Exchange 2007 certificate error

Stev0W
Stev0W used Ask the Experts™
on
Hi, I have a SBS2008 server running exchange 2007. I recently upgraded MS Office on the remote users laptops from 2003 to 2007 with no problems or errors when using Outlook Https over PPC. However internally on the office workstations I am now receiving a security alert when outlook 2007 connects. "The name on the security certificate is invalid or does not match the name of the site".
We have a UCC certificate from Godaddy with alternative names on the certificate - remote.domainname.org.uk, mail.domainname.org.uk, servername, servername.domainname.local & autodiscover.domainname.org.uk.
The security Alert message has "SITES" at the top.
I am an not experienced with  Exchange 2007 so any help would be appreciated

Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
AkhaterSolutions Architect

Commented:
what is missing in your certificate is remote.domain.local

one way to make sure is ctrl right click on the outlook icon and pick test email autoconfiguration fill your info and leave only autodiscover option

wait till it is done then go to the xml tab and make sure all the names that appear are in your SANs
Rick FeeMessaging Engineer - Disaster Recovery Engineer

Commented:
What I have done is the past is changed the virtual directories to that of the cert.
 I have attached a powershell script to be run in Exchange Shell.   Just edit it that take of your environment.   Change EXCHANGESERVERNAME that that of your named server and the exchange.ourcompany.com that that of the FDQN of the cert.    
<:>So rename what is attached here as ps1 and run in the exchange shell
http://www.shudnow.net/2007/08/10/outlook-2007-certificate-error/ 

Outlook2007certfix.txt
Stev0WIT CONTRACTOR

Author

Commented:
Thank you both for your answers. I tried to run the script but had trouble running it. So I entered the commands in the Exchange shell one at  time.
The first seemed to be accepted ok. The second line gave the error in the screen shot.
"object ourservername\ews (default website)could not be found on Domain controller

2nd-line.jpg
Introduction to R

R is considered the predominant language for data scientist and statisticians. Learn how to use R for your own data science projects.

AkhaterSolutions Architect

Commented:
enabling basic authentication on your ews will not solve your issue.

if you decide to follow my advise let me know
Stev0WIT CONTRACTOR

Author

Commented:
Hi Akhater,

I did test my email auto configuration and Got this result
But don't know enough to know what dosn't look right



<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
  <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
    <User>
      <DisplayName>XXXXXXX</DisplayName>
      <LegacyDN>/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=myusername</LegacyDN>
      <DeploymentId>a2b27573-034a-4c36-a8ce-ca216aaf2d9b</DeploymentId>
    </User>
    <Account>
      <AccountType>email</AccountType>
      <Action>settings</Action>
      <Protocol>
        <Type>EXCH</Type>
        <Server>Internal FQDN</Server>
        <ServerDN>/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=server name</ServerDN>
        <ServerVersion>720280B0</ServerVersion>
        <MdbDN>/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=Server name/cn=Microsoft Private MDB</MdbDN>
        <PublicFolderServer>internal FQDN.local</PublicFolderServer>
        <AD>internal FQDN</AD>
        <ASUrl>https://sites/EWS/Exchange.asmx</ASUrl>
        <EwsUrl>https://sites/EWS/Exchange.asmx</EwsUrl>
        <OOFUrl>https://sites/EWS/Exchange.asmx</OOFUrl>
        <UMUrl>https://sites/UnifiedMessaging/Service.asmx</UMUrl>
        <OABUrl>https://sites/OAB/6d1bcbda-11d5-4e0e-9f1f-65a35ab3f7a6/</OABUrl>
      </Protocol>
      <Protocol>
        <Type>EXPR</Type>
        <Server>External FQDN</Server>
        <SSL>On</SSL>
        <AuthPackage>Basic</AuthPackage>
        <OABUrl>https://remote.Domain.com.uk/oab/6d1bcbda-11d5-4e0e-9f1f-65a35ab3f7a6/</OABUrl>
      </Protocol>
      <Protocol>
        <Type>WEB</Type>
        <Internal>
          <OWAUrl AuthenticationMethod="Basic, Fba">https://sites/owa/</OWAUrl>
          <Protocol>
            <Type>EXCH</Type>
            <ASUrl>https://sites/EWS/Exchange.asmx</ASUrl>
          </Protocol>
        </Internal>
      </Protocol>
    </Account>
  </Response>
</Autodiscover>

