When using Outlook 2010 Client Cert domain name not valid error

if the certificate doesn't contain red.mydomain.com then it is normal you get this error

what you can do is

1. change the Exchange URLs to give owa.domain.com instead of red.domain.com
2. in your internal DNS add a record owa.domain.com pointing to the internal IP of your exchange server

I want to keep internal as RED why does the default cert not work ....is it because I assigned SMTP Services to the external owa.mydomain.com cert.

does the external cert need both IIS and SMTP services assigned to it?

The cert has to match the domain name

Your cert is issued to OWA.domain.com
Your domain is - red.domain.com

You can change the internal to owa.domain.com
and then create a DNS entry where you add a A-record for owa.domain.com to point to lan IP of exchange 2010

That's another possibility :)

Akhater: Thanks...when I submitted the req to godaddy it included red. I selected their Exc 2007 cert download.

sunnyc7: yes i have that already...whichs works for accessing the webmail access internally.

I am talking about Outlook Client which finds RED (even if I type in OWA it resolves to RED)

I am guessing rekeying may be my only option...Akhater: any additional thoughts

 

yes outlook clients takes the configuration from autodiscovery services so as long as in the exchange it is configured to use RED it will switch back to RED

Check this.
https://www.experts-exchange.com/questions/26256289/Outlook-2007-Security-Certificate-is-Invalid.html 

Akhater: Why is mapi looking for an SSL cert...does not make sense...I can turn of the encryption in the profile ...but then I get an address book error

---------------------------
The connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete this action.
---------------------------
There must be a simple solution to this....why would I need an SSL cert for internal mapi

you don't need SSL for mapi, you need SSL for autodiscover to work, this is the way exchange 2010/2007 works

outlook will connect through https to the autodiscover servrice to pull all needed URLS

OWA/OAB/EWS etc..

How can I change the url that autodiscover looks for internally???

get-clientaccessserver | fl InternalUrl
get-autodiscovervirtualdirectory | fl InternalUrl

post the results of both

thanks

Too expensive to setup cert with multiple subdomains....what can I do to work around...besides having internal and external FQDN being the same name
 

you don't have a lot of options it is either have both the same or get a SAN certificate

a SAN certificate is for $80/year not exactly expensive

sunnyc7:
get-clientaccessserver | fl InternalUrl
returns...nothing...blank space

get-clientaccessserver
returns.....
NAME
--------
RED

get-autodiscovervirtualdirectory | fl InternalUrl
returns...
InternalUrl:

if you want to make them both the same you will need to

1. open EMC -> server config ->Client access
2. go to each tab and change the name from RED to mail....


then got to EMS

get-webservicesvirutaldirectory |fl *url*

then
get-webservicesvirutaldirectory | set-webservicesvirtualdirectory -externalURL https://mail....../...... (copied from step before)


finally go issue

get-clientaccessserver | fl *uri*

get-clientaccessserver | set-clientaccesserver -AutoDiscoverServiceInternalUri https://mail.....

This is your problem http:#33667204
Blank space - that means SCP's and url's ar enot configured and akhater gave the answer above.

Along with externalURL - you need to set internalURL for completeness

Was out of action for a while.

Thanks all...It was easier to just put in a UC certificate (that can contain internal and external domains - recquired by MS)...all works fine now. FYI..it was strange that the EMS did not show the InternalUrl when they show in the EMC