Solved

Exchange 2010/Outlook 2007 Certificate warning

Posted on 2011-02-11
8
658 Views
Last Modified: 2012-05-11
Exchange 2010 is very new to me so forgive me if I sound naive in some of my questioning.  

We have 2 Exchange Servers in our organization, a 2003 and a 2010 Exchange Server.  All the Roles for  2010 are on 1 server.

In order to get Active Sync working we purchased a Certificate from GoDaddy.  Active Sync is working on the new server.......it was issued to the name we use for our external URL.  The internal URL is the same name as the Exchange 2010 server.

While active sync work fine, whenever Outlook 2007 opens a mailbox that resides on the Exchange 2010 Server it gets the warning certificate message that is well known where the last option "The name on the security certificate is invalid or does not match the name of the site"   The internal URL was not included when we created this certificate.

This morning I created a new cert for the internal url...without thinking I assigned it IIS services...well this made the cert warning message go away but also broke active sync.  Removed the IIS services from the new cert and active sync worked fine.


So basically all to say how do I make the certificate warning message stop when my internal users open Outlook 2007 without breaking active sync?

Thanks and sorry to sound naive...trying to understand as I go


0
Comment
Question by:BlueGoose
  • 4
  • 3
8 Comments
 
LVL 5

Expert Comment

by:LLMorrisson
ID: 34872750
If you don't have a SAN cert, you'll need to change the internal service URL that is used for communication between Exchange and Outlook so it matches the name in the cert to make it stop complaining. You obviously need to make sure this address is resolvable internally too before you do it, otherwise that will break it too.
0
 
LVL 5

Expert Comment

by:LLMorrisson
ID: 34872782
0
 
LVL 26

Expert Comment

by:jar3817
ID: 34872940
How about you set internal outlook clients to connect vi MAPI rather than HTTPS? Or are they laptops that are internal sometimes and external other times?

Really the best thing to do would be to use the same domain name internally and externally. That might require you run split dns, it all depends on your setup.
0
 

Author Comment

by:BlueGoose
ID: 34873026
Internal clients are connecting by MAPI (verified by right clicking icon in tray and choosing Connection Status)

Short of having the internal and external urls's being the same is there other options?  Right now the only 3rd party cert we have is the GoDaddy on that is used for Active Sync.   Could I just purchase another cert for the internal url or will I pretty much end up with the same issue as the self signed one?
0
Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 
LVL 5

Accepted Solution

by:
LLMorrisson earned 500 total points
ID: 34873307
Ideally you should be using a SAN certificate (aka a UCC). This is a cert that lets you list multiple names in the same cert. You cna get these from godaddy too, although they are a little more expensive than the regular certs unfortunately.
0
 

Author Comment

by:BlueGoose
ID: 34873623
I think we will go the UCC route.......any ideas on what I should choose during the creating of the cert on the Exchange 2010 server...we will be using it for active sync, owa, internal email...so many choices, not sure which ones to choose
0
 
LVL 5

Expert Comment

by:LLMorrisson
ID: 34874001
You can use the tool built into exchange 2010 to tell you want SANs you need in your cert. Goto the Server Configuration node in the EMC and click on New Exchange Certificate. During the wizard there is an opportunity to tell it what services you want to protect with the cert and it will fetch all your current service URLs as part of that process. You can then use that info for your SAN cert order.
0
 

Author Closing Comment

by:BlueGoose
ID: 34874331
Thanks!
0

Featured Post

The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
how to add IIS SMTP to handle application/Scanner relays into office 365.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now