• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 524
  • Last Modified:

Multiple subdomains giving "The name of the security certificate is invalid or does not match the name of the site" for using Outlook Anywhere

Dear experts,

after going over all related questions in this site and others; as well as going over all related MS support articles I could find I have no other option then to post the question myself.

Environment is Exchange 2007 (1 CAS and 1 CCR Cluster), AD is mixed 2003/2008
Clients are all Outlook 2007 or higher

We are using a countryspecific subdomain for emails so that customers can easely find out to which country/site they are mailing.

EMail adrresses are @countrycode.company.com with each of the having @company.com as secondary address.

The certificate is hence registered to mail.company.com

Whenever clients that have @countrycode.company.com connect to Outlook Anywhere they get the annoying popup saying  "The name of the security certificate is invalid or does not match the name of the site"  since it is looking for autodisover.COUNTRYCODE.company.com

There is too many countries to include them all into one certificate

Any resolutions please ?

Thanks
0
ulensr
Asked:
ulensr
  • 9
  • 7
1 Solution
 
AkhaterCommented:
Yep basically the idea is to

1. add autodiscover.company.com to your SAN certificate
2. delete autodiscover.countrycode.domain.com for all countries
3. in each country create an SRV record so that

Service: _autodiscover
Protocol: _tcp
Name: Keep it empty
Port Number: 443
Host: autodiscover.domain.com
0
 
ulensrAuthor Commented:
Hi,

there is only one autodiscover left (company.com), SAN cert does have autodiscover.company.com

The SRV records do we do them internally or on ISP level ?

Kind regards
0
 
AkhaterCommented:
srv records should be created in your external DNS

however if there is no autodisover.COUNTRYCODE.company.com in your external DNS you should not get the error you pointed to above.

are you sure the error says autodisover.COUNTRYCODE.company.com ?
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
ulensrAuthor Commented:
Yes, very sure ... :)

We have registered mail. autodiscover. but no countrycode.

These DO exist for MX records but that shouldn't be an issue I believe

However, I have just tried to add that record but the ISP does says it needs to be _autodiscover._tcp.something so we registered _autodiscover._tcp.company.com but still it pops up
0
 
AkhaterCommented:
are you having the pop up internaly or externally ?
0
 
ulensrAuthor Commented:
Externally
0
 
ulensrAuthor Commented:
And if we put @company.com as primary address this doesn't happen but we need to have countrycode.company.com as reply address

0
 
AkhaterCommented:
nop there is somehting wrong

from external if you run

nslookup autodiscover.country.domain.com

what is the answer
0
 
ulensrAuthor Commented:
Non-authoritative answer:
Name:    autodiscover.company.com
Address:  xx.xxx.xx.xx

IP is correct (same as mail.)
0
 
AkhaterCommented:
this was autodiscover.company.com my question was about autodiscover.COUNTRY.company.com
0
 
ulensrAuthor Commented:
Non-authoritative answer:
Name:    autodiscover.countrycode.company.com
Address:  xx.xxx.xx.xx

IP is correct (same as mail.)

Same IP as the main on
0
 
AkhaterCommented:
that's what  i told you first these should be removed from dns
0
 
ulensrAuthor Commented:
they do not exist but mx records exist pointing to mail.company.com
0
 
AkhaterCommented:
how they don't not exist the nslookup is saying they do
0
 
ulensrAuthor Commented:
Ok I found the cause for that , there was a *.company.com which we now removed

non-existing domain is what we get now when doing nslookup on autodiscover.countrycode.company.com

That did the trick indeed, the popup is now gone so your first solution is correct :)
0
 
ulensrAuthor Commented:
Important is to look that no wildcard DNS entries exist
0

Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

  • 9
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now