sparkis
asked on
Exchange 2010 Certificate Security Alert
I know this has been asked before and I just went through a couple of posts to make the corrects i could find. but we are still getting this Cert popping up internally on outlook clients (2003/2010)
Internal DNS
mail.domain.com
autodiscover.domain.com
Both point to internal IP of exchange server
External DNS
mail.domain.com
autodiscover.domain.com
Both point to external IP of exchange server - or rather postini is where our MX record directs mail.
AutodiscoverSErviceInterna
https://mail.domain.com/auto.....
https://internalnameofexchageserver.domain.com/auto....
What am I doing wrong. I am using an SSL on the exchange server - UCC with mail.mydomain and autodiscover.mydomain....
Internal DNS
mail.domain.com
autodiscover.domain.com
Both point to internal IP of exchange server
External DNS
mail.domain.com
autodiscover.domain.com
Both point to external IP of exchange server - or rather postini is where our MX record directs mail.
AutodiscoverSErviceInterna
https://mail.domain.com/auto.....
https://internalnameofexchageserver.domain.com/auto....
What am I doing wrong. I am using an SSL on the exchange server - UCC with mail.mydomain and autodiscover.mydomain....
ASKER
<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>ME</DisplayNa
<LegacyDN>/O=MYORG/OU=OUna
<DeploymentId>12daee86-807
</User>
<Account>
<AccountType>email</Accoun
<Action>settings</Action>
<Protocol>
<Type>EXCH</Type>
<Server>internaldnsname.my
<ServerDN>/o=Company/ou=Ex
<ServerVersion>7380827F</S
<MdbDN>/o=Comapny/ou=Excha
<PublicFolderServer>intern
<AD>gc.domain.com</AD>
<ASUrl>https:// internaldnsname.domain.com
<EwsUrl>https:// internaldnsname.domain.com
<EcpUrl>https:// internaldnsname.domain.com
<EcpUrl-um>?p=customize/vo
<EcpUrl-aggr>?p=personalse
<EcpUrl-mt>PersonalSetting
<EcpUrl-sms>?p=sms/textmes
<OOFUrl>https:// internaldnsname.domain.com
<UMUrl>https:// internaldnsname.domain.com
<OABUrl>https://mail.domain.com/OAB/052212eb-b5d8-4294-8c7f-8af2bfc606aa/</OABUrl>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>mail.domain.com</S
<SSL>On</SSL>
<AuthPackage>Basic</AuthPa
<ASUrl>https://mail.domain.com/EWS/Exchange.asmx</ASUrl>
<EwsUrl>https://mail.domain.com/EWS/Exchange.asmx</EwsUrl>
<EcpUrl>https://mail.domain.com/ecp</EcpUrl>
<EcpUrl-um>?p=customize/vo
<EcpUrl-aggr>?p=personalse
<EcpUrl-mt>PersonalSetting
<EcpUrl-sms>?p=sms/textmes
<OOFUrl>https://mail.domain.com/EWS/Exchange.asmx</OOFUrl>
<UMUrl>https://mail.domain.com/EWS/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://mail.domain.com/OAB/052212eb-b5d8-4294-8c7f-8af2bfc606aa/</OABUrl>
</Protocol>
<Protocol>
<Type>WEB</Type>
<Internal>
<OWAUrl AuthenticationMethod="Basi
<Protocol>
<Type>EXCH</Type>
<ASUrl>https:// internaldnsname.domain.com
</Protocol>
</Internal>
<External>
<OWAUrl AuthenticationMethod="Fba"
<Protocol>
<Type>EXPR</Type>
<ASUrl>https://mail.domain.com/EWS/Exchange.asmx</ASUrl>
</Protocol>
</External>
</Protocol>
</Account>
</Response>
</Autodiscover>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>ME</DisplayNa
<LegacyDN>/O=MYORG/OU=OUna
<DeploymentId>12daee86-807
</User>
<Account>
<AccountType>email</Accoun
<Action>settings</Action>
<Protocol>
<Type>EXCH</Type>
<Server>internaldnsname.my
<ServerDN>/o=Company/ou=Ex
<ServerVersion>7380827F</S
<MdbDN>/o=Comapny/ou=Excha
<PublicFolderServer>intern
<AD>gc.domain.com</AD>
<ASUrl>https:// internaldnsname.domain.com
<EwsUrl>https:// internaldnsname.domain.com
<EcpUrl>https:// internaldnsname.domain.com
<EcpUrl-um>?p=customize/vo
<EcpUrl-aggr>?p=personalse
<EcpUrl-mt>PersonalSetting
<EcpUrl-sms>?p=sms/textmes
<OOFUrl>https:// internaldnsname.domain.com
<UMUrl>https:// internaldnsname.domain.com
<OABUrl>https://mail.domain.com/OAB/052212eb-b5d8-4294-8c7f-8af2bfc606aa/</OABUrl>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>mail.domain.com</S
<SSL>On</SSL>
<AuthPackage>Basic</AuthPa
<ASUrl>https://mail.domain.com/EWS/Exchange.asmx</ASUrl>
<EwsUrl>https://mail.domain.com/EWS/Exchange.asmx</EwsUrl>
<EcpUrl>https://mail.domain.com/ecp</EcpUrl>
<EcpUrl-um>?p=customize/vo
<EcpUrl-aggr>?p=personalse
<EcpUrl-mt>PersonalSetting
<EcpUrl-sms>?p=sms/textmes
<OOFUrl>https://mail.domain.com/EWS/Exchange.asmx</OOFUrl>
<UMUrl>https://mail.domain.com/EWS/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://mail.domain.com/OAB/052212eb-b5d8-4294-8c7f-8af2bfc606aa/</OABUrl>
</Protocol>
<Protocol>
<Type>WEB</Type>
<Internal>
<OWAUrl AuthenticationMethod="Basi
<Protocol>
<Type>EXCH</Type>
<ASUrl>https:// internaldnsname.domain.com
</Protocol>
</Internal>
<External>
<OWAUrl AuthenticationMethod="Fba"
<Protocol>
<Type>EXPR</Type>
<ASUrl>https://mail.domain.com/EWS/Exchange.asmx</ASUrl>
</Protocol>
</External>
</Protocol>
</Account>
</Response>
</Autodiscover>
ASKER
I changed the internal exchange server to internaldnsname
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
just to double check ur UCC certificate does NOT contain the internaldnsname.domain.com
ASKER
thats right. do I need to resetiis after I make the changes?
no there is no need for iisreset just wait a bit for replication if u have more than one DC and run the test again.
any other trace of something other than mail.domain.com ?
any other trace of something other than mail.domain.com ?
ASKER
that did it.
Thanks
Thanks
ASKER
rock on and thank you
with outlook connected CTRL + Right click on the icon in the system tray and click on test email autoconfiguration
enter your credentials and remove all checkboxes leave ONLY autodiscover and run.
when done go to the last tab (xml) and check any url that is NOT mail.domain.com and tell me which it is