We help IT Professionals succeed at work.

MS Outlook 2007 receives certificate error when connecting to Server 2007

Mark Litin
Mark Litin used Ask the Experts™
on
Since migrating to Outlook 2007, a client is now getting the error "Name on the Security Certificate is Invalid or Does not Match..." now that I've connected them to their domain to share resources. The server is Windows Standard FE 2007 with Exchange.  I'm not a server admin, but am trying to support this group.  

My client's domain is schneiderstone.local, and the email they have set up is windycitylawgroup.com. I understand from postings that this is the rub.  The group is only usiung the windycitylawgroup.com account for email.  This account is being hosted by a third party ISP.

What can I do to solve their continual inconvenience?  Do I need need to purchase another certificate, or is there a way to get around this?  How-to reference would help here too, since as I said, I'm not an admin.

Thanks tons for your assist.

Mark
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:

The KB article -> http://support.microsoft.com/kb/940726 should resolve this issue.

Commented:
Just to add, you need to set the Autodiscover URL's to "windycitylawgroup.com" (For Eg: Autodiscover.windycitylawgroup.com) and also the certificate has to be issued to the domain "windycitylawgroup.com" as well.
Top Expert 2010
Commented:
Raghuv is right.
Please apply the suggestions in the above KB

After that -
Test your autodiscover here

http://www.testexchangeconnectivity.com/
Test outlook autodiscover
and Outlook Anywhere
Mark LitinOwner

Author

Commented:
Hi

An update here.

I think there is a condition that is complicating the setup described in the MS KB.

Th internet setup on the server is complicated by the fact that the server is serviced by to a router serving DHCP, and that cannot be changed.  Is this a show stopper?

Thanks

Mark
Mark LitinOwner

Author

Commented:
I was able to run the script to update the autoresponder, but all others failed with errors similar to the one attached.

EWS-Error.doc

Commented:
Run "Get-WebServicesVirtualdirectory | FL" and make a note of the Identity parameter and then use the same in the command you ran earlier
Top Expert 2010

Commented:
Mark
You wrote external web facing URL after -InternalURL

Can you run this and post results here.

http://www.testexchangeconnectivity.com/

Test outlook autodiscover
and Outlook Anywhere
Mark LitinOwner

Author

Commented:
I ran the autodiscover test and the results are posted below.

One possible thing to note is that I cannot run internet setup on this box as it is served by a router serving DHCP, although the server itself is a static IP.  I wonder if this is getting in the way.

      Connectivity Test Failed
 
Test Details
      Attempting to test Autodiscover for ben@windycitylawgroup.com
       Testing Autodiscover failed.
       
      Test Steps
       
      ExRCA is attempting each method of contacting the Autodiscover service.
       The Autodiscover service couldn't be contacted successfully by any method.
       
      Test Steps
       
      Attempting to test potential AutoDiscover URL https://windycitylawgroup.com/AutoDiscover/AutoDiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Test Steps
       
      Attempting to resolve the host name windycitylawgroup.com in DNS.
       Host successfully resolved
       
      Additional Details
       IP(s) returned: 174.143.147.71
      Testing TCP Port 443 on host windycitylawgroup.com to ensure it is listening and open.
       The port was opened successfully.
      ExRCA is testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
       
      Test Steps
       
      The certificate name is being validated.
       Certificate name validation failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       Host name windycitylawgroup.com does not match any name found on the server certificate CN=ns4.hishtadlus.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)09, OU=GT52322403, O=ns4.hishtadlus.com, C=US
      Attempting to test potential AutoDiscover URL https://autodiscover.windycitylawgroup.com/AutoDiscover/AutoDiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.windycitylawgroup.com in DNS.
       Host successfully resolved
       
      Additional Details
       IP(s) returned: 174.143.147.71
      Testing TCP Port 443 on host autodiscover.windycitylawgroup.com to ensure it is listening and open.
       The port was opened successfully.
      ExRCA is testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
       
      Test Steps
       
      The certificate name is being validated.
       Certificate name validation failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       Host name autodiscover.windycitylawgroup.com does not match any name found on the server certificate CN=ns4.hishtadlus.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)09, OU=GT52322403, O=ns4.hishtadlus.com, C=US
      ExRCA is attempting to contact the Autodiscover service using the HTTP redirect method.
       The attempt to contact Autodiscover using the HTTP Redirect method failed.
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.windycitylawgroup.com in DNS.
       Host successfully resolved
       
      Additional Details
       IP(s) returned: 174.143.147.71
      Testing TCP Port 80 on host autodiscover.windycitylawgroup.com to ensure it is listening and open.
       The port was opened successfully.
      Checking Host autodiscover.windycitylawgroup.com for an HTTP redirect to AutoDiscover
       ExRCA failed to get an HTTP redirect response for Autodiscover.
       
      Additional Details
       A Web Exception occurred because an HTTP 404 - NotFound response was received from Unknown
      ExRCA is attempting to contact the Autodiscover service using the DNS SRV redirect method.
       Failed to contact AutoDiscover using the DNS SRV redirect method.
       
      Test Steps
       
      Attempting to locate SRV record _autodiscover._tcp.windycitylawgroup.com in DNS.
       The Autodiscover SRV record wasn't found in DNS.
        Tell me more about this issue and how to resolve it


© 2010 Microsoft | Forum | Version 1.1 | Feedback | Privacy | Legal
Error
ExRCA has encountered an error.

The entire error report is listed below Show Report  Hide Report

Copy error details to clipboard
No Additional Error Details

Close
Confirm Password

Enter your password again. This can help prevent typos that cause invalid results.

Mark LitinOwner

Author

Commented:
I ran the Outlook anywhere test and below are the results.





      Connectivity Test Failed
 
Test Details
      ExRCA is testing RPC/HTTP connectivity.
       The RPC/HTTP test failed.
       
      Test Steps
       
      Attempting to test Autodiscover for ben@windycitylawgroup.com
       Testing Autodiscover failed.
       
      Test Steps
       
      ExRCA is attempting each method of contacting the Autodiscover service.
       The Autodiscover service couldn't be contacted successfully by any method.
       
      Test Steps
       
      Attempting to test potential AutoDiscover URL https://windycitylawgroup.com/AutoDiscover/AutoDiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Test Steps
       
      Attempting to resolve the host name windycitylawgroup.com in DNS.
       Host successfully resolved
       
      Additional Details
       IP(s) returned: 174.143.147.71
      Testing TCP Port 443 on host windycitylawgroup.com to ensure it is listening and open.
       The port was opened successfully.
      ExRCA is testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
       
      Test Steps
       
      The certificate name is being validated.
       Certificate name validation failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       Host name windycitylawgroup.com does not match any name found on the server certificate CN=ns4.hishtadlus.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)09, OU=GT52322403, O=ns4.hishtadlus.com, C=US
      Attempting to test potential AutoDiscover URL https://autodiscover.windycitylawgroup.com/AutoDiscover/AutoDiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.windycitylawgroup.com in DNS.
       Host successfully resolved
       
      Additional Details
       IP(s) returned: 174.143.147.71
      Testing TCP Port 443 on host autodiscover.windycitylawgroup.com to ensure it is listening and open.
       The port was opened successfully.
      ExRCA is testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
       
      Test Steps
       
      The certificate name is being validated.
       Certificate name validation failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       Host name autodiscover.windycitylawgroup.com does not match any name found on the server certificate CN=ns4.hishtadlus.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)09, OU=GT52322403, O=ns4.hishtadlus.com, C=US
      ExRCA is attempting to contact the Autodiscover service using the HTTP redirect method.
       The attempt to contact Autodiscover using the HTTP Redirect method failed.
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.windycitylawgroup.com in DNS.
       Host successfully resolved
       
      Additional Details
       IP(s) returned: 174.143.147.71
      Testing TCP Port 80 on host autodiscover.windycitylawgroup.com to ensure it is listening and open.
       The port was opened successfully.
      Checking Host autodiscover.windycitylawgroup.com for an HTTP redirect to AutoDiscover
       ExRCA failed to get an HTTP redirect response for Autodiscover.
       
      Additional Details
       A Web Exception occurred because an HTTP 404 - NotFound response was received from Unknown
      ExRCA is attempting to contact the Autodiscover service using the DNS SRV redirect method.
       Failed to contact AutoDiscover using the DNS SRV redirect method.
       
      Test Steps
       
      Attempting to locate SRV record _autodiscover._tcp.windycitylawgroup.com in DNS.
       The Autodiscover SRV record wasn't found in DNS.
        Tell me more about this issue and how to resolve it


© 2010 Microsoft | Forum | Version 1.1 | Feedback | Privacy | Legal
Error
Object reference not set to an instance of an object.

