Solved

AutoDiscover Certificate gives warning error from computers outside the network

Posted on 2010-09-15
3
874 Views
Last Modified: 2012-06-21
I'm running Exchange 2007.  When Outlook users from outside our network open Outlook they receive a certificate warning.  It says that the certificate is valid and trusted, but "the name of the security certificate is invalid or does not match the name of the site".  I have two CAS servers configured with NLB.  My certificates has 3 names, cas1.domain.edu, cas2,domain.edu, jointname.domain.edu.  In DNS,  the autodiscover alias points to jointname.domain.edu.  I assume the warning is because it tries to use autodiscover.domain.edu and this isn't an actual altername name.  I've tried adding an SRV records per article:
http://support.microsoft.com/kb/940881, but it doesn't change anything.  I assume that is because the original attempt doesn't outright fail so that is tries the SRV record.  Aside from buying new certificates, doesn't anyone know how to make the warning go away. Outlook inside my network works fine - as does OWA.  This is specifcally related to Outlook Anywhere.
My test client is Outlook 2007, and think it will suffice to alleviate the warning just for Outlook 2007 if that is possible.
Thanks.
0
Comment
Question by:apsutechteam
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 32

Accepted Solution

by:
endital1097 earned 167 total points
ID: 33687194
0
 
LVL 19

Assisted Solution

by:R--R
R--R earned 166 total points
ID: 33687261
0
 
LVL 58

Assisted Solution

by:tigermatt
tigermatt earned 167 total points
ID: 33687425

The problem is indeed your SSL certificate.

The underlying DNS infrastructure which maps autodiscover to jointname has no relevance when it comes to certificate trust. As far as Outlook and the cryptography system is concerned, the connection is to autodiscover.domain.edu so that name MUST be listed on the certificate.

If you create a SRV record to map to your jointname.domain.edu, you need to remove the old CNAME and allow time for the changes to propagate through DNS. Outlook only resorts to SRV records if conventional autodiscover.domain.edu fails, and it must be Outlook SP1 or higher.

I personally do not like the SRV record approach. Your public DNS provider must support it (many don't) and for the cost, it's much easier to replace the certificates.

-Matt
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question