sparkis
asked on
Exchange 2010 Certificate Security Alert
I know this has been asked before and I just went through a couple of posts to make the corrects i could find. but we are still getting this Cert popping up internally on outlook clients (2003/2010)
Internal DNS
mail.domain.com
autodiscover.domain.com
Both point to internal IP of exchange server
External DNS
mail.domain.com
autodiscover.domain.com
Both point to external IP of exchange server - or rather postini is where our MX record directs mail.
AutodiscoverSErviceInterna lUri:
https://mail.domain.com/auto.....
https://internalnameofexchageserver.domain.com/auto....
What am I doing wrong. I am using an SSL on the exchange server - UCC with mail.mydomain and autodiscover.mydomain....
Internal DNS
mail.domain.com
autodiscover.domain.com
Both point to internal IP of exchange server
External DNS
mail.domain.com
autodiscover.domain.com
Both point to external IP of exchange server - or rather postini is where our MX record directs mail.
AutodiscoverSErviceInterna
https://mail.domain.com/auto.....
https://internalnameofexchageserver.domain.com/auto....
What am I doing wrong. I am using an SSL on the exchange server - UCC with mail.mydomain and autodiscover.mydomain....
ASKER
<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>ME</DisplayNa me>
<LegacyDN>/O=MYORG/OU=OUna me/cn=Reci pients/cn= myusername </LegacyDN >
<DeploymentId>12daee86-807 0-41d9-a2d b-3a53f4cb 789e</Depl oymentId>
</User>
<Account>
<AccountType>email</Accoun tType>
<Action>settings</Action>
<Protocol>
<Type>EXCH</Type>
<Server>internaldnsname.my domain.com </Server>
<ServerDN>/o=Company/ou=Ex change Administrative Group (FYDIBOHF23SPDLT)/cn=Confi guration/c n=Servers/ cn=interna ldnsname</ ServerDN>
<ServerVersion>7380827F</S erverVersi on>
<MdbDN>/o=Comapny/ou=Excha nge Administrative Group (FYDIBOHF23SPDLT)/cn=Confi guration/c n=Servers/ cn= internaldnsname /cn=Microsoft Private MDB</MdbDN>
<PublicFolderServer>intern al2007exch angeserver .domain.co m</PublicF olderServe r>
<AD>gc.domain.com</AD>
<ASUrl>https:// internaldnsname.domain.com /EWS/Excha nge.asmx</ ASUrl>
<EwsUrl>https:// internaldnsname.domain.com /EWS/Excha nge.asmx</ EwsUrl>
<EcpUrl>https:// internaldnsname.domain.com /ecp</EcpU rl>
<EcpUrl-um>?p=customize/vo icemail.as px&exs vurl=1</Ec pUrl-um>
<EcpUrl-aggr>?p=personalse ttings/Ema ilSubscrip tions.slab &exsvu rl=1</EcpU rl-aggr>
<EcpUrl-mt>PersonalSetting s/Delivery Report.asp x?exsvurl= 1&IsOW A=<IsOW A>& MsgID=< MsgID>& amp;Mbx=&l t;Mbx>< /EcpUrl-mt >
<EcpUrl-sms>?p=sms/textmes saging.sla b&exsv url=1</Ecp Url-sms>
<OOFUrl>https:// internaldnsname.domain.com /EWS/Excha nge.asmx</ OOFUrl>
<UMUrl>https:// internaldnsname.domain.com /EWS/UM200 7Legacy.as mx</UMUrl>
<OABUrl>https://mail.domain.com/OAB/052212eb-b5d8-4294-8c7f-8af2bfc606aa/</OABUrl>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>mail.domain.com</S erver>
<SSL>On</SSL>
<AuthPackage>Basic</AuthPa ckage>
<ASUrl>https://mail.domain.com/EWS/Exchange.asmx</ASUrl>
<EwsUrl>https://mail.domain.com/EWS/Exchange.asmx</EwsUrl>
<EcpUrl>https://mail.domain.com/ecp</EcpUrl>
<EcpUrl-um>?p=customize/vo icemail.as px&exs vurl=1</Ec pUrl-um>
<EcpUrl-aggr>?p=personalse ttings/Ema ilSubscrip tions.slab &exsvu rl=1</EcpU rl-aggr>
<EcpUrl-mt>PersonalSetting s/Delivery Report.asp x?exsvurl= 1&IsOW A=<IsOW A>& MsgID=< MsgID>& amp;Mbx=&l t;Mbx>< /EcpUrl-mt >
