Solved

Exchange 2010 Certificate Security Alert

Posted on 2010-11-16
9
405 Views
Last Modified: 2012-06-21
I know this has been asked before and I just went through a couple of posts to make the corrects i could find. but we are still getting this Cert popping up internally on outlook clients (2003/2010)

Internal DNS
mail.domain.com
autodiscover.domain.com

Both point to internal IP of exchange server

External DNS
mail.domain.com
autodiscover.domain.com

Both point to external IP of exchange server - or rather postini is where our MX record directs mail.

AutodiscoverSErviceInternalUri:
https://mail.domain.com/auto.....
https://internalnameofexchageserver.domain.com/auto....

What am I doing wrong. I am using an SSL on the exchange server - UCC with mail.mydomain and autodiscover.mydomain....
0
Comment
Question by:sparkis
  • 5
  • 4
9 Comments
 
LVL 49

Expert Comment

by:Akhater
ID: 34150204
you can't have this error on outlook 2003 ! I guess it is a typo and you mean outlook 2007/2010 ?

with outlook connected CTRL + Right click on the icon in the system tray and click on test email autoconfiguration

enter your credentials and remove all checkboxes leave ONLY autodiscover and run.

when done go to the last tab (xml) and check any url that is NOT mail.domain.com and tell me which it is
0
 

Author Comment

by:sparkis
ID: 34150319
<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
  <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
    <User>
      <DisplayName>ME</DisplayName>
      <LegacyDN>/O=MYORG/OU=OUname/cn=Recipients/cn=myusername</LegacyDN>
      <DeploymentId>12daee86-8070-41d9-a2db-3a53f4cb789e</DeploymentId>
    </User>
    <Account>
      <AccountType>email</AccountType>
      <Action>settings</Action>
      <Protocol>
        <Type>EXCH</Type>
        <Server>internaldnsname.mydomain.com</Server>
        <ServerDN>/o=Company/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=internaldnsname</ServerDN>
        <ServerVersion>7380827F</ServerVersion>
        <MdbDN>/o=Comapny/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn= internaldnsname /cn=Microsoft Private MDB</MdbDN>
        <PublicFolderServer>internal2007exchangeserver.domain.com</PublicFolderServer>
        <AD>gc.domain.com</AD>
        <ASUrl>https:// internaldnsname.domain.com/EWS/Exchange.asmx</ASUrl>
        <EwsUrl>https:// internaldnsname.domain.com/EWS/Exchange.asmx</EwsUrl>
        <EcpUrl>https:// internaldnsname.domain.com/ecp</EcpUrl>
        <EcpUrl-um>?p=customize/voicemail.aspx&amp;exsvurl=1</EcpUrl-um>
        <EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1</EcpUrl-aggr>
        <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;</EcpUrl-mt>
        <EcpUrl-sms>?p=sms/textmessaging.slab&amp;exsvurl=1</EcpUrl-sms>
        <OOFUrl>https:// internaldnsname.domain.com/EWS/Exchange.asmx</OOFUrl>
        <UMUrl>https:// internaldnsname.domain.com/EWS/UM2007Legacy.asmx</UMUrl>
        <OABUrl>https://mail.domain.com/OAB/052212eb-b5d8-4294-8c7f-8af2bfc606aa/</OABUrl>
      </Protocol>
      <Protocol>
        <Type>EXPR</Type>
        <Server>mail.domain.com</Server>
        <SSL>On</SSL>
        <AuthPackage>Basic</AuthPackage>
        <ASUrl>https://mail.domain.com/EWS/Exchange.asmx</ASUrl>
        <EwsUrl>https://mail.domain.com/EWS/Exchange.asmx</EwsUrl>
        <EcpUrl>https://mail.domain.com/ecp</EcpUrl>
        <EcpUrl-um>?p=customize/voicemail.aspx&amp;exsvurl=1</EcpUrl-um>
        <EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1</EcpUrl-aggr>
        <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;</EcpUrl-mt>
        <EcpUrl-sms>?p=sms/textmessaging.slab&amp;exsvurl=1</EcpUrl-sms>
        <OOFUrl>https://mail.domain.com/EWS/Exchange.asmx</OOFUrl>
        <UMUrl>https://mail.domain.com/EWS/UM2007Legacy.asmx</UMUrl>
        <OABUrl>https://mail.domain.com/OAB/052212eb-b5d8-4294-8c7f-8af2bfc606aa/</OABUrl>
      </Protocol>
      <Protocol>
        <Type>WEB</Type>
        <Internal>
          <OWAUrl AuthenticationMethod="Basic, Fba">https:// internaldnsname.domain.com/owa/</OWAUrl>
          <Protocol>
            <Type>EXCH</Type>
            <ASUrl>https:// internaldnsname.domain.com/EWS/Exchange.asmx</ASUrl>
          </Protocol>
        </Internal>
        <External>
          <OWAUrl AuthenticationMethod="Fba">https://mail.domain.com/owa/</OWAUrl>
          <Protocol>
            <Type>EXPR</Type>
            <ASUrl>https://mail.domain.com/EWS/Exchange.asmx</ASUrl>
          </Protocol>
        </External>
      </Protocol>
    </Account>
  </Response>
</Autodiscover>
0
 

Author Comment

by:sparkis
ID: 34150324
I changed the internal exchange server to internaldnsname
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 49

Accepted Solution

by:
Akhater earned 500 total points
ID: 34150387
run these please


get-webservicesvirtualdirectory | set-webservicesvirtualdirectory -internalurl https://mail.domain.com/EWS/Exchange.asmx -externalurl https://mail.domain.com/EWS/Exchange.asmx

get-ecpvirtualdirectory | set-ecpvirtualdirectory  -internalurl https://mail.domain.com/ecp -externalurl https://mail.domain.com/ecp


get-owavirtualdirectory | set-owavirtualdirectory  -internalurl https://mail.domain.com/owa -externalurl https://mail.domain.com/owa

Open in new window

0
 
LVL 49

Expert Comment

by:Akhater
ID: 34150405
just to double check ur UCC certificate does NOT contain the internaldnsname.domain.com am i right ?
0
 

Author Comment

by:sparkis
ID: 34150516
thats right. do I need to resetiis after I make the changes?
0
 
LVL 49

Expert Comment

by:Akhater
ID: 34150537
no there is no need for iisreset just wait a bit for replication if u have more than one DC and run the test again.

any other trace of something other than mail.domain.com ?
0
 

Author Comment

by:sparkis
ID: 34150538
that did it.

Thanks
0
 

Author Closing Comment

by:sparkis
ID: 34150543
rock on and thank you
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
This video discusses moving either the default database or any database to a new volume.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question