Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Multiple subdomains giving "The name of the security certificate is invalid or does not match the name of the site"  for using Outlook Anywhere

Posted on 2011-03-21
16
Medium Priority
?
522 Views
Last Modified: 2012-05-11
Dear experts,

after going over all related questions in this site and others; as well as going over all related MS support articles I could find I have no other option then to post the question myself.

Environment is Exchange 2007 (1 CAS and 1 CCR Cluster), AD is mixed 2003/2008
Clients are all Outlook 2007 or higher

We are using a countryspecific subdomain for emails so that customers can easely find out to which country/site they are mailing.

EMail adrresses are @countrycode.company.com with each of the having @company.com as secondary address.

The certificate is hence registered to mail.company.com

Whenever clients that have @countrycode.company.com connect to Outlook Anywhere they get the annoying popup saying  "The name of the security certificate is invalid or does not match the name of the site"  since it is looking for autodisover.COUNTRYCODE.company.com

There is too many countries to include them all into one certificate

Any resolutions please ?

Thanks
0
Comment
Question by:ulensr
  • 9
  • 7
16 Comments
 
LVL 49

Accepted Solution

by:
Akhater earned 2000 total points
ID: 35180994
Yep basically the idea is to

1. add autodiscover.company.com to your SAN certificate
2. delete autodiscover.countrycode.domain.com for all countries
3. in each country create an SRV record so that

Service: _autodiscover
Protocol: _tcp
Name: Keep it empty
Port Number: 443
Host: autodiscover.domain.com
0
 

Author Comment

by:ulensr
ID: 35181196
Hi,

there is only one autodiscover left (company.com), SAN cert does have autodiscover.company.com

The SRV records do we do them internally or on ISP level ?

Kind regards
0
 
LVL 49

Expert Comment

by:Akhater
ID: 35181261
srv records should be created in your external DNS

however if there is no autodisover.COUNTRYCODE.company.com in your external DNS you should not get the error you pointed to above.

are you sure the error says autodisover.COUNTRYCODE.company.com ?
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 

Author Comment

by:ulensr
ID: 35181328
Yes, very sure ... :)

We have registered mail. autodiscover. but no countrycode.

These DO exist for MX records but that shouldn't be an issue I believe

However, I have just tried to add that record but the ISP does says it needs to be _autodiscover._tcp.something so we registered _autodiscover._tcp.company.com but still it pops up
0
 
LVL 49

Expert Comment

by:Akhater
ID: 35181386
are you having the pop up internaly or externally ?
0
 

Author Comment

by:ulensr
ID: 35181581
Externally
0
 

Author Comment

by:ulensr
ID: 35181588
And if we put @company.com as primary address this doesn't happen but we need to have countrycode.company.com as reply address

0
 
LVL 49

Expert Comment

by:Akhater
ID: 35181882
nop there is somehting wrong

from external if you run

nslookup autodiscover.country.domain.com

what is the answer
0
 

Author Comment

by:ulensr
ID: 35182033
Non-authoritative answer:
Name:    autodiscover.company.com
Address:  xx.xxx.xx.xx

IP is correct (same as mail.)
0
 
LVL 49

Expert Comment

by:Akhater
ID: 35182148
this was autodiscover.company.com my question was about autodiscover.COUNTRY.company.com
0
 

Author Comment

by:ulensr
ID: 35182293
Non-authoritative answer:
Name:    autodiscover.countrycode.company.com
Address:  xx.xxx.xx.xx

IP is correct (same as mail.)

Same IP as the main on
0
 
LVL 49

Expert Comment

by:Akhater
ID: 35182324
that's what  i told you first these should be removed from dns
0
 

Author Comment

by:ulensr
ID: 35182397
they do not exist but mx records exist pointing to mail.company.com
0
 
LVL 49

Expert Comment

by:Akhater
ID: 35182445
how they don't not exist the nslookup is saying they do
0
 

Author Comment

by:ulensr
ID: 35187900
Ok I found the cause for that , there was a *.company.com which we now removed

non-existing domain is what we get now when doing nslookup on autodiscover.countrycode.company.com

That did the trick indeed, the popup is now gone so your first solution is correct :)
0
 

Author Closing Comment

by:ulensr
ID: 35187908
Important is to look that no wildcard DNS entries exist
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question