Outlook 2007 Prompts for acceptance of SSL certificate at Outlook startup


Outlook 2007 clients connecting to internal Exchange server( are prompted to accept certificate with message "The name on the security certificate is invalid or does not match the name of the site."  The name on the certificate is that of our external URL for OWA.  The host name in use for the external url resolves to our public IP address and the host name internally resolves to the internal ip address of the server running Exchange 2007.

Once accepted Outlook works fine until the next restart when prompted again for the certificate.  We recently installed Exchange 2007 SP2 because of Outlook prompting for authentication, which helped but this prompt remains.

Additionally I can use hosts file entry pointing the external url to the internal ip address for exchange which resolves the prompting, however breaks out of office assistant.

Any assistance is greatly appreciated.  Thank you.
LVL 6
mrcannonAsked:
Who is Participating?
 
endital1097Connect With a Mentor Commented:
the name on your certificate is not what your web services urls are configured for
get the domain names on your certificate
Get-ExchangeCertificate | where { $_.Services.ToString().Contains("IIS") -eq $true } | ft Cert*

get the urls used by exchange web services
Get-WebServicesVirtualDirectory | fl *URL

get the autodiscover url
get-ClientAccessServer | fl *URI

get-outlookanywhere | fl extern*

your certificate domain names should cover all fqdn values you see, otherwise you need to update settings
0
 
50calCommented:
If your using it internally then it will be using the internal address of the server <Server>.<Domain>. Have you tried adding that address to the certificate?

50cal.
0
 
ThrainSonOfTimorCommented:
"The host name in use for the external url resolves to our public IP address and the host name internally resolves to the internal ip address of the server running Exchange 2007."
So you use the same URL internal and external?
Are you using a self signed certificate?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
endital1097Commented:
yes, it sounds like your certificate is not a SAN certificate an only contains the domain name for your external url
this causes the name mismatch error

you can look at this article that helps understand the requirements
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_3585-Exchange-Autodiscover-and-Web-Services-OOF-and-OAB.html
0
 
sunnyc7Commented:
please output the results of this
http:#33646260

So that we can verify your autodiscover settings are in order.
0
 
AkhaterCommented:
You have obviously installed a certificate that only contains the external URL in its SANs that is why you are getting this prompt,

you have 2 solutions to this problem

1. rekey your certificate including servername.internaldomain.local in the SAN
2. create in your internal DNS your externaldomain.com and add manually records to resolve to your internal name

finally use this script http://www.exchangeninjas.com/set-allvdirs to make sure that all your external and internal URL are setup correctly this should solve your OOF issue
0
 
maz_eeConnect With a Mentor Commented:
Hello,

Plz, check this article,

Security warning when you start Outlook 2007 and then connect to a mailbox that is hosted on a server that is running Exchange Server 2007 or Exchange Server 2010: "The name of the security certificate is invalid or does not match the name of the site"
http://support.microsoft.com/kb/940726
0
 
mrcannonAuthor Commented:
Thank you for your assistance - issue resolved web update of web services urls
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.