Solved

Outlook 2007 Prompts for acceptance of SSL certificate at Outlook startup

Posted on 2010-09-10
9
1,074 Views
Last Modified: 2012-05-10

Outlook 2007 clients connecting to internal Exchange server( are prompted to accept certificate with message "The name on the security certificate is invalid or does not match the name of the site."  The name on the certificate is that of our external URL for OWA.  The host name in use for the external url resolves to our public IP address and the host name internally resolves to the internal ip address of the server running Exchange 2007.

Once accepted Outlook works fine until the next restart when prompted again for the certificate.  We recently installed Exchange 2007 SP2 because of Outlook prompting for authentication, which helped but this prompt remains.

Additionally I can use hosts file entry pointing the external url to the internal ip address for exchange which resolves the prompting, however breaks out of office assistant.

Any assistance is greatly appreciated.  Thank you.
0
Comment
Question by:mrcannon
9 Comments
 
LVL 32

Accepted Solution

by:
endital1097 earned 250 total points
ID: 33646260
the name on your certificate is not what your web services urls are configured for
get the domain names on your certificate
Get-ExchangeCertificate | where { $_.Services.ToString().Contains("IIS") -eq $true } | ft Cert*

get the urls used by exchange web services
Get-WebServicesVirtualDirectory | fl *URL

get the autodiscover url
get-ClientAccessServer | fl *URI

get-outlookanywhere | fl extern*

your certificate domain names should cover all fqdn values you see, otherwise you need to update settings
0
 
LVL 7

Expert Comment

by:50cal
ID: 33646275
If your using it internally then it will be using the internal address of the server <Server>.<Domain>. Have you tried adding that address to the certificate?

50cal.
0
 
LVL 5

Expert Comment

by:ThrainSonOfTimor
ID: 33646519
"The host name in use for the external url resolves to our public IP address and the host name internally resolves to the internal ip address of the server running Exchange 2007."
So you use the same URL internal and external?
Are you using a self signed certificate?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 32

Expert Comment

by:endital1097
ID: 33646542
yes, it sounds like your certificate is not a SAN certificate an only contains the domain name for your external url
this causes the name mismatch error

you can look at this article that helps understand the requirements
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_3585-Exchange-Autodiscover-and-Web-Services-OOF-and-OAB.html
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33646578
please output the results of this
http:#33646260

So that we can verify your autodiscover settings are in order.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 33646920
You have obviously installed a certificate that only contains the external URL in its SANs that is why you are getting this prompt,

you have 2 solutions to this problem

1. rekey your certificate including servername.internaldomain.local in the SAN
2. create in your internal DNS your externaldomain.com and add manually records to resolve to your internal name

finally use this script http://www.exchangeninjas.com/set-allvdirs to make sure that all your external and internal URL are setup correctly this should solve your OOF issue
0
 
LVL 2

Assisted Solution

by:maz_ee
maz_ee earned 250 total points
ID: 33647372
Hello,

Plz, check this article,

Security warning when you start Outlook 2007 and then connect to a mailbox that is hosted on a server that is running Exchange Server 2007 or Exchange Server 2010: "The name of the security certificate is invalid or does not match the name of the site"
http://support.microsoft.com/kb/940726
0
 
LVL 19

Expert Comment

by:R--R
ID: 33649141
0
 
LVL 6

Author Closing Comment

by:mrcannon
ID: 33790156
Thank you for your assistance - issue resolved web update of web services urls
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you unable to connect or configure Hotmail email account in Microsoft Outlook 2010, 2007? Or Outlook.com emails are not downloading to Outlook? Lets’ see the problem and resolve Outlook Connector error syncing folder hierarchy (0x8004102A).
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question