Solved

Exchange 2010/Outlook 2007 Certificate warning

Posted on 2011-02-11
8
670 Views
Last Modified: 2012-05-11
Exchange 2010 is very new to me so forgive me if I sound naive in some of my questioning.  

We have 2 Exchange Servers in our organization, a 2003 and a 2010 Exchange Server.  All the Roles for  2010 are on 1 server.

In order to get Active Sync working we purchased a Certificate from GoDaddy.  Active Sync is working on the new server.......it was issued to the name we use for our external URL.  The internal URL is the same name as the Exchange 2010 server.

While active sync work fine, whenever Outlook 2007 opens a mailbox that resides on the Exchange 2010 Server it gets the warning certificate message that is well known where the last option "The name on the security certificate is invalid or does not match the name of the site"   The internal URL was not included when we created this certificate.

This morning I created a new cert for the internal url...without thinking I assigned it IIS services...well this made the cert warning message go away but also broke active sync.  Removed the IIS services from the new cert and active sync worked fine.


So basically all to say how do I make the certificate warning message stop when my internal users open Outlook 2007 without breaking active sync?

Thanks and sorry to sound naive...trying to understand as I go


0
Comment
Question by:BlueGoose
  • 4
  • 3
8 Comments
 
LVL 5

Expert Comment

by:LLMorrisson
ID: 34872750
If you don't have a SAN cert, you'll need to change the internal service URL that is used for communication between Exchange and Outlook so it matches the name in the cert to make it stop complaining. You obviously need to make sure this address is resolvable internally too before you do it, otherwise that will break it too.
0
 
LVL 5

Expert Comment

by:LLMorrisson
ID: 34872782
0
 
LVL 26

Expert Comment

by:jar3817
ID: 34872940
How about you set internal outlook clients to connect vi MAPI rather than HTTPS? Or are they laptops that are internal sometimes and external other times?

Really the best thing to do would be to use the same domain name internally and externally. That might require you run split dns, it all depends on your setup.
0
 

Author Comment

by:BlueGoose
ID: 34873026
Internal clients are connecting by MAPI (verified by right clicking icon in tray and choosing Connection Status)

Short of having the internal and external urls's being the same is there other options?  Right now the only 3rd party cert we have is the GoDaddy on that is used for Active Sync.   Could I just purchase another cert for the internal url or will I pretty much end up with the same issue as the self signed one?
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 5

Accepted Solution

by:
LLMorrisson earned 500 total points
ID: 34873307
Ideally you should be using a SAN certificate (aka a UCC). This is a cert that lets you list multiple names in the same cert. You cna get these from godaddy too, although they are a little more expensive than the regular certs unfortunately.
0
 

Author Comment

by:BlueGoose
ID: 34873623
I think we will go the UCC route.......any ideas on what I should choose during the creating of the cert on the Exchange 2010 server...we will be using it for active sync, owa, internal email...so many choices, not sure which ones to choose
0
 
LVL 5

Expert Comment

by:LLMorrisson
ID: 34874001
You can use the tool built into exchange 2010 to tell you want SANs you need in your cert. Goto the Server Configuration node in the EMC and click on New Exchange Certificate. During the wizard there is an opportunity to tell it what services you want to protect with the cert and it will fetch all your current service URLs as part of that process. You can then use that info for your SAN cert order.
0
 

Author Closing Comment

by:BlueGoose
ID: 34874331
Thanks!
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now