[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Outlook 2007 Prompts for acceptance of SSL certificate at Outlook startup

Posted on 2010-09-10
9
Medium Priority
?
1,082 Views
Last Modified: 2012-05-10

Outlook 2007 clients connecting to internal Exchange server( are prompted to accept certificate with message "The name on the security certificate is invalid or does not match the name of the site."  The name on the certificate is that of our external URL for OWA.  The host name in use for the external url resolves to our public IP address and the host name internally resolves to the internal ip address of the server running Exchange 2007.

Once accepted Outlook works fine until the next restart when prompted again for the certificate.  We recently installed Exchange 2007 SP2 because of Outlook prompting for authentication, which helped but this prompt remains.

Additionally I can use hosts file entry pointing the external url to the internal ip address for exchange which resolves the prompting, however breaks out of office assistant.

Any assistance is greatly appreciated.  Thank you.
0
Comment
Question by:mrcannon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 32

Accepted Solution

by:
endital1097 earned 1000 total points
ID: 33646260
the name on your certificate is not what your web services urls are configured for
get the domain names on your certificate
Get-ExchangeCertificate | where { $_.Services.ToString().Contains("IIS") -eq $true } | ft Cert*

get the urls used by exchange web services
Get-WebServicesVirtualDirectory | fl *URL

get the autodiscover url
get-ClientAccessServer | fl *URI

get-outlookanywhere | fl extern*

your certificate domain names should cover all fqdn values you see, otherwise you need to update settings
0
 
LVL 7

Expert Comment

by:50cal
ID: 33646275
If your using it internally then it will be using the internal address of the server <Server>.<Domain>. Have you tried adding that address to the certificate?

50cal.
0
 
LVL 5

Expert Comment

by:ThrainSonOfTimor
ID: 33646519
"The host name in use for the external url resolves to our public IP address and the host name internally resolves to the internal ip address of the server running Exchange 2007."
So you use the same URL internal and external?
Are you using a self signed certificate?
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 32

Expert Comment

by:endital1097
ID: 33646542
yes, it sounds like your certificate is not a SAN certificate an only contains the domain name for your external url
this causes the name mismatch error

you can look at this article that helps understand the requirements
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_3585-Exchange-Autodiscover-and-Web-Services-OOF-and-OAB.html
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33646578
please output the results of this
http:#33646260

So that we can verify your autodiscover settings are in order.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 33646920
You have obviously installed a certificate that only contains the external URL in its SANs that is why you are getting this prompt,

you have 2 solutions to this problem

1. rekey your certificate including servername.internaldomain.local in the SAN
2. create in your internal DNS your externaldomain.com and add manually records to resolve to your internal name

finally use this script http://www.exchangeninjas.com/set-allvdirs to make sure that all your external and internal URL are setup correctly this should solve your OOF issue
0
 
LVL 2

Assisted Solution

by:maz_ee
maz_ee earned 1000 total points
ID: 33647372
Hello,

Plz, check this article,

Security warning when you start Outlook 2007 and then connect to a mailbox that is hosted on a server that is running Exchange Server 2007 or Exchange Server 2010: "The name of the security certificate is invalid or does not match the name of the site"
http://support.microsoft.com/kb/940726
0
 
LVL 19

Expert Comment

by:R--R
ID: 33649141
0
 
LVL 6

Author Closing Comment

by:mrcannon
ID: 33790156
Thank you for your assistance - issue resolved web update of web services urls
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question