Solved

There is a problem with the proxy server's security certicate. The name on the security certificate is invalid or does not match the name of the target site mail.domain.com.

Posted on 2011-03-17
5
12,415 Views
Last Modified: 2012-05-11
We have a Server 2003 terminal server that is using Outlook 2010 to connect to Exchange 2010.  We are using an SSL wildcard certificate.  I recently upgraded Exchange from 2003 to 2010 when I noticed some Outlook users on the terminal server were getting "Server unavailable" when opening Outlook.  It was resolved by reconfiguring the profile.

I recently rebooted the terminal server and now when anyone opens Outlook, it will give the error message:

"There is a problem with the proxy server's security certicate. The name on the security certificate is invalid or does not match the name of the target site mail.domain.com.

Outlook is unable to connect to the proxy server. (Error Code 0)"

When I attempt to reconfigure the profile, with autodiscover or manually, I am prompted to authenticate.  Even though I am using the correct credentials, it does not log in after several trires.  When I hit cancel, I get the message:

"Outlook cannot log on.  Verify you are connected to the network and are using the proper server and mailbox name.  The connection to Microsoft Exchange is unavaliable.  Outlook must be online or connected to complete this action."

This MS article desribes pretty well what is happening.  

http://support.microsoft.com/kb/923575

I follow the resolution and go to https://serverip/rpc, I see "Mismatched address" where the lock would be in the browser confirming I have a secure connection.  I click on View Certificates and am presented with my wilcard certificate.  I install it into root store as directed.

Unfortunately, this does not resolve my problem.  Can anyone suggest where I can go from here to resolve this?

I found another article that explains some of the mechanics behind what's going on with this process, but I'm not entirely sure if it is the answer to my specific problem.

http://www.windowsitpro.com/article/certificates/troubleshooting-an-autodiscover-certificate-error.aspx
0
Comment
Question by:LCGS-Corp
  • 2
  • 2
5 Comments
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35163704
If the terminal server is internal then outlook should be using TCP/IP and not HTTP to connect to exchange can you confirm? Start outlook with /rpcdiag to check

Another thing to test would be to go into the Outlook HTTP settings and Untick the "only connect to servers with this principal name in their cert" ensure authentication is basic and then test again.
0
 
LVL 11

Expert Comment

by:Tasmant
ID: 35164996
"mail.domain.com" is the external name used for owa i assume.
you have a certificate with a subject name "*.domain.com" ?
is the name of your active directory forest is "domain.com" or "domain.other" ?
because if this is the second case, the name of the certificate will always mismatch.
instead using wildcard certificate, you should use a SAN (subject alternate name) in your certificate and include the FQDN of your exchange 2010 server. "server.domain.other"
instead adding the certificate of your web server into the trusted root store, you should import in the trusted root store the public key certificate of the certification authority which delivered the certificate.
unless this is a self signed certificate, in this case the certificate hasn't CA.
0
 

Accepted Solution

by:
LCGS-Corp earned 0 total points
ID: 35171808
This problem had nothing to do with Exchange.  It was about time.  After I rebooted the server I noticed an error in the logs stating that the time between the client and server was skewed.  I have the PDC using navy time for NTP.  All the clients on the network sync time with the PDC.  I double checked and all clients had the same time as the PDC.  Then I checked the time on my VMware ESXi 4 server where the Exchange VM is.   It was not configured for NTP and was about 10 minutes off.  I entered the navy server in the NTP settings for VMware and rebooted Exchange.  No more error.. now all Outlook clients can connect to Exchange.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35171951
Thanks for the solution
0
 

Author Closing Comment

by:LCGS-Corp
ID: 35205031
"Please state your reason for accepting your own comment as the solution?".. I'm not sure what else I can say here other than 'because it was the right answer'
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Large Outlook files lead to various unwanted errors and corruption issues. Furthermore, large outlook files can also make Outlook take longer to start-up, search, navigate, and shut-down. So, In this article, i will discuss a method to make your Out…
In this step by step procedure, you will come to know the details of creating an Outlook meeting in 2007, 2010, 2013 & 2016.
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

837 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question