Solved

Exchange 2010 Certificate Security Alert

Posted on 2010-11-16
9
411 Views
Last Modified: 2012-06-21
I know this has been asked before and I just went through a couple of posts to make the corrects i could find. but we are still getting this Cert popping up internally on outlook clients (2003/2010)

Internal DNS
mail.domain.com
autodiscover.domain.com

Both point to internal IP of exchange server

External DNS
mail.domain.com
autodiscover.domain.com

Both point to external IP of exchange server - or rather postini is where our MX record directs mail.

AutodiscoverSErviceInternalUri:
https://mail.domain.com/auto.....
https://internalnameofexchageserver.domain.com/auto....

What am I doing wrong. I am using an SSL on the exchange server - UCC with mail.mydomain and autodiscover.mydomain....
0
Comment
Question by:sparkis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 49

Expert Comment

by:Akhater
ID: 34150204
you can't have this error on outlook 2003 ! I guess it is a typo and you mean outlook 2007/2010 ?

with outlook connected CTRL + Right click on the icon in the system tray and click on test email autoconfiguration

enter your credentials and remove all checkboxes leave ONLY autodiscover and run.

when done go to the last tab (xml) and check any url that is NOT mail.domain.com and tell me which it is
0
 

Author Comment

by:sparkis
ID: 34150319
<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
  <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
    <User>
      <DisplayName>ME</DisplayName>
      <LegacyDN>/O=MYORG/OU=OUname/cn=Recipients/cn=myusername</LegacyDN>
      <DeploymentId>12daee86-8070-41d9-a2db-3a53f4cb789e</DeploymentId>
    </User>
    <Account>
      <AccountType>email</AccountType>
      <Action>settings</Action>
      <Protocol>
        <Type>EXCH</Type>
        <Server>internaldnsname.mydomain.com</Server>
        <ServerDN>/o=Company/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=internaldnsname</ServerDN>
        <ServerVersion>7380827F</ServerVersion>
        <MdbDN>/o=Comapny/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn= internaldnsname /cn=Microsoft Private MDB</MdbDN>
        <PublicFolderServer>internal2007exchangeserver.domain.com</PublicFolderServer>
        <AD>gc.domain.com</AD>
        <ASUrl>https:// internaldnsname.domain.com/EWS/Exchange.asmx</ASUrl>
        <EwsUrl>https:// internaldnsname.domain.com/EWS/Exchange.asmx</EwsUrl>
        <EcpUrl>https:// internaldnsname.domain.com/ecp</EcpUrl>
        <EcpUrl-um>?p=customize/voicemail.aspx&amp;exsvurl=1</EcpUrl-um>
        <EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1</EcpUrl-aggr>
        <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;</EcpUrl-mt>
        <EcpUrl-sms>?p=sms/textmessaging.slab&amp;exsvurl=1</EcpUrl-sms>
        <OOFUrl>https:// internaldnsname.domain.com/EWS/Exchange.asmx</OOFUrl>
        <UMUrl>https:// internaldnsname.domain.com/EWS/UM2007Legacy.asmx</UMUrl>
        <OABUrl>https://mail.domain.com/OAB/052212eb-b5d8-4294-8c7f-8af2bfc606aa/</OABUrl>
      </Protocol>
      <Protocol>
        <Type>EXPR</Type>
        <Server>mail.domain.com</Server>
        <SSL>On</SSL>
        <AuthPackage>Basic</AuthPackage>
        <ASUrl>https://mail.domain.com/EWS/Exchange.asmx</ASUrl>
        <EwsUrl>https://mail.domain.com/EWS/Exchange.asmx</EwsUrl>
        <EcpUrl>https://mail.domain.com/ecp</EcpUrl>
        <EcpUrl-um>?p=customize/voicemail.aspx&amp;exsvurl=1</EcpUrl-um>
        <EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1</EcpUrl-aggr>
        <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;</EcpUrl-mt>
        <EcpUrl-sms>?p=sms/textmessaging.slab&amp;exsvurl=1</EcpUrl-sms>
        <OOFUrl>https://mail.domain.com/EWS/Exchange.asmx</OOFUrl>
        <UMUrl>https://mail.domain.com/EWS/UM2007Legacy.asmx</UMUrl>
        <OABUrl>https://mail.domain.com/OAB/052212eb-b5d8-4294-8c7f-8af2bfc606aa/</OABUrl>
      </Protocol>
      <Protocol>
        <Type>WEB</Type>
        <Internal>
          <OWAUrl AuthenticationMethod="Basic, Fba">https:// internaldnsname.domain.com/owa/</OWAUrl>
          <Protocol>
            <Type>EXCH</Type>
            <ASUrl>https:// internaldnsname.domain.com/EWS/Exchange.asmx</ASUrl>
          </Protocol>
        </Internal>
        <External>
          <OWAUrl AuthenticationMethod="Fba">https://mail.domain.com/owa/</OWAUrl>
          <Protocol>
            <Type>EXPR</Type>
            <ASUrl>https://mail.domain.com/EWS/Exchange.asmx</ASUrl>
          </Protocol>
        </External>
      </Protocol>
    </Account>
  </Response>
</Autodiscover>
0
 

Author Comment

by:sparkis
ID: 34150324
I changed the internal exchange server to internaldnsname
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 49

Accepted Solution

by:
Akhater earned 500 total points
ID: 34150387
run these please


get-webservicesvirtualdirectory | set-webservicesvirtualdirectory -internalurl https://mail.domain.com/EWS/Exchange.asmx -externalurl https://mail.domain.com/EWS/Exchange.asmx

get-ecpvirtualdirectory | set-ecpvirtualdirectory  -internalurl https://mail.domain.com/ecp -externalurl https://mail.domain.com/ecp


get-owavirtualdirectory | set-owavirtualdirectory  -internalurl https://mail.domain.com/owa -externalurl https://mail.domain.com/owa

Open in new window

0
 
LVL 49

Expert Comment

by:Akhater
ID: 34150405
just to double check ur UCC certificate does NOT contain the internaldnsname.domain.com am i right ?
0
 

Author Comment

by:sparkis
ID: 34150516
thats right. do I need to resetiis after I make the changes?
0
 
LVL 49

Expert Comment

by:Akhater
ID: 34150537
no there is no need for iisreset just wait a bit for replication if u have more than one DC and run the test again.

any other trace of something other than mail.domain.com ?
0
 

Author Comment

by:sparkis
ID: 34150538
that did it.

Thanks
0
 

Author Closing Comment

by:sparkis
ID: 34150543
rock on and thank you
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Utilizing an array to gracefully append to a list of EmailAddresses
Find out what you should include to make the best professional email signature for your organization.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question