<EcpUrl-sms>?p=sms/textmes saging.sla b&exsv url=1</Ecp Url-sms>
<OOFUrl>https://mail.domain.com/EWS/Exchange.asmx</OOFUrl>
<UMUrl>https://mail.domain.com/EWS/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://mail.domain.com/OAB/052212eb-b5d8-4294-8c7f-8af2bfc606aa/</OABUrl>
</Protocol>
<Protocol>
<Type>WEB</Type>
<Internal>
<OWAUrl AuthenticationMethod="Basi c, Fba">https:// internaldnsname.domain.com /owa/</OWA Url>
<Protocol>
<Type>EXCH</Type>
<ASUrl>https:// internaldnsname.domain.com /EWS/Excha nge.asmx</ ASUrl>
</Protocol>
</Internal>
<External>
<OWAUrl AuthenticationMethod="Fba" >https://mail.domain.com/owa/</OWAUrl>
<Protocol>
<Type>EXPR</Type>
<ASUrl>https://mail.domain.com/EWS/Exchange.asmx</ASUrl>
</Protocol>
</External>
</Protocol>
</Account>
</Response>
</Autodiscover>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>ME</DisplayNa
<LegacyDN>/O=MYORG/OU=OUna
<DeploymentId>12daee86-807
</User>
<Account>
<AccountType>email</Accoun
<Action>settings</Action>
<Protocol>
<Type>EXCH</Type>
<Server>internaldnsname.my
<ServerDN>/o=Company/ou=Ex
<ServerVersion>7380827F</S
<MdbDN>/o=Comapny/ou=Excha
<PublicFolderServer>intern
<AD>gc.domain.com</AD>
<ASUrl>https:// internaldnsname.domain.com
<EwsUrl>https:// internaldnsname.domain.com
<EcpUrl>https:// internaldnsname.domain.com
<EcpUrl-um>?p=customize/vo
<EcpUrl-aggr>?p=personalse
<EcpUrl-mt>PersonalSetting
<EcpUrl-sms>?p=sms/textmes
<OOFUrl>https:// internaldnsname.domain.com
<UMUrl>https:// internaldnsname.domain.com
<OABUrl>https://mail.domain.com/OAB/052212eb-b5d8-4294-8c7f-8af2bfc606aa/</OABUrl>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>mail.domain.com</S
<SSL>On</SSL>
<AuthPackage>Basic</AuthPa
<ASUrl>https://mail.domain.com/EWS/Exchange.asmx</ASUrl>
<EwsUrl>https://mail.domain.com/EWS/Exchange.asmx</EwsUrl>
<EcpUrl>https://mail.domain.com/ecp</EcpUrl>
<EcpUrl-um>?p=customize/vo
<EcpUrl-aggr>?p=personalse
<EcpUrl-mt>PersonalSetting
<EcpUrl-sms>?p=sms/textmes
<OOFUrl>https://mail.domain.com/EWS/Exchange.asmx</OOFUrl>
<UMUrl>https://mail.domain.com/EWS/UM2007Legacy.asmx</UMUrl>
<OABUrl>https://mail.domain.com/OAB/052212eb-b5d8-4294-8c7f-8af2bfc606aa/</OABUrl>
</Protocol>
<Protocol>
<Type>WEB</Type>
<Internal>
<OWAUrl AuthenticationMethod="Basi
<Protocol>
<Type>EXCH</Type>
<ASUrl>https:// internaldnsname.domain.com
</Protocol>
</Internal>
<External>
<OWAUrl AuthenticationMethod="Fba"
<Protocol>
<Type>EXPR</Type>
<ASUrl>https://mail.domain.com/EWS/Exchange.asmx</ASUrl>
</Protocol>
</External>
</Protocol>
</Account>
</Response>
</Autodiscover>
ASKER
I changed the internal exchange server to internaldnsname
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
just to double check ur UCC certificate does NOT contain the internaldnsname.domain.com am i right ?
ASKER
thats right. do I need to resetiis after I make the changes?
no there is no need for iisreset just wait a bit for replication if u have more than one DC and run the test again.
any other trace of something other than mail.domain.com ?
any other trace of something other than mail.domain.com ?
ASKER
that did it.
Thanks
Thanks
ASKER
rock on and thank you
with outlook connected CTRL + Right click on the icon in the system tray and click on test email autoconfiguration
enter your credentials and remove all checkboxes leave ONLY autodiscover and run.
when done go to the last tab (xml) and check any url that is NOT mail.domain.com and tell me which it is