EXCHANGE 2007 BPA: Certificate SAN mismatch

I ran the BPA on our new Exchange 2007, on our SBS 2008 and i got the folloving certificate mismatch from the health check option::

Certificate SAN mismatch
The subject alternative name (SAN) of SSL certificate for https://sites/Autodiscover/Autodiscover.xml does not appear to match the host address. Host address: sites. Current SAN: DNS Name=ssl.DOMAINXYZ.com.

Certificate SAN mismatch
The subject alternative name (SAN) of SSL certificate for https://sites/Microsoft-Server-ActiveSync does not appear to match the host address. Host address: sites. Current SAN: DNS Name=ssl.DOMAINXYZ.com.

Certificate SAN mismatch
The subject alternative name (SAN) of SSL certificate for https://sites/owa/ does not appear to match the host address. Host address: sites. Current SAN: DNS Name=ssl.DOMAINXYZ.com.

The FQDN for the server is sbs.DOMAINXYZ.local

Here is some info from the certificate that i got from Equifax Secure Certificate Authority

CN = ssl.DOMAINXYZ.com
OU = Domain Control Validated - RapidSSL(R)
OU = See www.rapidssl.com/resources/cps (c)10
OU = GT11437210
O = ssl.DOMAINXYZ.com
C = DK
SERIALNUMBER = (REMOVED)

DNS Name=ssl.DOMAINXYZ.com

I had some certificate errrors in our outlook clients, but after the fix in this link: http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/configuring-exchange-server-2007-web-services-urls.html

they are all gone.

How do i get rid of the Certificate SAN mismatch?

Thanks
TheBrewerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
This is due to the virtual dirs being sbs.DOMAINXYZ.local
 and not ssl.DOMAINXYZ.com
  your outlook clients will get an error and you need to modify the directories:
http://www.shudnow.net/2007/08/10/outlook-2007-certificate-error/
To make it a quick fix I have a text file that you can rename as to a ps1 and run in the exchange shell.   You just need to edit it from EXCHANGESERVERNAME to that of your exchange server and  exchange.ourcompany.com to ssl.DOMAINXYZ.com.   Run it and you should be good.
<:>In the shell it should be ./Outlook2007certfix.ps1

Outlook2007certfix.txt
AkhaterSolutions ArchitectCommented:
since you are running sbs shouldn't it be remote.domainxyz.com ?

is domainxyz.com your ad domain ?

you should continue what you started with
Get-OwaVirtualDirectory | fl *url*
then

 Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -InternalURL https://ssl.domainxyz.com/owa -ExternalUrl https://ssl.domainxyz.com/owa

Get-ActiveSyncVirtualDirectory | fl *url*
Get-ActiveSyncVirtualDirectory | sset-ActiveSyncVirtualDirectory -InternalURL https://ssl.domainxyz.com/Microsoft-Server-ActiveSync -ExternalUrl  https://ssl.domainxyz.com/Microsoft-Server-ActiveSync

Get-ClientAccessServer | fl *uri*
get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://ssl.domainxyz.com/Autodiscover/Autodiscover.xml
TheBrewerAuthor Commented:
EndureKona:
Thank you for the file. I did what you said, but changed it to SBS Web Applications ( Se the screen dump from my IIS)

Akhater:
Thank you too. my AD domain is DOMAINXYZ.local

I still get the errors in the Exchange BPA.

Why is the BPA error referring to  https://sites/..... when we when we try to add ssl.domainxyz.com?

Thanks.
IIS.jpg
Introduction to Web Design

Develop a strong foundation and understanding of web design by learning HTML, CSS, and additional tools to help you develop your own website.

AkhaterSolutions ArchitectCommented:
did you do the commands i told you ?
TheBrewerAuthor Commented:
Akhater:

Yes, and i get theese yellov lines:
WARNING: The command completed successfully but no settings of 'SBS\owa
(SBS Web Applications)' have been modified.

