Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 578
  • Last Modified:

UCC in Exchange 2007

We have installed a UCC in our exchnage 2007 environment.  We are receiving an error when we run outlook 2007 internally we are getting a hostname mismatch error with the certificate.  You can click yes to accept the certificate and everything works, everything works externally as well.  This tells me that the cert is working for external url and external autodiscover and internal autodiscover.  I believe the problem is with the name of the Client Access Server, when I run the command Get-ClientAccessServer it reports a server name of "servername"  Our UCC does not have "servername" in it, it has "serername.domain.local"  Can anyone assist with determining if I am on the right track and if so can this be corrected without having to request another certificate, If I am way of base please lead in right direction
0
jtmoske
Asked:
jtmoske
  • 4
  • 3
  • 3
  • +1
2 Solutions
 
peakpeakCommented:
A certificate need to match to the last letter. You cannot have a cert with wildcards like goo* to match google and good and others. That's the purpose with certificates really. To verify you're on the right spot. Exactly.
0
 
MesthaCommented:
The certificate should have four names on it:

common name: mail.example.com
autodiscover: autodiscover.example.com
server FQDN: server.example.local
server NETBIOS: server

If you don't have those four in the certificate then it isn't suitable.
Depending on the provider of the certificate you may be able to get it reissued with the missing names.
Outlook internally will make calls to the server's real name.

If you are using UM then you MUST have a certificate with the server's NETBIOS name in it for UM to use.

Simon.
0
 
Narayan_singhCommented:
Follow this Article and set the URls correctly.

As you said you have "serername.domain.local" the internal URls should be like https://serername.domain.local/autodiscover/autodiscover.xml

Follow the article and set the internal urls for other services as well.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
jtmoskeAuthor Commented:
Your point makes sense, but I don't understand why cert providers are not showing netbios name as a requirement in there examples for exchange 2007 certs.  As well,I posted the very question about the need for the netbios name to experts-exchange and the response was only fqdn for internal was needed.  Of you are certain that is what we will do.
0
 
jtmoskeAuthor Commented:
Note to add we are not using um.  
0
 
MesthaCommented:
I can't explain why the certificate providers aren't showing the NETBIOS name in their examples - it is something that I have always stated and done.

My blog posting on the process is over 18 months old.
http://blog.sembee.co.uk/archive/2008/05/30/78.aspx

Simon.
0
 
Narayan_singhCommented:
There is no such compulsion about the domain names in certificate. you can have certificate without the netbios names.
Usually noone uses the netbios name as URL so not having netbios name in certificate would not cause any harm.
0
 
Narayan_singhCommented:
sorry missed posting article here it is :

support.microsoft.com/kb/940726
0
 
jtmoskeAuthor Commented:
I went through the knowledge base article, ran get commands on all, client access server, autodiscover, owa, oab, webservices, all show internal url/uri as servername.domain.local
Any ideas
0
 
MesthaCommented:
You need to run an autodiscover test to see what is being passed to Outlook. Hold down ctrl and right click on the Outlook icon in the system tray. Choose the option from the menu. You only need the first option selected in the box.

It will then run a test and show you what URLs are being returned.

Simon.
0
 
Narayan_singhCommented:
Whats update
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 4
  • 3
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now