?
Solved

Security warning when you start Outlook 2007

Posted on 2009-12-30
27
Medium Priority
?
1,036 Views
Last Modified: 2012-05-08
Hi, i have just migrated my exchange 2003 (SBS) to Exchange 2007 (SBS)

Upon opening the outlook 2007 client, i have 2 prompt giving the certificate warning which indicate "The name of the security certificate is invalid or does not match the name of the site"
I have followed the Ms ariticle http://support.microsoft.com/kb/940726

Example my netbios name is SVR1, domain name is abc.com
On the Exchange management shell, i input

Set-ClientAccessServer -Identity SVR1 -AutodiscoverServiceInternalUri https://SVR1.ABC.com/autodiscover/autodiscover.xml 

the command successully enter but i have problem entering the next command in the exchange shell
Below is the example from the MS article

Set-WebServicesVirtualDirectory -Identity "CAS_Server_Name\EWS (Default Web Site)" -InternalUrl https://mail.contoso.com/ews/exchange.asmx

This is the exact command i entered
Set-WebServicesVirtualDirectory -Identity "SVR1\EWS (Default Web Site)" -InternalUrl https://SVR1.ABC.com/ews/exchange.asmx

The output error was
Set-WebServicesVirtualDirectory : The operation could not be performed because
object 'SVR1\EWS (Default Web Site)' could not be found on domain controller 'S
GCS03.sgc.local'.
At line:1 char:32


i guess there are some typo in the command like somewhere which i couldnt figure out. i also took out the "" signs and remove the words (Default Web Site)

Please kindly help












 
0
Comment
Question by:dnack
  • 14
  • 13
27 Comments
 
LVL 12

Expert Comment

by:Steven Wells
ID: 26152071
Try using the * as per this example




Set-WebServicesVirtualDirectory -Identity Contoso\EWS* InternalUrl https://contoso.internal.com/EWS/webservices.aspx

Open in new window

0
 
LVL 12

Expert Comment

by:Steven Wells
ID: 26152079
The article is here for more info.

http://technet.microsoft.com/en-us/library/aa997233(EXCHG.80).aspx

Not the error aspx vs asmx
Set-WebServicesVirtualDirectory -Identity SVR1\EWS\* -InternalUrl https://SVR1.ABC.com/ews/exchange.asmx

Open in new window

0
 
LVL 1

Author Comment

by:dnack
ID: 26152275
Hi Steven, thanks for the prompt reply. But the error is sitll the same.  


Welcome to the Exchange Management Shell!
.................
[PS] C:\Windows\System32>Set-WebServicesVirtualDirectory -Identity svr1\EWS* Int
ernalUrl https://SVR1.acb.com/EWS/webservices.aspx
Set-WebServicesVirtualDirectory : A parameter cannot be found that matches para
meter name 'InternalUrl'.
At line:1 char:32
+ Set-WebServicesVirtualDirectory  <<<< -Identity svr1\EWS* InternalUrl https:/
/SVR1.ABC.com/EWS/webservices.aspx
[PS] C:\Windows\System32>
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 12

Expert Comment

by:Steven Wells
ID: 26152337
You are missing the -  infront of the internalurl
0
 
LVL 12

Expert Comment

by:Steven Wells
ID: 26152340
The full command is

Set-WebServicesVirtualDirectory -Identity svr1\EWS* -Int
ernalUrl https://SVR1.acb.com/EWS/webservices.asmx
0
 
LVL 1

Author Comment

by:dnack
ID: 26152769
Hi Steven

the output is

WARNING: The command completed successfully but no settings of 'SGCS03\EWS (SBS
 Web Applications)' have been modified.

is that normal?

How about OABVirtualDirectory and UMVirtualDirectory ??






0
 
LVL 12

Expert Comment

by:Steven Wells
ID: 26152789
What happens when you run autodiscovery test from outlook 2007 now (after restarting iis on the server)

also,have a read through this article
http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/configuring-exchange-server-2007-web-services-urls.html

it explains what settings for the various urls.
0
 
LVL 1

Author Comment

by:dnack
ID: 26153384
Hi i am following the above article.

