Link to home
Start Free TrialLog in
Avatar of gruen33
gruen33Flag for Afghanistan

asked on

Outlook Security Warning

I am having a problem with users running Outlook 2007 and trying to send email though Port 587 using TLS.  I think the problem is on the server.  In the Exchange Shell screenshot below you will see the CN name as "SERVER" and then you will see the correct CN name below it.  If you look at the details of the error that Outlook is giving, you will see the "Issued To" also states "SERVER" but should be the FQDN.  Any suggestions on what looks wrong here?  Thanks. User generated imageOutlook-Cert-Error-Message.gif
Certificate-Error---Wrong-CN-Nam.gif
Avatar of Suliman Abu Kharroub
Suliman Abu Kharroub
Flag of Jordan image

from MMC, copy this certificate from personal store to trusted root certificates.
Avatar of gruen33

ASKER

Thanks Suliman.  I tried copying both items to the Trusted Root Certification Authorities >Certificates folder.  Still having the same issue.  I am attaching a screenshot of the MMC.  Please let me know if you have any other ideas.  Thanks. User generated image
From EMC, go to server configurations and from action panel use the "assign services to certificate" wizard to assigned the correct certificate (Godaddy) to outlook anywhere ( rpc/https) service.
Avatar of gruen33

ASKER

SulimanW, I do not see that option in Exchange 2007.  I have researched that option and I see where that is done in 2010.  Any thought on how to do this in 2007?  Thanks, it appears we may be on the right track.
In exchange 2007, you can do it using powershell:

Enable-ExchangeCertificate -Services:"SMTP" -thumprint "thumprint"

where services one of these values :Pop,SMTP,IIS, IMAP, None, federation.

You can find the thumprint from certificate details. but make sure to remove spaces.
also "Get-ExchangeCertificate" will show you thumprints.
Avatar of gruen33

ASKER

Thanks.  I did do this and was asked if I wanted to overwrite the Existing Default SMTP Certificate and I chose YES.  I am assuming that the S under Services refers to SMTP.  The old valude still exists along with the new value.  Below is a screenshot.  How do I remove the old Thumbprint that shows CN=SERVER?  Thanks- User generated image
You can safely delete the certificate, but as backup just export it from MMC console to somewhere safe. then delete it. You may need to restart exchange services.
Avatar of gruen33

ASKER

Well that error is gone but I have a new one.  Outlook is configured for SMTP Port 587 with TLS.  The error is in the screenshot when testing the send functionality.  Thanks, I really appreciate you helping me out on this. User generated image
Do you have latest updates installed on outlook and exchange ?
Avatar of gruen33

ASKER

I performed the steps you gave above by exporting the Certificate that had the Thumbprint associated with CN=SERVER and then deleting it via MMC.  I restarted the server and now there is only one certificate showing up in MMC which should be correct.  OWA Certificate works just fine, still not working with SMTP.  Is there a method where I have to "Bind" it somewhere, like to the local IP address.  Yes, all updates are current for both Exchange 2007 and Outlook 2007.  Below is a screenshot of the Cert via Shell.  Thanks- User generated image
Avatar of gruen33

ASKER

FYI:  I can send just fine with encryption setting as "None".  I would rather not do that though.
ASKER CERTIFIED SOLUTION
Avatar of Suliman Abu Kharroub
Suliman Abu Kharroub
Flag of Jordan image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of gruen33

ASKER

Thanks, I read that.  Still no luck.  It doesn't make sense that I can send using Port 587 using authentication without TLS or SSL selected.  Testing with either TLS or SSL seleced gives me the error I posted earlier "Your server does not support the connection encryption type you have specified".  I'm stumped.  I will keep researching.  If you come up with another idea please let me know.  Thanks for all the work you have put into this for me.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Glad to hear that..
Avatar of gruen33

ASKER

Sulimanw pointed me in the right direction on serveral responses.  After digging a bit while using his responses I was able to find the solution.