed a 443 entry inthe default website that didnt belong there, now the mail.company.com.au RWW site works on the server, but not at the clients or remote connections.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 26092354
If this is SBS 2008, you shouldn't be changing things manually. Use the Fix my Network wizard to correct things.

Simon.
0
 
LVL 2

Author Comment

by:Novahux
ID: 26095326
re:Use the Fix my Network wizard to correct things.

At some point you have to give up on the fix wizard though :) you can't run it indeffinately hoping for the best. (though Ive tried).
I'm annoyed because I have payed out $300 to an IT company to fix the issues and they bailed.
0
 
LVL 2

Author Comment

by:Novahux
ID: 26096834
Installed  Exchange2007, Roll up 9 and the problem seems to be gone now.  (though I havent restarted the server as per the update final prompt). Internal companyweb + OWA is working on the workstations :), but not externally.
0
 
LVL 2

Accepted Solution

by:
Novahux earned 0 total points
ID: 26118261
Extra note: 2 other SBS 2008 servers started to exibit the same password repeat popups, Roll up 9 fixed the problem with them as well.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question