• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 424
  • Last Modified:

Exchange 2010 Certificate Security Alert

I know this has been asked before and I just went through a couple of posts to make the corrects i could find. but we are still getting this Cert popping up internally on outlook clients (2003/2010)

Internal DNS
mail.domain.com
autodiscover.domain.com

Both point to internal IP of exchange server

External DNS
mail.domain.com
autodiscover.domain.com

Both point to external IP of exchange server - or rather postini is where our MX record directs mail.

AutodiscoverSErviceInternalUri:
https://mail.domain.com/auto.....
https://internalnameofexchageserver.domain.com/auto....

What am I doing wrong. I am using an SSL on the exchange server - UCC with mail.mydomain and autodiscover.mydomain....
0
sparkis
Asked:
sparkis
  • 5
  • 4
1 Solution
 
AkhaterCommented:
you can't have this error on outlook 2003 ! I guess it is a typo and you mean outlook 2007/2010 ?

with outlook connected CTRL + Right click on the icon in the system tray and click on test email autoconfiguration

enter your credentials and remove all checkboxes leave ONLY autodiscover and run.

when done go to the last tab (xml) and check any url that is NOT mail.domain.com and tell me which it is
0
 
sparkisAuthor Commented:
<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
  <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
    <User>
      <DisplayName>ME</DisplayName>
      <LegacyDN>/O=MYORG/OU=OUname/cn=Recipients/cn=myusername</LegacyDN>
      <DeploymentId>12daee86-8070-41d9-a2db-3a53f4cb789e</DeploymentId>
    </User>
    <Account>
      <AccountType>email</AccountType>
      <Action>settings</Action>
      <Protocol>
        <Type>EXCH</Type>
        <Server>internaldnsname.mydomain.com</Server>
        <ServerDN>/o=Company/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=internaldnsname</ServerDN>
        <ServerVersion>7380827F</ServerVersion>
        <MdbDN>/o=Comapny/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn= internaldnsname /cn=Microsoft Private MDB</MdbDN>
        <PublicFolderServer>internal2007exchangeserver.domain.com</PublicFolderServer>
        <AD>gc.domain.com</AD>
        <ASUrl>https:// internaldnsname.domain.com/EWS/Exchange.asmx</ASUrl>
        <EwsUrl>https:// internaldnsname.domain.com/EWS/Exchange.asmx</EwsUrl>
        <EcpUrl>https:// internaldnsname.domain.com/ecp</EcpUrl>
        <EcpUrl-um>?p=customize/voicemail.aspx&amp;exsvurl=1</EcpUrl-um>
        <EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1</EcpUrl-aggr>
        <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;</EcpUrl-mt>
        <EcpUrl-sms>?p=sms/textmessaging.slab&amp;exsvurl=1</EcpUrl-sms>
        <OOFUrl>https:// internaldnsname.domain.com/EWS/Exchange.asmx</OOFUrl>
        <UMUrl>https:// internaldnsname.domain.com/EWS/UM2007Legacy.asmx</UMUrl>
        <OABUrl>https://mail.domain.com/OAB/052212eb-b5d8-4294-8c7f-8af2bfc606aa/</OABUrl>
      </Protocol>
      <Protocol>
        <Type>EXPR</Type>
        <Server>mail.domain.com</Server>
        <SSL>On</SSL>
        <AuthPackage>Basic</AuthPackage>
        <ASUrl>https://mail.domain.com/EWS/Exchange.asmx</ASUrl>
        <EwsUrl>https://mail.domain.com/EWS/Exchange.asmx</EwsUrl>
        <EcpUrl>https://mail.domain.com/ecp</EcpUrl>
        <EcpUrl-um>?p=customize/voicemail.aspx&amp;exsvurl=1</EcpUrl-um>
        <EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1</EcpUrl-aggr>
        <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;</EcpUrl-mt>
        <EcpUrl-sms>?p=sms/textmessaging.slab&amp;exsvurl=1</EcpUrl-sms>
        <OOFUrl>https://mail.domain.com/EWS/Exchange.asmx</OOFUrl>
        <UMUrl>https://mail.domain.com/EWS/UM2007Legacy.asmx</UMUrl>
        <OABUrl>https://mail.domain.com/OAB/052212eb-b5d8-4294-8c7f-8af2bfc606aa/</OABUrl>
      </Protocol>
      <Protocol>
        <Type>WEB</Type>
        <Internal>
          <OWAUrl AuthenticationMethod="Basic, Fba">https:// internaldnsname.domain.com/owa/</OWAUrl>
          <Protocol>
            <Type>EXCH</Type>
            <ASUrl>https:// internaldnsname.domain.com/EWS/Exchange.asmx</ASUrl>
          </Protocol>
        </Internal>
        <External>
          <OWAUrl AuthenticationMethod="Fba">https://mail.domain.com/owa/</OWAUrl>
          <Protocol>
            <Type>EXPR</Type>
            <ASUrl>https://mail.domain.com/EWS/Exchange.asmx</ASUrl>
          </Protocol>
        </External>
      </Protocol>
    </Account>
  </Response>
</Autodiscover>
0
 
sparkisAuthor Commented:
I changed the internal exchange server to internaldnsname
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
AkhaterCommented:
run these please


get-webservicesvirtualdirectory | set-webservicesvirtualdirectory -internalurl https://mail.domain.com/EWS/Exchange.asmx -externalurl https://mail.domain.com/EWS/Exchange.asmx

get-ecpvirtualdirectory | set-ecpvirtualdirectory  -internalurl https://mail.domain.com/ecp -externalurl https://mail.domain.com/ecp


get-owavirtualdirectory | set-owavirtualdirectory  -internalurl https://mail.domain.com/owa -externalurl https://mail.domain.com/owa

Open in new window

0
 
AkhaterCommented:
just to double check ur UCC certificate does NOT contain the internaldnsname.domain.com am i right ?
0
 
sparkisAuthor Commented:
thats right. do I need to resetiis after I make the changes?
0
 
AkhaterCommented:
no there is no need for iisreset just wait a bit for replication if u have more than one DC and run the test again.

any other trace of something other than mail.domain.com ?
0
 
sparkisAuthor Commented:
that did it.

Thanks
0
 
sparkisAuthor Commented:
rock on and thank you
0

Featured Post

Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now