Looked at the certifcate and  I havn't added remote.domain.local

Thanks
Solutions Architect
Commented:


here is what to do

Get-WebServicesVirtualDirectory | set-WebServicesVirutalDirectory -internalUrl https://servername.domainname.local/EWS/Exchange.asmx

get-oabvirtualdirectory | set-oabvirtualdirectory -internalUrl https://servername.domainname.local/OAB

get-owavirtualdirectory | set-owavirtualdirectory -internalUrl https://servername.domainname.local/owa

get-UMVirtualDirectory | set-UMVirtualDirectory -internalUrl https://servername.domainname.local/UnifiedMessaging/Service.asmx

Stev0WIT CONTRACTOR

Author

Commented:
Hi AKhater,
All of the commands completed exept the owa one.
All of the below resulted from the one owa command.


[PS] C:\Windows\system32>get-owavirtualdirectory | set-owavirtualdirectory -internalUrl https://Ourservername.domain.local/owa

WARNING: The command completed successfully but no settings of 'servername\owa (SBS Web Applications)' have been modified.
Set-OwaVirtualDirectory : "InternalUrl" only applies to Exchange 2007 virtual directories.
At line:1 char:50
+ get-owavirtualdirectory | set-owavirtualdirectory <<<<  -internalUrl https://Ourservername.domain.local/owa
    + CategoryInfo          : InvalidData: (servername\Exadmin (SBS Web Applications):ADObjectId) [Set-OwaVirtualDirectory], DataValidationException
    + FullyQualifiedErrorId : 6D727B7B,Microsoft.Exchange.Management.SystemConfigurationTasks.SetOwaVirtualDirectory

Set-OwaVirtualDirectory : "InternalUrl" only applies to Exchange 2007 virtual directories.
At line:1 char:50
+ get-owavirtualdirectory | set-owavirtualdirectory <<<<  -internalUrl https://Ourservername.domain/owa
    + CategoryInfo          : InvalidData: (servername\Exchange (SBS Web Applications):ADObjectId) [Set-OwaVirtualDirectory], DataValidationException
    + FullyQualifiedErrorId : 6D727B7B,Microsoft.Exchange.Management.SystemConfigurationTasks.SetOwaVirtualDirectory

Set-OwaVirtualDirectory : "InternalUrl" only applies to Exchange 2007 virtual directories.
At line:1 char:50
+ get-owavirtualdirectory | set-owavirtualdirectory <<<<  -internalUrl https://Ourservername.domain/owa
    + CategoryInfo          : InvalidData: (servername\Exchweb (SBS Web Applications):ADObjectId) [Set-OwaVirtualDirectory], DataValidationException
    + FullyQualifiedErrorId : 6D727B7B,Microsoft.Exchange.Management.SystemConfigurationTasks.SetOwaVirtualDirectory

Set-OwaVirtualDirectory : "InternalUrl" only applies to Exchange 2007 virtual directories.
At line:1 char:50
+ get-owavirtualdirectory | set-owavirtualdirectory <<<<  -internalUrl https://Ourservername.domain/owa
    + CategoryInfo          : InvalidData: (servername\Public (SBS Web Applications):ADObjectId) [Set-OwaVirtualDirectory], DataValidationException
    + FullyQualifiedErrorId : 6D727B7B,Microsoft.Exchange.Management.SystemConfigurationTasks.SetOwaVirtualDirectory

[PS] C:\Windows\system32>
Stev0WIT CONTRACTOR

Author

Commented:
Hi R-R,
I ran the Command and recieved no errors.
Should I now run the command Akhater gave me that gave the errors?

get-owavirtualdirectory | set-owavirtualdirectory -internalUrl https://Ourservername.domain.local/owa
AkhaterSolutions Architect

Commented:
don't worry about the command it was completed succesfully,

are you still getting the warning?

Stev0WIT CONTRACTOR

Author

Commented:
Hi Akhater, No the security alert no longer appears. I appreciate all your help and patience on this issue.

I have noticed that the external users can not set their Out of Offiice & automatic replies "the server is currently unavailable" Would this be a separate thread, you already have the points anyway.

Thanks again

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial