andrewjones1987
asked on
Exchange 2010 Certificate Problem
I have purchased a certificate from GlobalSign, which works for owa internal link:
https://exchange1/owa but when the Outlook 2007 Client connects to my exchange 2010 server I get the certificate error that the name on the certificate does not match the name on the site.
I saw this post: https://www.experts-exchange.com/questions/26166895/Outlook-2010-getting-certificate-error-when-connecting-to-exchange.html
which is the same issue, bit I don't understand what I need to do to get it to work.
Can someone give me a hand please???
https://exchange1/owa but when the Outlook 2007 Client connects to my exchange 2010 server I get the certificate error that the name on the certificate does not match the name on the site.
I saw this post: https://www.experts-exchange.com/questions/26166895/Outlook-2010-getting-certificate-error-when-connecting-to-exchange.html
which is the same issue, bit I don't understand what I need to do to get it to work.
Can someone give me a hand please???
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Outlook Client: exchange1.ad.domain.org.uk
IIS: https://exchange1/owa or https://exchange1.ad.domain.org.uk
Certificate:
Contains - autodiscovery.domain.org.u k
mail.domain.org.uk
webmail.domain.org.uk
exchange1
localhost
I Understand about the certificate not containing the exchange1.ad.domain.org.uk , but how do I configure exchange clients (Outlook 2007) to use just exchange1 or even mail.domain.org.uk??? same as external???
IIS: https://exchange1/owa or https://exchange1.ad.domain.org.uk
Certificate:
Contains - autodiscovery.domain.org.u
mail.domain.org.uk
webmail.domain.org.uk
exchange1
localhost
I Understand about the certificate not containing the exchange1.ad.domain.org.uk
I'll go with woolnoir here, you need to add the external domain name on the certificate as f.e. "mail.contoso.com"
go into the account settings in outlook 2010 and for the server address for the account add the full domain name for the server as you registered in the certificate... i.e mail.domain.org.uk.
the distinction would be ( using my username )
I'd registered mail.woolnoir.org.uk and had a OWA server. My external clients would use https://mail.woolnoir.org.uk and would work fine. My internal clients would use only MAIL in their outlook server settings and it would fail... as MAIL isnt the FQDN in the SSL certificate... it has to be mail.woolnoir.org.uk for the server setting...
I'd registered mail.woolnoir.org.uk and had a OWA server. My external clients would use https://mail.woolnoir.org.uk and would work fine. My internal clients would use only MAIL in their outlook server settings and it would fail... as MAIL isnt the FQDN in the SSL certificate... it has to be mail.woolnoir.org.uk for the server setting...
Try just changing your outlook from exchange.ad.domain.org.uk to exchange.domain.org.uk.. thats a good first step.
ASKER
no, the only thing in outlook that will work is when I type exchange1 and then it adds exchange1.ad.domainname.or g.uk (ad.domainname.org.uk is my FQDN)
But you can go into the account settings preferences and changes that manually after you have configured the account ? I know it suggests the details but it shouldn't auto add them ? thats auto discovery happening but it should be manually tweak able ?
ASKER
No.....I select Manually configure and when I enter the Server name and my Username, it adds the last bit during the check name process as seen when I go back into the settings.
This article explains how to set the internal URL in Exchange 2007 (it also applies to Exchange 2010) http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/configuring-exchange-server-2007-web-services-urls.html
Setting the Internal URL to match your external URL it should resolve the issue.
Setting the Internal URL to match your external URL it should resolve the issue.
Open exchange mgmt console
server configuration
Client Access
select your server
-click properties, last tab Outlok Anywhere - fill in the external host name mail.domain.org.uk
-click ok
On tab Outlook Web App - click owa and click properties
there --> external url mail.domain.org.uk, click ok
on tab Exchange Activesync - click Microsoft-Server-ActiveSyn c, click properties
there --> external url mail.domain.org.uk, click ok
Point the external dns from mail.domain.org.uk to the right ip address
that should do the trick
server configuration
Client Access
select your server
-click properties, last tab Outlok Anywhere - fill in the external host name mail.domain.org.uk
-click ok
On tab Outlook Web App - click owa and click properties
there --> external url mail.domain.org.uk, click ok
on tab Exchange Activesync - click Microsoft-Server-ActiveSyn
there --> external url mail.domain.org.uk, click ok
Point the external dns from mail.domain.org.uk to the right ip address
that should do the trick
Any luck on this issue ?
If you use this server from Internet and from internal site under different hostnames you must make changes in your environment to be able not receive error messages. what name is on your certificate, what name is filled in Outlook in Exchange profile, what is in IIS config ?