[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Exchange 2010 Certificate Security Alert

Posted on 2010-11-16
9
Medium Priority
?
421 Views
Last Modified: 2012-06-21
I know this has been asked before and I just went through a couple of posts to make the corrects i could find. but we are still getting this Cert popping up internally on outlook clients (2003/2010)

Internal DNS
mail.domain.com
autodiscover.domain.com

Both point to internal IP of exchange server

External DNS
mail.domain.com
autodiscover.domain.com

Both point to external IP of exchange server - or rather postini is where our MX record directs mail.

AutodiscoverSErviceInternalUri:
https://mail.domain.com/auto.....
https://internalnameofexchageserver.domain.com/auto....

What am I doing wrong. I am using an SSL on the exchange server - UCC with mail.mydomain and autodiscover.mydomain....
0
Comment
Question by:sparkis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 49

Expert Comment

by:Akhater
ID: 34150204
you can't have this error on outlook 2003 ! I guess it is a typo and you mean outlook 2007/2010 ?

with outlook connected CTRL + Right click on the icon in the system tray and click on test email autoconfiguration

enter your credentials and remove all checkboxes leave ONLY autodiscover and run.

when done go to the last tab (xml) and check any url that is NOT mail.domain.com and tell me which it is
0
 

Author Comment

by:sparkis
ID: 34150319
<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
  <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
    <User>
      <DisplayName>ME</DisplayName>
      <LegacyDN>/O=MYORG/OU=OUname/cn=Recipients/cn=myusername</LegacyDN>
      <DeploymentId>12daee86-8070-41d9-a2db-3a53f4cb789e</DeploymentId>
    </User>
    <Account>
      <AccountType>email</AccountType>
      <Action>settings</Action>
      <Protocol>
        <Type>EXCH</Type>
        <Server>internaldnsname.mydomain.com</Server>
        <ServerDN>/o=Company/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=internaldnsname</ServerDN>
        <ServerVersion>7380827F</ServerVersion>
        <MdbDN>/o=Comapny/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn= internaldnsname /cn=Microsoft Private MDB</MdbDN>
        <PublicFolderServer>internal2007exchangeserver.domain.com</PublicFolderServer>
        <AD>gc.domain.com</AD>
        <ASUrl>https:// internaldnsname.domain.com/EWS/Exchange.asmx</ASUrl>
        <EwsUrl>https:// internaldnsname.domain.com/EWS/Exchange.asmx</EwsUrl>
        <EcpUrl>https:// internaldnsname.domain.com/ecp</EcpUrl>
        <EcpUrl-um>?p=customize/voicemail.aspx&amp;exsvurl=1</EcpUrl-um>
        <EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1</EcpUrl-aggr>
        <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;</EcpUrl-mt>
        <EcpUrl-sms>?p=sms/textmessaging.slab&amp;exsvurl=1</EcpUrl-sms>
        <OOFUrl>https:// internaldnsname.domain.com/EWS/Exchange.asmx</OOFUrl>
        <UMUrl>https:// internaldnsname.domain.com/EWS/UM2007Legacy.asmx</UMUrl>
        <OABUrl>https://mail.domain.com/OAB/052212eb-b5d8-4294-8c7f-8af2bfc606aa/</OABUrl>
      </Protocol>
      <Protocol>
        <Type>EXPR</Type>
        <Server>mail.domain.com</Server>
        <SSL>On</SSL>
        <AuthPackage>Basic</AuthPackage>
        <ASUrl>https://mail.domain.com/EWS/Exchange.asmx</ASUrl>
        <EwsUrl>https://mail.domain.com/EWS/Exchange.asmx</EwsUrl>
        <EcpUrl>https://mail.domain.com/ecp</EcpUrl>
        <EcpUrl-um>?p=customize/voicemail.aspx&amp;exsvurl=1</EcpUrl-um>
        <EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1</EcpUrl-aggr>
        <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;</EcpUrl-mt>
        <EcpUrl-sms>?p=sms/textmessaging.slab&amp;exsvurl=1</EcpUrl-sms>
        <OOFUrl>https://mail.domain.com/EWS/Exchange.asmx</OOFUrl>
        <UMUrl>https://mail.domain.com/EWS/UM2007Legacy.asmx</UMUrl>
        <OABUrl>https://mail.domain.com/OAB/052212eb-b5d8-4294-8c7f-8af2bfc606aa/</OABUrl>
      </Protocol>
      <Protocol>
        <Type>WEB</Type>
        <Internal>
          <OWAUrl AuthenticationMethod="Basic, Fba">https:// internaldnsname.domain.com/owa/</OWAUrl>
          <Protocol>
            <Type>EXCH</Type>
            <ASUrl>https:// internaldnsname.domain.com/EWS/Exchange.asmx</ASUrl>
          </Protocol>
        </Internal>
        <External>
          <OWAUrl AuthenticationMethod="Fba">https://mail.domain.com/owa/</OWAUrl>
          <Protocol>
            <Type>EXPR</Type>
            <ASUrl>https://mail.domain.com/EWS/Exchange.asmx</ASUrl>
          </Protocol>
        </External>
      </Protocol>
    </Account>
  </Response>
</Autodiscover>
0
 

Author Comment

by:sparkis
ID: 34150324
I changed the internal exchange server to internaldnsname
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 49

Accepted Solution

by:
Akhater earned 2000 total points
ID: 34150387
run these please


get-webservicesvirtualdirectory | set-webservicesvirtualdirectory -internalurl https://mail.domain.com/EWS/Exchange.asmx -externalurl https://mail.domain.com/EWS/Exchange.asmx

get-ecpvirtualdirectory | set-ecpvirtualdirectory  -internalurl https://mail.domain.com/ecp -externalurl https://mail.domain.com/ecp


get-owavirtualdirectory | set-owavirtualdirectory  -internalurl https://mail.domain.com/owa -externalurl https://mail.domain.com/owa

Open in new window

0
 
LVL 49

Expert Comment

by:Akhater
ID: 34150405
just to double check ur UCC certificate does NOT contain the internaldnsname.domain.com am i right ?
0
 

Author Comment

by:sparkis
ID: 34150516
thats right. do I need to resetiis after I make the changes?
0
 
LVL 49

Expert Comment

by:Akhater
ID: 34150537
no there is no need for iisreset just wait a bit for replication if u have more than one DC and run the test again.

any other trace of something other than mail.domain.com ?
0
 

Author Comment

by:sparkis
ID: 34150538
that did it.

Thanks
0
 

Author Closing Comment

by:sparkis
ID: 34150543
rock on and thank you
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question