Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Certificate on Exchange 2007 OWA causes Security Alert in Outlook 2007

Posted on 2010-01-08
10
Medium Priority
?
592 Views
Last Modified: 2012-05-08
We installed a Network Solutions SSL security certificate to our Exchange Server in order to get rid of the security alert on our OWA connections, and achieved what we set out to do. As a result of the process, however, our Outlook clients now receive a Security Alert when opening Outlook 2007: "The name on the security certificate is invalid or does not match the name of the site." After clicking "Yes" a couple of times in order to proceed, we work fine in Outlook, but it is an extreme annoyance. Hwo do we fix it?
0
Comment
Question by:VillaVerdeAgua
  • 5
  • 2
  • 2
  • +1
10 Comments
 
LVL 74

Accepted Solution

by:
Glen Knight earned 501 total points
ID: 26209610
You need a SAN/UCC Certificate (http://www.godaddy.com) with the following names in:

autodiscover.domainname.com
owa.domainname.com (or whatever your OWA URL is)
servername.domainname.local (internal FQDN of your server)
SERVERNAME (NETBIOS name of your server)

You will also need to configure an A record for autodiscover to point to the same IP address as your webmail address in the DNS that controls your external domain name.
0
 
LVL 13

Assisted Solution

by:lastlostlast
lastlostlast earned 501 total points
ID: 26209672
Check MS KB http://support.microsoft.com/kb/940726

It is a know issue if you install a single name certificate on Exchange 2007. You will need to modify the Internal URL's for Autodiscover, EWS, OAB, UM...

Also make sure that the external URL that you have is resolvable in the Internal DNS.

Let us know how it goes.
0
 
LVL 20

Assisted Solution

by:Satya Pathak
Satya Pathak earned 498 total points
ID: 26210199
Unlike Outlook 2003, Outlook 2007 connects not only to your Client Access Server "external.company.com" but also connects to webservices running on your CAS for "Offline Addressbook, Availability Service and Unified Messaging"

Please go through.
http://www.pro-exchange.eu/modules.php?name=News&file=article&sid=345
http://www.folin.se/index.php/2008/09/04/outlook-2007-security-alert-the-name-of-the-security-certificate-is-invalid-or-does-not-match-the-name-of-the-site/michaelfolin
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 74

Expert Comment

by:Glen Knight
ID: 26210231
Please don't modify the internal URL, the correct way to do this is to gat a SAN/UCC certificate.

They are about $60 per year and it's not worth not doing it, it will cost you more than that in lost time trying to resolve all the issues.
0
 
LVL 13

Expert Comment

by:lastlostlast
ID: 26212403
It is not necessary to have a SAN/UCC certificate... If he has already made a purchase of the single name certificate why waste more $$ on SAN/UCC Certs??

I agree that with a single name certificate there is a little more administrative task but then it is a one-time configuration... We can always configure autodiscover using an SRV record in the Public DNS...
apart from that I don't think there are any other modifications to do...

Following 2 simple articles would be better than to waste extra $$$ on a SAN/UCC certificate.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26212505
There are very few public DNS that will allow you to or support the creation of SRV records.

For $60 a year it really is a no brainer. If you start changing settngs that shouldnt be changed you are then moving away from the "standard" and why would you want to?
0
 

Author Closing Comment

by:VillaVerdeAgua
ID: 31674513
These answers conflict with each other, but one (or both) is, or will, be the correct answer. Points mostly awarded for pointing us in the right direction. Detailed directions would have merited an A.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26295891
Perhaps if you had come back and advised what you were not sure about we could have helped you more?
0
 

Author Comment

by:VillaVerdeAgua
ID: 26296010
No complaints on this end, demazter. It's just that we haven't uncovered a real solution yet, in light of larger priorities to try your solutions out, and in also in light of EE's typical impatience to slam shut these highly technical Q&As in all haste. My comments were directed toward a "fuzziness" of the answers in relation to our circumstances (for example, telling us to purchase a certificate from one place when it was noted we already had one; or proposing we change our DNS provider, etc), besides it appearing to be unclear that there isn't some angle to correct this problem within Exchange itself. The solutions are good and sound, and are much appreciated.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26296056
Apologies that the comments from some of the other experts made things fuzzy, the first comment I provided was correct.

I merely stated your certificate needed to be a SAN/UCC certificate and gave an example of where to get this from because you didn't make it clear if you had one that was a SAN/UCC

It's all moot now anyway.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
This video discusses moving either the default database or any database to a new volume.
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question