Solved

Exchange 2010 Self Sign Cert popping up and other issue

Posted on 2011-02-15
8
855 Views
Last Modified: 2012-05-11
I recently migrated from Exchange 2003 to 2010 and am having a couple of strange issues.

1) I did (correctly) install a GoDaddy UCC SSL Cert but when any (internal) Outlook 2007 or 2010 clients connect, I get a Security Alert dialog box that says the name on the security certificate is invalid- and is a self-signed cert for my Exchange server. I did assign the correct services to my UCC public cert, and removed the self-signed cert from my Exchange server. How do I go about resolving this issue?

Additionally, my Outlook clients receive an error while attempting to download the OAB. I did move this over from the old Ex2003 server and when I noticed it still wasnt downloading, I recreated it and made sure to path to the new OAB on the Mailbox Store properties. How do I go about fixing this as well??
0
Comment
Question by:Trihimbulus
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 5

Expert Comment

by:LLMorrisson
ID: 34896533
Have you checked your internal service URLs are set correctly as per your cert etc? Check this article which discusses this issue.

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_3704-Troubleshooting-Outlook-Certificate-Errors.html

0
 
LVL 5

Expert Comment

by:LLMorrisson
ID: 34896588
With regards to the OAB error received by your clients, what is the actual error?

Have you checked the event log for any specific messages relating to the OAB?

0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 34897374
doesn't sound like you completed the wizard for the Exchange Certificate with the correct names in it?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Trihimbulus
ID: 34897633
Yes Dematz - you are correct. For some reasone one of the domain names listed is www.mail.mycompany.com but I went through the certificate import directions to a T and didn't see this listed. By chance, did enableing this for all services (specifically IIS) add this to the cert? How do I fix this?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 34897647
It will add this automatically if there is a spare SAN/UCC in the 5 domain list.

Does the name you are seeing on the error message appear on the certificate?

You should have at a minimum the following names:

owa.domainname.com (the URL used for Outlook Web Access)
autodiscover.domainname.com (where domainname.com is the part after the @ in your email address)
servername.domainname.local (the internal fully qualified domain name of your server)
0
 

Author Comment

by:Trihimbulus
ID: 34898236
Ok - so I should have added the internal name of my Exchange Server when setting up the UCC Cert with godaddy? Isn't that bad to let the world know what that name is? Also, we hit OWA via mail.mycompany.com.
0
 
LVL 5

Accepted Solution

by:
LLMorrisson earned 500 total points
ID: 34898625
Adding your local computer name to the UCC is a common way, but it is not necessary if you prefer not to. You just need an internally resolvable namepointing to your client acces server and need to change your internal service URLs to match this name, and to the names in your cert. So long as that all matches up, it will still work and you can leave the real internal server names out of the certificate.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35010980
You mind if I ask what was in that last solution that i hadn't already offered?
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
how to add IIS SMTP to handle application/Scanner relays into office 365.

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question