When i use the command

Get-WebServicesVirtualDirectory | Select name, *url* | fl

i got this

[PS] C:\Windows\System32>Get-WebServicesVirtualDirectory | Select name, *url* |
fl
Get-WebServicesVirtualDirectory : Unable to create Internet Information Service
s (IIS) directory entry. Error message is: Access is denied.
. HResult = -2147024891.
At line:1 char:32
+ Get-WebServicesVirtualDirectory  <<<< | Select name, *url* | fl
[PS] C:\Windows\System32>

i managed to changed the OAB on the exchange manage console
 as for the unifiedmessaging, when isseing command line,
 i got  

+ Get-WebServicesVirtualDirectory | sgcs03 <<<<
[PS] C:\Windows\System32>Set-UMVirtualDirectory -Identity: "<UM Virtual Director
y>" -InternalURL: https://SVR1.abc.com/UnfiiedMessaging/Service.asmx
Set-UMVirtualDirectory : The operation could not be performed because object '<
UM Virtual Directory>' could not be found on domain controller 'SVR1.abc.com'.
At line:1 char:23
+ Set-UMVirtualDirectory  <<<< -Identity: "<UM Virtual Directory>" -InternalURL
: https://SVR1.abc.com/UnfiiedMessaging/Service.asmx

is it because i execute the command under c:\windows\system32 ??

Thank you for your help

0
 
LVL 1

Author Comment

by:dnack
ID: 26153477
Sorry, the unifidmessaging command i issue should be below

[PS] C:\Windows\System32>Set-UMVirtualDirectory -Identity SVR1\UnifiedMessagin
g* -InternalUrl https://acr1.abc.coml/UnifiedMessaging/service.asmx
Set-UMVirtualDirectory : A failure occurred while trying to update metabase pro
perties.
At line:1 char:23
+ Set-UMVirtualDirectory  <<<< -Identity SVR1\UnifiedMessaging* -InternalUrl
https://svr1.abc.coml/UnifiedMessaging/service.asmx
0
 
LVL 12

Expert Comment

by:Steven Wells
ID: 26156384
Are you running using the exchange commandlet? and are you running as administrator?

You may not need to run this as outlook will only use the autodiscover asmx url.
0
 
LVL 12

Expert Comment

by:Steven Wells
ID: 26156403
If you dont' have unified messaging, you wont' need to run this:Set-UMVirtualDirectory -Identity
0
 
LVL 1

Author Comment

by:dnack
ID: 26156639
Hi Steven,
No i am not using unified messaging. But initially I have 2 warnning pop up. Now there is only one. So i guess this is the only left i have not configure. So i am wrong. Please see below email configuration test. Tell me if you can see anything wrong. Thanks

Test Enail AutoConfiguration

Autoconfiguration has started, this may take up to a minute
Autoconfiguration found the following settings:

Display Name: XXX

Protocol Exchange RPC
Server: SVR1.ABC.com
Login Name: XXX
Availability Service URL: https://svr1.abc.com/EWs/Webservices.asmx
OOF URL: https://svr1.abc.com/EWS/webservices.asmx
OAB URL: https://svr1.abc.com/OAB/83792cf6-5f0f-45b0-ac17-970bfbc3ac617/
Unfied Message Service URL: https://svr1.abc.com/UnifiedMessaging/service.asmx
Auth Package unspcified


Protocol: Exchanhe HTTP
Server: SVR1.abc.com
Login Name: xxx
SSL: Yes
Mutual Authentication: Yes
Availability Service URL: https://remote.abc.com/EWs/Exchange.asmx
OOF URL: https://remote.abc.com/EWS/Exchange.asmx
OAB URL: https://remote.abc.com/OAB/83792cf6-5f0f-45b0-ac17-970bfbc3ac617/
Unfied Message Service URL: https://remote.abc.com/UnifiedMessaging/service.asmx
Auth Package unspcified
Certificte Principal Name: msstd:SVR.abc.com

0
 
LVL 12

Expert Comment

by:Steven Wells
ID: 26156658
I think you are looking ok.

which certificate warning do you get now.

Does the certificate principal name match the internalurl?  

Is the certificate from a trusted root?

I notice you have the name remote.abc.com as your OAB and OOF, this may need to be svr1.abc.com. It's hard for me to fully understand your setup as your changing the names.

Can you post the log tab from the autodiscover?

I think we are getting close.

