Solved

SSL Certificat Mismatch

Posted on 2011-03-10
8
930 Views
Last Modified: 2013-01-15
I am getting the follow error

Testing the SSL certificate to make sure it's valid.
  The SSL certificate failed one or more certificate validation checks.
   Test Steps
   Validating the certificate name.
  Certificate name validation failed.
   Tell me more about this issue and how to resolve it
   Additional Details
  Host name mail.domainname.org doesn't match any name found on the server certificate CN=SERVERNAME.
 
 How can I resolve this issue
 
0
Comment
Question by:rsilver24
8 Comments
 
LVL 10

Expert Comment

by:cjrmail2k
ID: 35096368
Is this a new certificate? Did you match it to your domain DNS name? What version of exchange are you using?
0
 

Author Comment

by:rsilver24
ID: 35097734
No it is not a new certification.  I am running Exchange 2010 and I am not sure how to check to see if it is matched to DNS name
0
 
LVL 10

Expert Comment

by:cjrmail2k
ID: 35098370
if you run iis on the cas you should be able to right-click on the default site and click properties/security and check certificate
0
 
LVL 8

Accepted Solution

by:
praveenkumare_sp earned 500 total points
ID: 35103133
Hi rsilver24:

Go to EMC click on server config > in the middle plane u would see a certificate

if u see  many double click on the one that says IIS as one of its service

Once the certificate opens click on details tab and under Subject alternative name field see whether do u see FQDN of the server  if not follow the steps below to solve ur issue  

In the below lines i have explained how to change the Internal url  such that u dont need to have CAS FQDN in the certificate


follow the below kb and change the urls 940726

http://support.microsoft.com/kb/940726
"Security warning when you start Outlook 2007 and then connect to a mailbox that is hosted on a server that is running Exchange Server 2007 or Exchange Server 2010: "The name of the security certificate is invalid or does not match the name of the site""


In short this is what u have to do(taken for ur reference from url)



To resolve this issue, modify the URLs for the appropriate Exchange 2007 components. To do this, follow these steps:
1.      Start the Exchange Management Shell.
2.      Modify the Autodiscover URL in the Service Connection Point. The Service Connection Point is stored in the Active Directory directory service. To modify this URL, type the following command, and then press ENTER:
Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUri https://mail.contoso.com/autodiscover/autodiscover.xml
3.      Modify the InternalUrl attribute of the EWS. To do this, type the following command, and then press ENTER:
Set-WebServicesVirtualDirectory -Identity "CAS_Server_Name\EWS (Default Web Site)" -InternalUrl https://mail.contoso.com/ews/exchange.asmx
4.      Modify the InternalUrl attribute for Web-based Offline Address Book distribution. To do this, type the following command, and then press ENTER:
Set-OABVirtualDirectory -Identity "CAS_Server_name\oab (Default Web Site)" -InternalUrl https://mail.contoso.com/oab
5.      Modify the InternalUrl attribute of the UM Web service. To do this, type the following command, and then press ENTER:
Set-UMVirtualDirectory -Identity "CAS_Server_Name\unifiedmessaging (Default Web Site)" -InternalUrl https://mail.contoso.com/unifiedmessaging/service.asmx
Note This command is required only in an Exchange 2007 environment. This command no longer exists in an Exchange 2010 environment. Instead, the WebServices URL is used for this purpose.
6.      Open IIS Manager.
7.      Expand the local computer, and then expand Application Pools.
8.      Right-click MSExchangeAutodiscoverAppPool, and then click Recycle.
Important These steps assume that a host record exists in the DNS to map the FQDN that you specify to the IP address of the CAS server. For example, consider the following scenario:
•      The original internal URLs for the Exchange components point to the internal FQDN of the server. For example, one of these URLs points to the following:
https://ServerName.contoso.com/ews/exchange.asmx
•      The FQDN that is specified on the certificate points to the externally accessed host name of the server. For example, the certificate specifies an FQDN, such as "mail.contoso.com."
In this scenario, you must add a host record for the mail host name that is mapped to the internally accessed IP address of the CAS server to let internal clients access the server.

let me know if u have any queries
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:rsilver24
ID: 35127943
I went through these steps but it is still not working.  But something is not matching up.  I uninstalled the CAS from my backend server last week and reinstalled it on my frontend server.  When I ran the activesync test it tells me that the host name mail.hali88.org doesn't match any name found on the server certificate CN=Haliserv2 (this is my backend server) and no longer my CAS.  
0
 

Author Comment

by:rsilver24
ID: 35129500
Hi any update on this issue?
0
 

Author Comment

by:rsilver24
ID: 35148209
Hello can someone please help with this issue?
0
 
LVL 2

Expert Comment

by:anuragshankar
ID: 37383642
Do you have a Internal Host(A) entry in the DNS. Remove it and then check.
0

Featured Post

The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now