Solved

Exchange 2007 Certificate SAN mismatch

Posted on 2011-03-21
15
1,371 Views
Last Modified: 2012-08-13
Exchange 07, on sbs2008

Best Practice Analyzer states

The subject alternative name (SAN) of SSL certificate for https:mail.seainc.net/autodiscover/autdiscover.xml does not appear to match the host address. Host address: Mail.seainc.com. Current SAN: DNS Name=Seainc.com, DNS Name=remote.seainc.com, DNS Name=SEADC.seainc.local

our remote mail is at mail.seainc.com/remote, and I get a certificate error saying it's actually "remote.server.com"

How do I correct the certificate?

I type in get-exchangecertificate and it gives me 5 or so thumbs that all but 1 point to remote.seainc.net

How do I point it all too mail.seainc.com
0
Comment
Question by:JHULBE1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 5
15 Comments
 
LVL 26

Expert Comment

by:e_aravind
ID: 35186809
The subject alternative name (SAN) of SSL certificate for https:mail.seainc.net/autodiscover/autdiscover.xml does not appear to match the host address.

>> What are the other SAN entries you have on this cert.
do you have the CAS servers FQDN name listed in the SAN values?
0
 
LVL 49

Accepted Solution

by:
Akhater earned 500 total points
ID: 35188615
Run Internet Address Management wizard and specify mail.doamin.com instead of remote.doamin.com

reboot when you are done that should do it


Get-DistributionGroup "groupName" | fl Name, AcceptMessagesOnlyFrom
0
 

Author Comment

by:JHULBE1
ID: 35211191
I just ran the wizard, and am rebooting, we'll see what happens.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 

Author Comment

by:JHULBE1
ID: 35211305
Now mail.seainc.net/remote does nothing
0
 
LVL 49

Expert Comment

by:Akhater
ID: 35211349
even internally ? are all services up ? any relevant error in the evnt log ?
0
 

Author Comment

by:JHULBE1
ID: 35211587
I re-configured it to remote.seainc.net to see if it would come back up. It does work internally.
0
 

Author Comment

by:JHULBE1
ID: 35211615
still down externally
0
 
LVL 49

Expert Comment

by:Akhater
ID: 35211626
if it works internally it shouldn't be exchange


do you have port 443 forwarded to the ip address of your exchange server ?


any erros in event log ?
0
 

Author Comment

by:JHULBE1
ID: 35211637
Looks like vpn is down now. I get pass the firewall, and see "allow in eth0 myipaddress port 1723" but It fails to connect
0
 
LVL 49

Expert Comment

by:Akhater
ID: 35211646
can't see how this could happen !

check the event log...

0
 

Author Comment

by:JHULBE1
ID: 35211735
Event log had some generic distributedCOM errors in application.

Don't really see anything worth mentioning in event log
0
 

Author Comment

by:JHULBE1
ID: 35211757
Terminal services is littered with Event IDs400


The Terminal Services Gateway (TS Gateway) server must be available on the network and the appropriate services must be running on the TS Gateway server. The Terminal Services connection authorization policy (TS CAP) and Terminal Services resource authorization policy (TS RAP) stores must also be available, so that these policies can be evaluated to determine whether remote clients meet policy requirements. TS CAPs specify who can connect to a TS Gateway server. TS RAPs specify the internal network resources (computers) that clients can connect to through a TS Gateway server. If TS CAPs and TS RAPs are not available, the TS Gateway server will not be available for client connections.
0
 

Author Comment

by:JHULBE1
ID: 35211908
I reloaded a configuration of my watchgaurd firewall before I started having any issues. Checked the A-records with my domain host. Rebooted, and waited 20-30 minutes before anything.

Seems to be corrected. Thanks!
0
 

Author Closing Comment

by:JHULBE1
ID: 35211913
Thanks
0
 
LVL 49

Expert Comment

by:Akhater
ID: 35213137
Thanks for the update and for the points
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Course of the Month10 days, 23 hours left to enroll

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question