CNEAdmin
asked on
Exchange 2010 Auto Discover/SSL issue
I have a new Exchange 2010 SP1 server that is a clean installation and no migration. When users open Outlook they receive a message "The name of the security certificate is invalid or does not match the name of the site." I have tried to manually import the certificate into the local Cert store of the pc's (Trusted Root Cert Auth.) I am using a self-signed certificate. The local domain is domainname.local and the external domain is domainname.com I have followed the directions for Microsoft KB940726 and it has not resolved the issue. From EMC I run the command Test-OutlookWebServices -Identity username@domainname.com or username@domainname.local and all tests pass except for the following output on the second line. If anyone has any additional ideas on how to handle this I would be greatly appreciated. Thanks!
RunspaceId : ac95f22b-69bb-4066-9157-60 bc90d336b3
Id : 1004
Type : Error
Message : The certificate for the URL https://mail.domainname.com/autodiscover/autodiscover.xml is incorrect. For SS
L to work, the certificate needs to have a subject of mail.domainname.com, instead the subject found is ma
in. Consider correcting service discovery, or installing a correct SSL certificate.
RunspaceId : ac95f22b-69bb-4066-9157-60
Id : 1004
Type : Error
Message : The certificate for the URL https://mail.domainname.com/autodiscover/autodiscover.xml is incorrect. For SS
L to work, the certificate needs to have a subject of mail.domainname.com, instead the subject found is ma
in. Consider correcting service discovery, or installing a correct SSL certificate.
http://www.shudnow.net/2007/08/10/outlook-2007-certificate-error/
This article has helped me resolve this issue with 2007 and 2010.
This article has helped me resolve this issue with 2007 and 2010.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
You don´t have to buy a certificate, but this is the easy way to get this working.
The other way is to install a Certificate Autority and make your domain computers trust the certificate that you generate in your CA.
To buy a certificate you can visit godaddy.com or digicert.com
Regards.
The other way is to install a Certificate Autority and make your domain computers trust the certificate that you generate in your CA.
To buy a certificate you can visit godaddy.com or digicert.com
Regards.
ASKER
I followed the article posted by acox65807 from shudnow.net and received the following alert
************************** ********** ********** ********** ********** ********** ********** **********
Enable-OutlookAnywhere -Server main -ExternalHostname “mail.domainname.com” -ClientAuthenticationMetho d “Basic”-
SSLOffloading:$False
The virtual directory 'Rpc' already exists under 'main.domainname.local/Def ault Web Site'.
Parameter name: VirtualDirectoryName
+ CategoryInfo : InvalidArgument: (MAIN\Rpc (Default Web Site):ADObjectId) [Enable-OutlookAnywhere], Argu
mentException
+ FullyQualifiedErrorId : 78C0EE63,Microsoft.Exchang e.Manageme nt.SystemC onfigurati onTasks.En ableRpcHtt p
************************** ********** ********** ********** ********** ********** ********** **********
All other commands processed correctly, yet the certificate alerts still prompts when starting Outlook. I understand that certificates are inexpensive but why does Microsoft make this an issue. Shouldn't it be that you can use a self-signed certificate on your own server without going through so much hassle?
**************************
Enable-OutlookAnywhere -Server main -ExternalHostname “mail.domainname.com” -ClientAuthenticationMetho
SSLOffloading:$False
The virtual directory 'Rpc' already exists under 'main.domainname.local/Def
Parameter name: VirtualDirectoryName
+ CategoryInfo : InvalidArgument: (MAIN\Rpc (Default Web Site):ADObjectId) [Enable-OutlookAnywhere], Argu
mentException
+ FullyQualifiedErrorId : 78C0EE63,Microsoft.Exchang
**************************
All other commands processed correctly, yet the certificate alerts still prompts when starting Outlook. I understand that certificates are inexpensive but why does Microsoft make this an issue. Shouldn't it be that you can use a self-signed certificate on your own server without going through so much hassle?
once u have this certificate created you will have to push that certificate using a Group policy on all the client machines on the trusted root store to avoid getting cert prompt
ASKER
I manually added this to one of the pc's as a test and it has not made a difference. I added it to the physical store-computer-trusted root certification authorities.
ASKER
praveenkumar
I did some research on your suggestion as it may work but the commands you sent generate a certificate, but where is the cert coming from? A Microsoft article I found shows this as a mulitple step process. Request cert, generate cert, assign cert.
http://technet.microsoft.com/en-us/library/aa998327.aspx
Is this the article you pulled the information from and if so did you use your command without the other steps?
I did some research on your suggestion as it may work but the commands you sent generate a certificate, but where is the cert coming from? A Microsoft article I found shows this as a mulitple step process. Request cert, generate cert, assign cert.
http://technet.microsoft.com/en-us/library/aa998327.aspx
Is this the article you pulled the information from and if so did you use your command without the other steps?
ASKER
Praveenkumar has the solution. I have created a new certificate and the alert changes to
"The security certificate was issued by a company you have not trusted"
Once I add the certificate to the local computer trusted certs no more alert.
Great forum!! Thanks again.
"The security certificate was issued by a company you have not trusted"
Once I add the certificate to the local computer trusted certs no more alert.
Great forum!! Thanks again.
good that ur issue is solved
why don't you buy a certificate they are very cheap