..and theese red lines:  


Set-OwaVirtualDirectory : "InternalUrl" only applies to Exchange 2007 virtual d
irectories.
At line:1 char:50
+ Get-OwaVirtualDirectory | Set-OwaVirtualDirectory  <<<< -InternalURL https://
ssl.domainxyz.com/owa -ExternalUrl https://ssl.domainxyz.com/owa
Set-OwaVirtualDirectory : "ExternalUrl" only applies to Exchange 2007 virtual d
irectories.
At line:1 char:50
+ Get-OwaVirtualDirectory | Set-OwaVirtualDirectory  <<<< -InternalURL https://
ssl.domainxyz.com/owa -ExternalUrl https://ssl.domainxyz.com/owa
Set-OwaVirtualDirectory : "InternalUrl" only applies to Exchange 2007 virtual d
irectories.
At line:1 char:50
+ Get-OwaVirtualDirectory | Set-OwaVirtualDirectory  <<<< -InternalURL https://
ssl.domainxyz.com/owa -ExternalUrl https://ssl.domainxyz.com/owa
Set-OwaVirtualDirectory : "ExternalUrl" only applies to Exchange 2007 virtual d
irectories.
At line:1 char:50
+ Get-OwaVirtualDirectory | Set-OwaVirtualDirectory  <<<< -InternalURL https://
ssl.domainxyz.com/owa -ExternalUrl https://ssl.domainxyz.com/owa
Set-OwaVirtualDirectory : "InternalUrl" only applies to Exchange 2007 virtual d
irectories.
At line:1 char:50
+ Get-OwaVirtualDirectory | Set-OwaVirtualDirectory  <<<< -InternalURL https://
ssl.domainxyz.com/owa -ExternalUrl https://ssl.domainxyz.com/owa
Set-OwaVirtualDirectory : "ExternalUrl" only applies to Exchange 2007 virtual d
irectories.
At line:1 char:50
+ Get-OwaVirtualDirectory | Set-OwaVirtualDirectory  <<<< -InternalURL https://
ssl.domainxyz.com/owa -ExternalUrl https://ssl.domainxyz.com/owa
Set-OwaVirtualDirectory : "InternalUrl" only applies to Exchange 2007 virtual d
irectories.
At line:1 char:50
+ Get-OwaVirtualDirectory | Set-OwaVirtualDirectory  <<<< -InternalURL https://
ssl.domainxyz.com/owa -ExternalUrl https://ssl.domainxyz.com/owa
Set-OwaVirtualDirectory : "ExternalUrl" only applies to Exchange 2007 virtual d
irectories.
At line:1 char:50
+ Get-OwaVirtualDirectory | Set-OwaVirtualDirectory  <<<< -InternalURL https://
ssl.domainxyz.com/owa -ExternalUrl https://ssl.domainxyz.com/owa

Now only this certificate SAN mismatch left:

The subject alternative name (SAN) of SSL certificate for https://sites/Autodiscover/Autodiscover.xml does not appear to match the host address. Host address: sites. Current SAN: DNS Name=ssl.mydomainxyz.com.

Thanks
AkhaterSolutions ArchitectCommented:
get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://ssl.domainxyz.com/Autodiscover/Autodiscover.xml
TheBrewerAuthor Commented:
Akhater:

Command ran succesfully.

Stil the same Certificate SAN Mismatch:
The subject alternative name (SAN) of SSL certificate for https://sites/Autodiscover/Autodiscover.xml does not appear to match the host address. Host address: sites. Current SAN: DNS Name=ssl.mydomainxyz.com
AkhaterSolutions ArchitectCommented:
get-clientaccessserver | fl *uri*

get-AutodiscverVirtualDirectory | fl *url*

can you give me the output?
TheBrewerAuthor Commented:
AkhaterSolutions ArchitectCommented:
that's the error

get-AutodiscverVirtualDirectory | set-AutodiscverVirtualDirectory -InternalUrl $null

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TheBrewerAuthor Commented:
Solved

Thank you very much for all the time you spent on helping me.

AkhaterSolutions ArchitectCommented:
You are most welcome
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.