Solved

Multiple subdomains giving "The name of the security certificate is invalid or does not match the name of the site"  for using Outlook Anywhere

Posted on 2011-03-21
16
517 Views
Last Modified: 2012-05-11
Dear experts,

after going over all related questions in this site and others; as well as going over all related MS support articles I could find I have no other option then to post the question myself.

Environment is Exchange 2007 (1 CAS and 1 CCR Cluster), AD is mixed 2003/2008
Clients are all Outlook 2007 or higher

We are using a countryspecific subdomain for emails so that customers can easely find out to which country/site they are mailing.

EMail adrresses are @countrycode.company.com with each of the having @company.com as secondary address.

The certificate is hence registered to mail.company.com

Whenever clients that have @countrycode.company.com connect to Outlook Anywhere they get the annoying popup saying  "The name of the security certificate is invalid or does not match the name of the site"  since it is looking for autodisover.COUNTRYCODE.company.com

There is too many countries to include them all into one certificate

Any resolutions please ?

Thanks
0
Comment
Question by:ulensr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 7
16 Comments
 
LVL 49

Accepted Solution

by:
Akhater earned 500 total points
ID: 35180994
Yep basically the idea is to

1. add autodiscover.company.com to your SAN certificate
2. delete autodiscover.countrycode.domain.com for all countries
3. in each country create an SRV record so that

Service: _autodiscover
Protocol: _tcp
Name: Keep it empty
Port Number: 443
Host: autodiscover.domain.com
0
 

Author Comment

by:ulensr
ID: 35181196
Hi,

there is only one autodiscover left (company.com), SAN cert does have autodiscover.company.com

The SRV records do we do them internally or on ISP level ?

Kind regards
0
 
LVL 49

Expert Comment

by:Akhater
ID: 35181261
srv records should be created in your external DNS

however if there is no autodisover.COUNTRYCODE.company.com in your external DNS you should not get the error you pointed to above.

are you sure the error says autodisover.COUNTRYCODE.company.com ?
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 

Author Comment

by:ulensr
ID: 35181328
Yes, very sure ... :)

We have registered mail. autodiscover. but no countrycode.

These DO exist for MX records but that shouldn't be an issue I believe

However, I have just tried to add that record but the ISP does says it needs to be _autodiscover._tcp.something so we registered _autodiscover._tcp.company.com but still it pops up
0
 
LVL 49

Expert Comment

by:Akhater
ID: 35181386
are you having the pop up internaly or externally ?
0
 

Author Comment

by:ulensr
ID: 35181581
Externally
0
 

Author Comment

by:ulensr
ID: 35181588
And if we put @company.com as primary address this doesn't happen but we need to have countrycode.company.com as reply address

0
 
LVL 49

Expert Comment

by:Akhater
ID: 35181882
nop there is somehting wrong

from external if you run

nslookup autodiscover.country.domain.com

what is the answer
0
 

Author Comment

by:ulensr
ID: 35182033
Non-authoritative answer:
Name:    autodiscover.company.com
Address:  xx.xxx.xx.xx

IP is correct (same as mail.)
0
 
LVL 49

Expert Comment

by:Akhater
ID: 35182148
this was autodiscover.company.com my question was about autodiscover.COUNTRY.company.com
0
 

Author Comment

by:ulensr
ID: 35182293
Non-authoritative answer:
Name:    autodiscover.countrycode.company.com
Address:  xx.xxx.xx.xx

IP is correct (same as mail.)

Same IP as the main on
0
 
LVL 49

Expert Comment

by:Akhater
ID: 35182324
that's what  i told you first these should be removed from dns
0
 

Author Comment

by:ulensr
ID: 35182397
they do not exist but mx records exist pointing to mail.company.com
0
 
LVL 49

Expert Comment

by:Akhater
ID: 35182445
how they don't not exist the nslookup is saying they do
0
 

Author Comment

by:ulensr
ID: 35187900
Ok I found the cause for that , there was a *.company.com which we now removed

non-existing domain is what we get now when doing nslookup on autodiscover.countrycode.company.com

That did the trick indeed, the popup is now gone so your first solution is correct :)
0
 

Author Closing Comment

by:ulensr
ID: 35187908
Important is to look that no wildcard DNS entries exist
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
In-place Upgrading Dirsync to Azure AD Connect
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question