Solved

Outlook 2007 Prompts for acceptance of SSL certificate at Outlook startup

Posted on 2010-09-10
9
1,079 Views
Last Modified: 2012-05-10

Outlook 2007 clients connecting to internal Exchange server( are prompted to accept certificate with message "The name on the security certificate is invalid or does not match the name of the site."  The name on the certificate is that of our external URL for OWA.  The host name in use for the external url resolves to our public IP address and the host name internally resolves to the internal ip address of the server running Exchange 2007.

Once accepted Outlook works fine until the next restart when prompted again for the certificate.  We recently installed Exchange 2007 SP2 because of Outlook prompting for authentication, which helped but this prompt remains.

Additionally I can use hosts file entry pointing the external url to the internal ip address for exchange which resolves the prompting, however breaks out of office assistant.

Any assistance is greatly appreciated.  Thank you.
0
Comment
Question by:mrcannon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 32

Accepted Solution

by:
endital1097 earned 250 total points
ID: 33646260
the name on your certificate is not what your web services urls are configured for
get the domain names on your certificate
Get-ExchangeCertificate | where { $_.Services.ToString().Contains("IIS") -eq $true } | ft Cert*

get the urls used by exchange web services
Get-WebServicesVirtualDirectory | fl *URL

get the autodiscover url
get-ClientAccessServer | fl *URI

get-outlookanywhere | fl extern*

your certificate domain names should cover all fqdn values you see, otherwise you need to update settings
0
 
LVL 7

Expert Comment

by:50cal
ID: 33646275
If your using it internally then it will be using the internal address of the server <Server>.<Domain>. Have you tried adding that address to the certificate?

50cal.
0
 
LVL 5

Expert Comment

by:ThrainSonOfTimor
ID: 33646519
"The host name in use for the external url resolves to our public IP address and the host name internally resolves to the internal ip address of the server running Exchange 2007."
So you use the same URL internal and external?
Are you using a self signed certificate?
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 32

Expert Comment

by:endital1097
ID: 33646542
yes, it sounds like your certificate is not a SAN certificate an only contains the domain name for your external url
this causes the name mismatch error

you can look at this article that helps understand the requirements
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_3585-Exchange-Autodiscover-and-Web-Services-OOF-and-OAB.html
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33646578
please output the results of this
http:#33646260

So that we can verify your autodiscover settings are in order.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 33646920
You have obviously installed a certificate that only contains the external URL in its SANs that is why you are getting this prompt,

you have 2 solutions to this problem

1. rekey your certificate including servername.internaldomain.local in the SAN
2. create in your internal DNS your externaldomain.com and add manually records to resolve to your internal name

finally use this script http://www.exchangeninjas.com/set-allvdirs to make sure that all your external and internal URL are setup correctly this should solve your OOF issue
0
 
LVL 2

Assisted Solution

by:maz_ee
maz_ee earned 250 total points
ID: 33647372
Hello,

Plz, check this article,

Security warning when you start Outlook 2007 and then connect to a mailbox that is hosted on a server that is running Exchange Server 2007 or Exchange Server 2010: "The name of the security certificate is invalid or does not match the name of the site"
http://support.microsoft.com/kb/940726
0
 
LVL 19

Expert Comment

by:R--R
ID: 33649141
0
 
LVL 6

Author Closing Comment

by:mrcannon
ID: 33790156
Thank you for your assistance - issue resolved web update of web services urls
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question