Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1385
  • Last Modified:

Exchange 2007 Certificate SAN mismatch

Exchange 07, on sbs2008

Best Practice Analyzer states

The subject alternative name (SAN) of SSL certificate for https:mail.seainc.net/autodiscover/autdiscover.xml does not appear to match the host address. Host address: Mail.seainc.com. Current SAN: DNS Name=Seainc.com, DNS Name=remote.seainc.com, DNS Name=SEADC.seainc.local

our remote mail is at mail.seainc.com/remote, and I get a certificate error saying it's actually "remote.server.com"

How do I correct the certificate?

I type in get-exchangecertificate and it gives me 5 or so thumbs that all but 1 point to remote.seainc.net

How do I point it all too mail.seainc.com
0
JHULBE1
Asked:
JHULBE1
  • 9
  • 5
1 Solution
 
e_aravindCommented:
The subject alternative name (SAN) of SSL certificate for https:mail.seainc.net/autodiscover/autdiscover.xml does not appear to match the host address.

>> What are the other SAN entries you have on this cert.
do you have the CAS servers FQDN name listed in the SAN values?
0
 
AkhaterCommented:
Run Internet Address Management wizard and specify mail.doamin.com instead of remote.doamin.com

reboot when you are done that should do it


Get-DistributionGroup "groupName" | fl Name, AcceptMessagesOnlyFrom
0
 
JHULBE1Author Commented:
I just ran the wizard, and am rebooting, we'll see what happens.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
JHULBE1Author Commented:
Now mail.seainc.net/remote does nothing
0
 
AkhaterCommented:
even internally ? are all services up ? any relevant error in the evnt log ?
0
 
JHULBE1Author Commented:
I re-configured it to remote.seainc.net to see if it would come back up. It does work internally.
0
 
JHULBE1Author Commented:
still down externally
0
 
AkhaterCommented:
if it works internally it shouldn't be exchange


do you have port 443 forwarded to the ip address of your exchange server ?


any erros in event log ?
0
 
JHULBE1Author Commented:
Looks like vpn is down now. I get pass the firewall, and see "allow in eth0 myipaddress port 1723" but It fails to connect
0
 
AkhaterCommented:
can't see how this could happen !

check the event log...

0
 
JHULBE1Author Commented:
Event log had some generic distributedCOM errors in application.

Don't really see anything worth mentioning in event log
0
 
JHULBE1Author Commented:
Terminal services is littered with Event IDs400


The Terminal Services Gateway (TS Gateway) server must be available on the network and the appropriate services must be running on the TS Gateway server. The Terminal Services connection authorization policy (TS CAP) and Terminal Services resource authorization policy (TS RAP) stores must also be available, so that these policies can be evaluated to determine whether remote clients meet policy requirements. TS CAPs specify who can connect to a TS Gateway server. TS RAPs specify the internal network resources (computers) that clients can connect to through a TS Gateway server. If TS CAPs and TS RAPs are not available, the TS Gateway server will not be available for client connections.
0
 
JHULBE1Author Commented:
I reloaded a configuration of my watchgaurd firewall before I started having any issues. Checked the A-records with my domain host. Rebooted, and waited 20-30 minutes before anything.

Seems to be corrected. Thanks!
0
 
JHULBE1Author Commented:
Thanks
0
 
AkhaterCommented:
Thanks for the update and for the points
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 9
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now