Outlook 2007 gives error "The name on the security certificate is invalid or does not match the name of the site" on Small Business Server 2003

I am having an issue with a client, one of the users is using Outlook 2007 and is receiving the "The name on the security certificate is invalid or does not match the name of the site" error message. This does not happen every time he opens Outlook, but I can force the error to appear by running the "Test E-Mail AutoConfiguration" test.

I have browsed some of the articles on technet, almost all of which are for SBS 2008. I'm not really sure how to aproach troubleshooting this issue, so I am looking for as close to a step-by-step guide as possible.

Thanks in advance for any insight,

James
LVL 3
Jm_saundersAsked:
Who is Participating?
 
Hilal1924Connect With a Mentor Commented:
Sorry this is the proper key
HKEY_Current_User\Software\Microsoft\Office\12.0\Outlook\AutoDiscover – REG_DWORD - ZeroConfigExchange – change the value to 0. (be Default it is 1)
Hilal
0
 
Hilal1924Commented:
Please confirm that your Certificate Installed on your CAS matches your Domain and Server Name. Here is the powershell command to do so. This is happening because Outlook client is trying to connect to CAS server and the CAS server does not have a proper certificate installed.

Get-ExchangeServerCertificate |fl *

Check what is the domain and see if it matches your domain and server name.

Hilal
0
 
Hilal1924Commented:
More Information is at this link:

http://technet.microsoft.com/en-us/library/aa995942.aspx

Hilal
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
Hilal1924Commented:
Hey I am Sorry, I just realized that you are using Exchange 2003 with Outlook 2007. Please do the following,
====>Open Outlook, go to Account Settings, Click on Change, More Settings -->Connection -- > Disable RPC/HTTPs (Outlook Anyhwere)

Many apologies for the overlooking your server type.

Hilal
0
 
Jm_saundersAuthor Commented:
Thank you for your comments, Hilal.

Once I have changed the connection settings so that RCP/HTTPS is disabled, what is the next step? I do not have physical access to this site, I have remote access to this user's computer which is one reason that I am having such trouble in figuring out the problem.
0
 
Hilal1924Commented:
Once you have disabled the RPC/HTTPS settings, The error will go away. But make sure that you have a valid certificate installed for Exchange 2003 in IIS.

Hilal
0
 
Jm_saundersAuthor Commented:
Thank you again, Hilal. I am really sorry, but I do not know how to check that the certificate is valid. Are you able to provide some guidance?
0
 
Hilal1924Commented:
Sure,

Go to you Exchange Server,
1.Open IIS console.
2.Right Click on the Default website and go to properties.
3.From there go to "Directory Security" tab and on that page there is a button which says "View Certificate" Click on that and you should see the certificate. (See Image For Reference)

Or

Go to you Exchange Server webmail address . e.g, http://mail.yourdomain.com/exchange

Once that loads it will tell you that the connection is encrypted. Depending on the browser that you are using you will have warning box near the address bar. with Certificate error. Click on the warning box and click on view certificate.

If you are using an older browser you might see a lock icon at the status bar of the browser.
IIS-Directory-Sec.jpg
0
 
Jm_saundersAuthor Commented:
Thank you for this information, Hilal. I have checked the certificate, and it is valid. It was issued by the internal server. When I check on Outlook Web Access, it does not give an error message about the certificate being invalid, so I assume that it is in the trusted root or something...

Anyway, I have asked the user to let me know when I can test disabling RPC/HTTPS on his Outlook client, so I will let you know if it works at that point. Thank you again for your assistance.
0
 
Hilal1924Commented:
It should definitely work since that is the only componet which will try to use a ssl certificate for communication.

Hilal
0
 
Jm_saundersAuthor Commented:
Thank you Hilal. My client has asked me to wait until Monday before allowing me access to his system to resolve this issue. I shall give feedback once this is done.

James
0
 
Hilal1924Commented:
Great, All the best :)

Hilal
0
 
Jm_saundersAuthor Commented:
Sorry, the client did not get back to me today to apply this fix. I shall contact him tomorrow and try to get it resolved.

James
0
 
Jm_saundersAuthor Commented:
I managed to get onto the client's computer today, and the option for RPC over HTTP was already unselected.

The certificate that is generating the error is autodiscover.<domain name>.co.uk, the error message states that "The name on the security certificate is invalid or does not match the name of the site".

Any ideas?

James
0
 
Jm_saundersAuthor Commented:
Anybody else have any ideas on what I can try to resolve this?

James
0
 
Jm_saundersAuthor Commented:
I am still having problems with this. Am I going about this all wrong?

James
0
 
Hilal1924Commented:
Why is it even looking for Autodiscover since this is a Exchange 2003 server. AutoDiscover services is a feature of Exchange 2007. Are you sure you exchange server is version 2003?
 
And I am really sorry i didn't get back to you. It somehow skipped my mailbox.
Hilal
0
 
Jm_saundersAuthor Commented:
I do not know why it is doing this; the server is running Small Business Server 2003. Here is a screenshot of the About Exchange System tab to show you the version of Exchange that is running. The client is running Office 2007 on Windows 7.
Exchange-version.jpg
0
 
Hilal1924Commented:
Hi J,
Looks like there is no easy way to disable to AutoDiscover fetaure in Outlook 2007. Microsoft in fact clearly says that this service can not be disabled. Here is what you need to do for a workaround:
Modify the following Registry Key:
HKEY_Current_User\Software\Microsoft\Office\12.0\Outlook\AutoConfiguration – REG_DWORD - UseSSL – change the value to 0. (be Default it is 1)
 
I have also included a Screenshot.
Hilal

RegKey.JPG
0
 
Jm_saundersAuthor Commented:
Thank you so much for getting back to me again, Hilal. I will try this solution when I next get a chance.

James
0
 
Jm_saundersAuthor Commented:
Apparently this is no longer happening, which means there is nothing to troubleshoot. Thank you for all of your help, Hilal!
0
All Courses

From novice to tech pro — start learning today.