?
Solved

Outlook 2007 Prompts for acceptance of SSL certificate at Outlook startup

Posted on 2010-09-10
9
Medium Priority
?
1,084 Views
Last Modified: 2012-05-10

Outlook 2007 clients connecting to internal Exchange server( are prompted to accept certificate with message "The name on the security certificate is invalid or does not match the name of the site."  The name on the certificate is that of our external URL for OWA.  The host name in use for the external url resolves to our public IP address and the host name internally resolves to the internal ip address of the server running Exchange 2007.

Once accepted Outlook works fine until the next restart when prompted again for the certificate.  We recently installed Exchange 2007 SP2 because of Outlook prompting for authentication, which helped but this prompt remains.

Additionally I can use hosts file entry pointing the external url to the internal ip address for exchange which resolves the prompting, however breaks out of office assistant.

Any assistance is greatly appreciated.  Thank you.
0
Comment
Question by:mrcannon
9 Comments
 
LVL 32

Accepted Solution

by:
endital1097 earned 1000 total points
ID: 33646260
the name on your certificate is not what your web services urls are configured for
get the domain names on your certificate
Get-ExchangeCertificate | where { $_.Services.ToString().Contains("IIS") -eq $true } | ft Cert*

get the urls used by exchange web services
Get-WebServicesVirtualDirectory | fl *URL

get the autodiscover url
get-ClientAccessServer | fl *URI

get-outlookanywhere | fl extern*

your certificate domain names should cover all fqdn values you see, otherwise you need to update settings
0
 
LVL 7

Expert Comment

by:50cal
ID: 33646275
If your using it internally then it will be using the internal address of the server <Server>.<Domain>. Have you tried adding that address to the certificate?

50cal.
0
 
LVL 5

Expert Comment

by:ThrainSonOfTimor
ID: 33646519
"The host name in use for the external url resolves to our public IP address and the host name internally resolves to the internal ip address of the server running Exchange 2007."
So you use the same URL internal and external?
Are you using a self signed certificate?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 32

Expert Comment

by:endital1097
ID: 33646542
yes, it sounds like your certificate is not a SAN certificate an only contains the domain name for your external url
this causes the name mismatch error

you can look at this article that helps understand the requirements
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_3585-Exchange-Autodiscover-and-Web-Services-OOF-and-OAB.html
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33646578
please output the results of this
http:#33646260

So that we can verify your autodiscover settings are in order.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 33646920
You have obviously installed a certificate that only contains the external URL in its SANs that is why you are getting this prompt,

you have 2 solutions to this problem

1. rekey your certificate including servername.internaldomain.local in the SAN
2. create in your internal DNS your externaldomain.com and add manually records to resolve to your internal name

finally use this script http://www.exchangeninjas.com/set-allvdirs to make sure that all your external and internal URL are setup correctly this should solve your OOF issue
0
 
LVL 2

Assisted Solution

by:maz_ee
maz_ee earned 1000 total points
ID: 33647372
Hello,

Plz, check this article,

Security warning when you start Outlook 2007 and then connect to a mailbox that is hosted on a server that is running Exchange Server 2007 or Exchange Server 2010: "The name of the security certificate is invalid or does not match the name of the site"
http://support.microsoft.com/kb/940726
0
 
LVL 19

Expert Comment

by:R--R
ID: 33649141
0
 
LVL 6

Author Closing Comment

by:mrcannon
ID: 33790156
Thank you for your assistance - issue resolved web update of web services urls
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have come across a situation where you need to find some EDB mailbox recovery techniques, then here you will find the same. In this article, we will take you through three techniques using which you will be able to perform EDB recovery. You …
There can be many situations demanding the conversion of Outlook OST files to PST format and as such, there is no shortage of automated tools to perform this conversion. However, what makes Stellar OST to PST converter stand above the rest? Let us e…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses
Course of the Month16 days, 23 hours left to enroll

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question