The entire error report is listed below Show Report  Hide Report

Copy error details to clipboard
Exception Details:
Message: Object reference not set to an instance of an object.
Type: System.NullReferenceException
Stack Trace:
at Microsoft.Exchange.Tools.ExRca.Website.CustomControls.TestResultTable.GetScriptDescriptors()
at System.Web.UI.ScriptControlManager.RegisterScriptDescriptors(IScriptControl scriptControl)
at System.Web.UI.ScriptControl.Render(HtmlTextWriter writer)
at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children)
at System.Web.UI.WebControls.TableCell.RenderContents(HtmlTextWriter writer)
at System.Web.UI.WebControls.WebControl.Render(HtmlTextWriter writer)
at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children)
at System.Web.UI.WebControls.WebControl.RenderContents(HtmlTextWriter writer)
at System.Web.UI.WebControls.WebControl.Render(HtmlTextWriter writer)
at System.Web.UI.WebControls.Table.RenderContents(HtmlTextWriter writer)
at System.Web.UI.WebControls.WebControl.Render(HtmlTextWriter writer)
at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children)
at System.Web.UI.WebControls.WebControl.RenderContents(HtmlTextWriter writer)
at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children)
at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children)
at System.Web.UI.WebControls.TableCell.RenderContents(HtmlTextWriter writer)
at System.Web.UI.WebControls.WebControl.Render(HtmlTextWriter writer)
at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children)
at System.Web.UI.WebControls.WebControl.RenderContents(HtmlTextWriter writer)
at System.Web.UI.WebControls.WebControl.Render(HtmlTextWriter writer)
at System.Web.UI.WebControls.Table.RenderContents(HtmlTextWriter writer)
at System.Web.UI.WebControls.WebControl.Render(HtmlTextWriter writer)
at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children)
at System.Web.UI.WebControls.WebControl.RenderContents(HtmlTextWriter writer)
at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children)
at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children)
at System.Web.UI.UpdatePanel.RenderChildren(HtmlTextWriter writer)
at System.Web.UI.UpdatePanel.Render(HtmlTextWriter writer)
at System.Web.UI.PageRequestManager.RenderFormCallback(HtmlTextWriter writer, Control containerControl)
at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children)
at System.Web.UI.HtmlControls.HtmlForm.RenderChildren(HtmlTextWriter writer)
at System.Web.UI.HtmlControls.HtmlForm.Render(HtmlTextWriter output)
at System.Web.UI.HtmlControls.HtmlForm.RenderControl(HtmlTextWriter writer)
at System.Web.UI.HtmlFormWrapper.System.Web.UI.IHtmlForm.RenderControl(HtmlTextWriter writer)
at System.Web.UI.PageRequestManager.RenderPageCallback(HtmlTextWriter writer, Control pageControl)
at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children)
at System.Web.UI.Page.Render(HtmlTextWriter writer)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

Close
Confirm Password

Enter your password again. This can help prevent typos that cause invalid results.

Top Expert 2010

Commented:
Ok. Mark
We have some work to do :-)

Let me go through the results and I will post back here..
Mark LitinOwner

Author

Commented:
Thanks for hanging with this.  

I appreciate your efforts.

Mark
Top Expert 2010

Commented:
Mark
For some reason I wrote a comment to this last night and didnt post it :-(. Dont know why I didnt click submit...here it is.

----
I think there are some issues in the way your A-records are setup on the webhost provider.
Reasons
Go here

http://www.windycitylawgroup.com/ - resolves
https://www.windycitylawgroup.com/ >> Goes to Plesk.
http://windycitylawgroup.com/ -> Goes to Plesk
https://windycitylawgroup.com/ -> Goes to Plesk

On exchange side these are a list of errors which we need to fix:
Create SRV records

Here are some links
http://blogs.technet.com/b/essentialbusinessserver/archive/2009/11/04/how-to-enable-exchange-2007-autodiscover-in-ebs-2008.aspx
http://support.microsoft.com/?kbid=940881

http://technet.microsoft.com/en-us/library/dd439398(EXCHG.80).aspx

============

Autodiscover tests failed
 Attempting to test potential AutoDiscover URL https://windycitylawgroup.com/AutoDiscover/AutoDiscover.xml
       Testing of this potential Autodiscover URL failed.
       

Certificate name mismatch
 Additional Details
       Host name windycitylawgroup.com does not match any name found on the server certificate CN=ns4.hishtadlus.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)09, OU=GT52322403, O=ns4.hishtadlus.com, C=US
      Attempting to test potential AutoDiscover URL https://autodiscover.windycitylawgroup.com/AutoDiscover/AutoDiscover.xml
       Testing of this potential Autodiscover URL failed.
       

 Attempting to resolve the host name autodiscover.windycitylawgroup.com in DNS.
       Host successfully resolved
       
      Additional Details
       IP(s) returned: 174.143.147.71

Additional Details
       A Web Exception occurred because an HTTP 404 - NotFound response was received from Unknown
Attempting to locate SRV record _autodiscover._tcp.windycitylawgroup.com in DNS.
       The Autodiscover SRV record wasn't found in DNS.

