Solved

Exchange 2010 Certificate Security Alert

Posted on 2010-11-16
9
415 Views
Last Modified: 2012-06-21
I know this has been asked before and I just went through a couple of posts to make the corrects i could find. but we are still getting this Cert popping up internally on outlook clients (2003/2010)

Internal DNS
mail.domain.com
autodiscover.domain.com

Both point to internal IP of exchange server

External DNS
mail.domain.com
autodiscover.domain.com

Both point to external IP of exchange server - or rather postini is where our MX record directs mail.

AutodiscoverSErviceInternalUri:
https://mail.domain.com/auto.....
https://internalnameofexchageserver.domain.com/auto....

What am I doing wrong. I am using an SSL on the exchange server - UCC with mail.mydomain and autodiscover.mydomain....
0
Comment
Question by:sparkis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 49

Expert Comment

by:Akhater
ID: 34150204
you can't have this error on outlook 2003 ! I guess it is a typo and you mean outlook 2007/2010 ?

with outlook connected CTRL + Right click on the icon in the system tray and click on test email autoconfiguration

enter your credentials and remove all checkboxes leave ONLY autodiscover and run.

when done go to the last tab (xml) and check any url that is NOT mail.domain.com and tell me which it is
0
 

Author Comment

by:sparkis
ID: 34150319
<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
  <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
    <User>
      <DisplayName>ME</DisplayName>
      <LegacyDN>/O=MYORG/OU=OUname/cn=Recipients/cn=myusername</LegacyDN>
      <DeploymentId>12daee86-8070-41d9-a2db-3a53f4cb789e</DeploymentId>
    </User>
    <Account>
      <AccountType>email</AccountType>
      <Action>settings</Action>
      <Protocol>
        <Type>EXCH</Type>
        <Server>internaldnsname.mydomain.com</Server>
        <ServerDN>/o=Company/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=internaldnsname</ServerDN>
        <ServerVersion>7380827F</ServerVersion>
        <MdbDN>/o=Comapny/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn= internaldnsname /cn=Microsoft Private MDB</MdbDN>
        <PublicFolderServer>internal2007exchangeserver.domain.com</PublicFolderServer>
        <AD>gc.domain.com</AD>
        <ASUrl>https:// internaldnsname.domain.com/EWS/Exchange.asmx</ASUrl>
        <EwsUrl>https:// internaldnsname.domain.com/EWS/Exchange.asmx</EwsUrl>
        <EcpUrl>https:// internaldnsname.domain.com/ecp</EcpUrl>
        <EcpUrl-um>?p=customize/voicemail.aspx&amp;exsvurl=1</EcpUrl-um>
        <EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1</EcpUrl-aggr>
        <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;</EcpUrl-mt>
        <EcpUrl-sms>?p=sms/textmessaging.slab&amp;exsvurl=1</EcpUrl-sms>
        <OOFUrl>https:// internaldnsname.domain.com/EWS/Exchange.asmx</OOFUrl>
        <UMUrl>https:// internaldnsname.domain.com/EWS/UM2007Legacy.asmx</UMUrl>
        <OABUrl>https://mail.domain.com/OAB/052212eb-b5d8-4294-8c7f-8af2bfc606aa/</OABUrl>
      </Protocol>
      <Protocol>
        <Type>EXPR</Type>
        <Server>mail.domain.com</Server>
        <SSL>On</SSL>
        <AuthPackage>Basic</AuthPackage>
        <ASUrl>https://mail.domain.com/EWS/Exchange.asmx</ASUrl>
        <EwsUrl>https://mail.domain.com/EWS/Exchange.asmx</EwsUrl>
        <EcpUrl>https://mail.domain.com/ecp</EcpUrl>
        <EcpUrl-um>?p=customize/voicemail.aspx&amp;exsvurl=1</EcpUrl-um>
        <EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1</EcpUrl-aggr>
        <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;</EcpUrl-mt>
        <EcpUrl-sms>?p=sms/textmessaging.slab&amp;exsvurl=1</EcpUrl-sms>
        <OOFUrl>https://mail.domain.com/EWS/Exchange.asmx</OOFUrl>
        <UMUrl>https://mail.domain.com/EWS/UM2007Legacy.asmx</UMUrl>
        <OABUrl>https://mail.domain.com/OAB/052212eb-b5d8-4294-8c7f-8af2bfc606aa/</OABUrl>
      </Protocol>
      <Protocol>
        <Type>WEB</Type>
        <Internal>
          <OWAUrl AuthenticationMethod="Basic, Fba">https:// internaldnsname.domain.com/owa/</OWAUrl>
          <Protocol>
            <Type>EXCH</Type>
            <ASUrl>https:// internaldnsname.domain.com/EWS/Exchange.asmx</ASUrl>
          </Protocol>
        </Internal>
        <External>
          <OWAUrl AuthenticationMethod="Fba">https://mail.domain.com/owa/</OWAUrl>
          <Protocol>
            <Type>EXPR</Type>
            <ASUrl>https://mail.domain.com/EWS/Exchange.asmx</ASUrl>
          </Protocol>
        </External>
      </Protocol>
    </Account>
  </Response>
</Autodiscover>
0
 

Author Comment

by:sparkis
ID: 34150324
I changed the internal exchange server to internaldnsname
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 49

Accepted Solution

by:
Akhater earned 500 total points
ID: 34150387
run these please


get-webservicesvirtualdirectory | set-webservicesvirtualdirectory -internalurl https://mail.domain.com/EWS/Exchange.asmx -externalurl https://mail.domain.com/EWS/Exchange.asmx

get-ecpvirtualdirectory | set-ecpvirtualdirectory  -internalurl https://mail.domain.com/ecp -externalurl https://mail.domain.com/ecp


get-owavirtualdirectory | set-owavirtualdirectory  -internalurl https://mail.domain.com/owa -externalurl https://mail.domain.com/owa

Open in new window

0
 
LVL 49

Expert Comment

by:Akhater
ID: 34150405
just to double check ur UCC certificate does NOT contain the internaldnsname.domain.com am i right ?
0
 

Author Comment

by:sparkis
ID: 34150516
thats right. do I need to resetiis after I make the changes?
0
 
LVL 49

Expert Comment

by:Akhater
ID: 34150537
no there is no need for iisreset just wait a bit for replication if u have more than one DC and run the test again.

any other trace of something other than mail.domain.com ?
0
 

Author Comment

by:sparkis
ID: 34150538
that did it.

Thanks
0
 

Author Closing Comment

by:sparkis
ID: 34150543
rock on and thank you
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question