Link to home
Start Free TrialLog in
Avatar of Trihimbulus
Trihimbulus

asked on

Exchange 2010 Self Sign Cert popping up and other issue

I recently migrated from Exchange 2003 to 2010 and am having a couple of strange issues.

1) I did (correctly) install a GoDaddy UCC SSL Cert but when any (internal) Outlook 2007 or 2010 clients connect, I get a Security Alert dialog box that says the name on the security certificate is invalid- and is a self-signed cert for my Exchange server. I did assign the correct services to my UCC public cert, and removed the self-signed cert from my Exchange server. How do I go about resolving this issue?

Additionally, my Outlook clients receive an error while attempting to download the OAB. I did move this over from the old Ex2003 server and when I noticed it still wasnt downloading, I recreated it and made sure to path to the new OAB on the Mailbox Store properties. How do I go about fixing this as well??
Avatar of LLMorrisson
LLMorrisson
Flag of United States of America image

Have you checked your internal service URLs are set correctly as per your cert etc? Check this article which discusses this issue.

https://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_3704-Troubleshooting-Outlook-Certificate-Errors.html

With regards to the OAB error received by your clients, what is the actual error?

Have you checked the event log for any specific messages relating to the OAB?

Avatar of Glen Knight
doesn't sound like you completed the wizard for the Exchange Certificate with the correct names in it?
Avatar of Trihimbulus
Trihimbulus

ASKER

Yes Dematz - you are correct. For some reasone one of the domain names listed is www.mail.mycompany.com but I went through the certificate import directions to a T and didn't see this listed. By chance, did enableing this for all services (specifically IIS) add this to the cert? How do I fix this?
It will add this automatically if there is a spare SAN/UCC in the 5 domain list.

Does the name you are seeing on the error message appear on the certificate?

You should have at a minimum the following names:

owa.domainname.com (the URL used for Outlook Web Access)
autodiscover.domainname.com (where domainname.com is the part after the @ in your email address)
servername.domainname.local (the internal fully qualified domain name of your server)
Ok - so I should have added the internal name of my Exchange Server when setting up the UCC Cert with godaddy? Isn't that bad to let the world know what that name is? Also, we hit OWA via mail.mycompany.com.
ASKER CERTIFIED SOLUTION
Avatar of LLMorrisson
LLMorrisson
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
You mind if I ask what was in that last solution that i hadn't already offered?