Exchange 2007 SSL cert is not trusted

When my users open up outlook 2007 or 2010  i get the attached error message.

"Security Alert"
"Webmail.nwgmg.com
Information you exchagne with this site cannot be viewed or changed by other. However, there is a problem with the site's security certificate."

"X      The application experience and internal error loading the SSL libraries. This site should not be trusted.

If i manually configure outlook it works but i do get this error periodacly. This has been working find for almost a year and suddenly this starts. Any help would be greatly appreciated.

I am runing exchange 2007 and a SSL certificate from Go Daddy.

Thanks,

Ryan Burney
ssl-issue.jpg
rburneyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Shreedhar EtteCommented:
Hi,

Refer this article:
http://www.networknet.nl/apps/wp/archives/334

Hope this helps,
Shree
0
v_9mhdrfCommented:
Please also try test-outlookwebservices | fl and see the errors.
Probably you will get the errors in it, if yes then please paste them here so that we can further help you with. However you can go with the article of shree.... hope it helps you in..


Thanks.
0
rburneyAuthor Commented:
v 9mhdrf you are right... What should i do about this?

Id      : 1003
Type    : Information
Message : About to test AutoDiscover with the e-mail address Administrator@nwgm
          g.com.

Id      : 1007
Type    : Information
Message : Testing server NWGMG-MX.nwgmg.com with the published name https://web
          mail.nwgmg.com/ews/exchange.asmx & https://webmail.nwgmg.com/ews/exch
          ange.asmx.

Id      : 1019
Type    : Information
Message : Found a valid AutoDiscover service connection point. The AutoDiscover
           URL on this object is https://webmail.nwgmg.com/autodiscover/autodis
          cover.xml.

Id      : 1013
Type    : Error
Message : When contacting https://webmail.nwgmg.com/autodiscover/autodiscover.x
          ml received the error The remote server returned an error: (401) Unau
          thorized.

Id      : 1006
Type    : Error
Message : The Autodiscover service could not be contacted.
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

rburneyAuthor Commented:
when i hit the https://webmail.nwgmg.com/autodiscover/autodiscover.xml 

this is what i get...

<?xml version="1.0" encoding="utf-8" ?>
- <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
- <Response>
- <Error Time="14:32:36.5710266" Id="1218015928">
  <ErrorCode>600</ErrorCode>
  <Message>Invalid Request</Message>
  <DebugData />
  </Error>
  </Response>
  </Autodiscover>
0
cyberaCommented:
Seems like a DNS issue. Maybe you forgot to add the SRV record for Autodiscovery on your DNS. Follow the link below.

http://support.microsoft.com/kb/940881 
0
v_9mhdrfCommented:
After running test-outlookwebservices | fl and you got 1013 which says 401 Unauthorized, then you have to follow another article.

KB- 896861.
Set the registry value and reboot the server, and also please check the authentication on the IIS manager on the server.
Autodiscover:- Basic+Windows Integrated Authentication + SSL Enabled
EWS:- Windows Integrated Authentication + SSL not required
OAB:- Windows Integrated Authentication + SSL not required

And the one which you are showing after browsing the Autodiscover is a expected behaviour, we should get the following 600 error code, that is absolutely fine.
Please check the above settings and revert back if you have any issues.
0
Shreedhar EtteCommented:
Hi,

SAN/UCC Certificate with the following names in is a must for Exchange 2007:
- autodiscover.domainname.com

- owa.domainname.com (the URL used for Outlook Web Access)

- remote.domainname.com (used in SBS 2008)

- servername.domainname.local (the internal FQDN of your Exchange Server)

- SERVERNAME (NETBIOS Name of your Server)

and Observed that the certificate installed on the exchange does not contain all names.

Hence get the certificate with the mentioned names.

Hope this helps,
Shree
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Protocols

From novice to tech pro — start learning today.