---

Mark LitinOwner

Author

Commented:
Hi Sunnyc7

Thanks for the info.  I assume plesk means nowhere.  Looks like there's not a wildcard version to resolve to, and not an SSL version. I'll be able to check on all  this later today and get back to you here.

Thank lots for the insights and observations.

Mark

Top Expert 2010

Commented:
plesk is the web based control panel which is used to administer the website.
In absence of proper records where you re-direct the following to appropriate places.

www

@

Go to your DNS settings and see where does the CNAME / A Records point to

You can copy paste the entries here.

thanks
Top Expert 2010

Commented:
Mark
hows this going ?
Let me know
Mark LitinOwner

Author

Commented:
Hi Sunnc7

I'm waiting on from my client.  Don't have their ISP's info yet to check the DNS settings.  It is possible that it won't be until Monday until they get back to me.  But I;ll follow up[ back here a soon as I can get in to check out.

Thanks for your follow up.

Mark
Top Expert 2010

Commented:
thats fine. have a good weekend
Mark LitinOwner

Author

Commented:
An update.

I've been having trouble in getting a response from the ISP hosting their email. I'll escalate and heat it up now.

Thanks for your patience.

Mark
Top Expert 2010

Commented:
thanks mark. no problem.
Mark LitinOwner

Author

Commented:
Hi sunnyc7

At long last, the ISP has provided the dns settings, and here they are:


*.webmail.windycitylawgroup.com.      CNAME      windycitylawgroup.com.
*.windycitylawgroup.com.      CNAME      windycitylawgroup.com.
ftp.windycitylawgroup.com.      CNAME      windycitylawgroup.com.
mail.windycitylawgroup.com.      A      174.143.147.71
smtp2.windycitylawgroup.com.      A      174.143.148.17
webmail.windycitylawgroup.com.      A      174.143.147.71
windycitylawgroup.com.      NS      ns1.mapletime.com.
windycitylawgroup.com.      NS      ns2.mapletime.com.
windycitylawgroup.com.      A      174.143.147.71
windycitylawgroup.com.      MX (10)      windycitylawgroup.com.pri-mx.smtproutes.com.
windycitylawgroup.com.      MX (20)      windycitylawgroup.com.bak-mx.smtproutes.com.
windycitylawgroup.com.      TXT      v=spf1 a include:smtpout.com include:google.com include:cv.net include:verizon.net -all
www.windycitylawgroup.com.      A      174.143.147.71


I hope this will suffice from the ISP.  Please advise of anything else we need.

Thanks

Mark
Mark LitinOwner

Author

Commented:
Hi Sunnyc7,

I do greatly appreciate your efforts, and hope the info I've provided above  is satisfactory.

Do you need anything else now?

Please advise, and I'll act accordingly.

Thanks

Mark
Top Expert 2010

Commented:
Mark
Give me sometime to figure this out. Sorry for not responding earlier..
Top Expert 2010

Commented:
Mark
did you create SRV records as per my post http:#33169981

Also
Can you ask your DNS guys to change your SPF records to this:

v=spf1 MX:windycitylawgroup.com include:mail.windycitylawgroup.com ~all
Mark LitinOwner

Author

Commented:
Hi Sunnyc7

Thanks for the posts.

I was treading water waiting for the info from ISP.  But I'll make moves to update the SRV, tomorrow when I'm at the server, and request the SPF record be changed per your post.

I'll let you know when it's done.

Thanks for checking in and reengaging (really)

Mark
Top Expert 2010

Commented:
Mark
I am here -- if I am not responding then usually I am pulled into some other case @ EE.
Drop me a line - I get an alert and i will reply back.

if I am inactive - just drop a hello @ in this case and I will reply.

thanks for your patience once again :-)
Mark LitinOwner

Author

Commented:
Hi

Had to take my eye off the ball today with another uber emergency.

In the mean time, I received this from the ISP after requesting the SPF changes.  If this isn't sufficient, Is there anything I you can suggest that I can say to get the exact changes done that we need?

Will follow back with this later this evening.

Thanks

Mark.

Top Expert 2010

Commented:
let me know what you received from ISP ?
Mark LitinOwner

Author

Commented:
Whoops

Here goes

The 'a' part of the current record already covers mail.windycitylawgroup.com, but I added 'mx' and changed '-all' to '~all', which probably is the main change you need for now.

Thanks

Mark
Mark LitinOwner

Author

Commented:
The root problem and disabler was the strange network arrangement in the office where this is installed, which in SBS 2008 would not tolerate a shared network.   The customer has accepted the mild inconvenience of accepting the warning.

Thanks for your efforts.