Link to home
Create AccountLog in
Avatar of CNEAdmin
CNEAdminFlag for United States of America

asked on

Exchange 2010 Auto Discover/SSL issue

I have a new Exchange 2010 SP1 server that is a clean installation and no migration. When users open Outlook they receive a message "The name of the security certificate is invalid or does not match the name of the site." I have tried to manually import the certificate into the local Cert store of the pc's (Trusted Root Cert Auth.) I am using a self-signed certificate. The local domain is domainname.local and the external domain is domainname.com I have followed the directions for Microsoft KB940726 and it has not resolved the issue. From EMC I run the command Test-OutlookWebServices -Identity username@domainname.com or username@domainname.local and all tests pass except for the following output on the second line. If anyone has any additional ideas on how to handle this I would be greatly appreciated. Thanks!

RunspaceId : ac95f22b-69bb-4066-9157-60bc90d336b3
Id         : 1004
Type       : Error
Message    : The certificate for the URL https://mail.domainname.com/autodiscover/autodiscover.xml is incorrect. For SS
             L to work, the certificate needs to have a subject of mail.domainname.com, instead the subject found is ma
             in. Consider correcting service discovery, or installing a correct SSL certificate.
Avatar of Akhater
Akhater
Flag of Lebanon image

simply because you are using the self signed certificate that contains servername.domain.local and you set your urls to be mail.domain.com how are you expecting it to work ?

why don't you buy a certificate they are very cheap
http://www.shudnow.net/2007/08/10/outlook-2007-certificate-error/

This article has helped me resolve this issue with 2007 and 2010.
ASKER CERTIFIED SOLUTION
Avatar of praveenkumare_sp
praveenkumare_sp
Flag of India image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
You don´t have to buy a certificate, but this is the easy way to get this working.

The other way is to install a Certificate Autority and make your domain computers trust the certificate that you generate in your CA.

To buy a certificate you can visit godaddy.com or digicert.com

Regards.
Avatar of CNEAdmin

ASKER

I followed the article posted by acox65807 from shudnow.net and received the following alert

************************************************************************************************
Enable-OutlookAnywhere -Server main -ExternalHostname “mail.domainname.com” -ClientAuthenticationMethod “Basic”-

SSLOffloading:$False

The virtual directory 'Rpc' already exists under 'main.domainname.local/Default Web Site'.
Parameter name: VirtualDirectoryName
    + CategoryInfo          : InvalidArgument: (MAIN\Rpc (Default Web Site):ADObjectId) [Enable-OutlookAnywhere], Argu
   mentException
    + FullyQualifiedErrorId : 78C0EE63,Microsoft.Exchange.Management.SystemConfigurationTasks.EnableRpcHttp
************************************************************************************************

All other commands processed correctly, yet the certificate alerts still prompts when starting Outlook. I understand that certificates are inexpensive but why does Microsoft make this an issue. Shouldn't it be that you can use a self-signed certificate on your own server without going through so much hassle?
once u have this certificate created you will have to push that certificate using a Group policy on all the client machines on the trusted root store to avoid getting cert prompt
I manually added this to one of the pc's as a test and it has not made a difference. I added it to the physical store-computer-trusted root certification authorities.
praveenkumar

I did some research on your suggestion as it may work but the commands you sent generate a certificate, but where is the cert coming from? A Microsoft article I found shows this as a mulitple step process. Request cert, generate cert, assign cert.

http://technet.microsoft.com/en-us/library/aa998327.aspx

Is this the article you pulled the information from and if so did you use your command without the other steps?
Praveenkumar has the solution. I have created a new certificate and the alert changes to

"The security certificate was issued by a company you have not trusted"

Once I add the certificate to the local computer trusted certs no more alert.

Great forum!! Thanks again.
good that ur issue is solved