Certificate Error in Outlook - Installed 3rd Party SSL Certificate

I recently setup an SBS 2008 Server. I purchased a UCC SSL certificate from godaddy so that users connecting to the Exchange server via outlook Web Access or their Windows Mobile/iPhone would not receive a certificate error. After importing the certificate OWA and Mobile devices could connect to the public address without a certificate warning however local users connecting to the exchange server using Outlook receive a security alert with an error message stating that "the name on the security certificate is invalid or does not match the name of the site". If you click yes to proceed outlook opens and functions correctly. However every time you reopen outlook you get prompted with the same security alert.

I looked at the Microsoft knowledge base article 940726 (www.support.microsoft.com/kb/940726) which describes my problem however when I try to execute step 3, 4 and 5 of the resolution I receive the following error "the operation could not be preformed because the object... could not be found on domain controller…
Who is Participating?
Shreedhar EtteConnect With a Mentor Commented:

SAN/UCC Certificate with the following names in is a must for Exchange 2007:
- autodiscover.domainname.com

- owa.domainname.com (the URL used for Outlook Web Access)

- remote.domainname.com (used in SBS 2008)

- servername.domainname.local (the internal FQDN of your Exchange Server)

- SERVERNAME (NETBIOS Name of your Server)

Hope this helps,
Suliman Abu KharroubIT Consultant Commented:
If you have a local CA, issue a local certificate to exchange server and make sure that clients connect to exchange using local name not public.
oetccAuthor Commented:
To clarify... I need to add the local domain name of the local network to the certificate. As an example: currently the certificate is issued to the domain owa.xyz.com. The local network domain name is xyz.local. Should I add xyz.local or sbssrv.xyz.local to the certificate? Where sbssrv is the name of the server?
WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

oetccAuthor Commented:
Do I need to create a new CSR request to add domains to my existing certificate?
Cliff GaliherCommented:
I humbly disagree with Shree here. You don't need all of those (and in many cases you can't get Godaddy to issue a certificate with just a Netbios name, for example) so the problem is with how your internal outlook clients are finding your server.
In short, I'd guess you need to re-run the IAMW so that the various LDAP, DNS, and other records get properly updated and autodiscover uses the same domain name internally as it does externally. Then, certificate issue solved because it will no longer be a mismatch.
Shreedhar EtteCommented:
Yes, you have too.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.