0
 
LVL 1

Author Comment

by:dnack
ID: 26156972
Hi Steven, thank for you  help. Actually i am using the default self sign certificate. But duno somehow during the creation, the ceriticate is created as remote.ABC.local instead of SVR1.abc.local


Log.jpg
0
 
LVL 1

Author Comment

by:dnack
ID: 26156973
Here the xml log
0
 
LVL 1

Author Comment

by:dnack
ID: 26156979
Cant manage to attached in the previous message. Retry
xml.jpg
0
 
LVL 12

Expert Comment

by:Steven Wells
ID: 26156997
If your certificate is self signed as remote.abc.local, then your internal URL should be the same.

I would create a certificate for the common name of
sgcs03.sgc.local

You can follow the instructions here to create a certificate

https://www.digicert.com/easy-csr/exchange2007.htm


or you can get exchange to generate a new one by following this site

http://technet.microsoft.com/en-us/library/aa995942.aspx


Once the certificate is imported, the certificiate warnings should go away, however, you are better of getting a publically signed certificate or else you will need to install the root certificate on each of your workstations.

These instructions should work and get you out of trouble.
The cause of your errors is because exchange created a certificate with a name that didn't match the internal url.
0
 
LVL 1

Author Comment

by:dnack
ID: 26157087
Hi Steven, initially, i have created a SVR.ABC.local certificate and imported to the client. But some how the exchange 2007 is publishing remote.abc.local to the client. Therefore even if the client got the SVR1.abc.local cert, the outlook 2007 still saying the the certificate (SVR1.abc.local) hostname is mismatch with the published one(remote.abc.com). That is why we are trying to change the name that the exchange server is publishing. i am not too sure by explanation is correct
cert.jpg
0
 
LVL 12

Expert Comment

by:Steven Wells
ID: 26157154
Ok,
Now we are getting some where.

Open up the exchange management shell and run the three commands in the box


(Double check my Identity bits )

after running the commands

Open IIS Manager.
Expand the local computer, and then expand Application Pools.
Right-click MSExchangeAutodiscoverAppPool, and then click Recycle.


Then open outlook and confirm the certificate warning has gone.
Set-ClientAccessServer -Identity sgcs03.sgc.local -AutodiscoverServiceInternalUrl https://sgcs03.sgc.local/autodiscover/autodiscover.xml




Set-WebServicesVirtualDirectory -Identity sgcs03.sgc.local\EWS\* -InternalUrl https://sgcs03.sgc.local/ews/exchange.asmx 





Set-OABVirtualDirectory -Identity sgcs03.sgc.local\oab\* -InternalUrl https://sgcs03.sgc.local/oab

Open in new window

0
 
LVL 1

Author Comment

by:dnack
ID: 26157187
Hi Steven,
my weakness is always scripting which i always take some time to figure out.
 i just cut and paste the command with some errros. Please see attached. Thank alot with your kind patience :)


Script.jpg
0
 
LVL 12

Expert Comment

by:Steven Wells
ID: 26157212
You may have to either create a new certificate or add a dns entry for the host name. It would be easier to follow the process to create a new certificate
0
 
LVL 1

Author Comment

by:dnack
ID: 26157220
dns entry... i should have though of that!! let me try ..
0
 
LVL 12

Expert Comment

by:Steven Wells
ID: 26157238
Ignore that post. I will try and copy and paste the correct code to try too.
0
 
LVL 12

Accepted Solution

by:
Steven Wells earned 2000 total points
ID: 26157241

Set-ClientAccessServer -Identity sgcs03.sgc.local -AutodiscoverServiceInternalUri https://sgcs03.sgc.local/autodiscover/autodiscover.xml 
 
 
 
 
Set-WebServicesVirtualDirectory -Identity sgcs03\EWS\* -InternalUrl https://sgcs03.sgc.local/ews/exchange.asmx  
 
 
 
 
 
Set-OABVirtualDirectory -Identity sgcs03\oab\* -InternalUrl https://sgcs03.sgc.local/oab

Open in new window

0
 
LVL 1

Author Comment

by:dnack
ID: 26157333
Hey Steven, i think it is working now... i really appreciated your help. Espeically during this holiday season and you can reply me so promptly even during the New Year Day. It is really a good start of the year and you really make my day. :)
0
 
LVL 1

Author Closing Comment

by:dnack
ID: 31671500
Brilliant Excellent Fantastic helpful
0
 
LVL 12

Expert Comment

by:Steven Wells
ID: 26157396
No problems! Enjoy your new year!
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question