Solved

Outlook 2010 \ Exchange 2010 Security Alert Message

Posted on 2011-09-15
11
338 Views
Last Modified: 2012-08-14
Experts,

Need your help! We just added 2010 Exchange and now getting Security Alerts on clients with Outlook 2010. How do we fixed this? Do we need a cert? Or can this be fixed without one?

Outlook 2010 Alert Message
0
Comment
Question by:occredit
  • 5
  • 5
11 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 36545717
This is certificate related and you would be best advised to buy one.  You will need a SAN / UCC (Multi-Name) SSL Cert (minimum 5 names) and you will need to include the following names in the Certificate:

mail.externaldomain.com (or whatever you choose to use)
autodiscover.externaldomain.com
internalservername.internaldomain.local
internalservername

Once installed, the errors will go away and things like Activesync / OWA will be happy and won't complain one little bit.

GoDaddy are about the cheapest.

Alan
0
 

Author Comment

by:occredit
ID: 36545747
Will a CSR required? Also, how do we install the cert? Our CAS server is windows 2008 R2.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36545786
Yes - you need to generate a CSR for Exchange to be able to order a certificate.  Run the Wizard in the Exchange Management Console> Server Configuration and make sure you end up with all the names I have suggested at the end of the wizard before you proceed.

Then copy / paste the contents of the CSR into your SSL Cert site, wait for them to approve the cert, download it and then import / enable the certificate using the Exchange Management Shell using these commands:

Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\PathToCertificate\IssuedCert.cer -Encoding byte -ReadCount 0))

Get-ExchangeCertificate

Copy / paste the Thumbprint from the cert you installed above and replace the Thumbprint in the command below

Enable-ExchangeCertificate -Thumbprint 5113ae0233a72fccb75b1d0198628675333d010e -Services POP,IMAP,SMTP,IIS

Job done - sit back and enjoy a Certificate Error Free life (until Cert renewal time)!!
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 5

Expert Comment

by:warddhooghe
ID: 36545811
If you dont have budget for it, you can also install (trust) the probably self signed certificate on the client:
http://support.microsoft.com/kb/2006728/en-us
0
 

Author Comment

by:occredit
ID: 36545843
Thanks for the prompt replies and suggestions. Once we get the Cert, we'll give it a try.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36545848
No probs - here if you need me.
0
 

Author Comment

by:occredit
ID: 36545937
Question on the CSR. The wizard only allow one domain name (common name) how do we generate for multiple domains?
0
 

Author Comment

by:occredit
ID: 36545956
I meant mutiple names.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36545981
You don't need to generate one for multiple domain names.

You can host multiple domain names with Exchange with just a 5-name SSL certificate and have everything work happily.

Setup an Autodiscover A record for your Primary Domain name (or an SRV record pointing to a name in your SSL cert e.g., mail.domaina.com) and then setup an SRV record for all the other domain names and point the SRV record to mail.domaina.com and there won't be any complaints.  I do this myself and it works like a charm :)
0
 

Author Closing Comment

by:occredit
ID: 36712045
Got a Multiple Domain (UCC) SSL up to 5 domains from Go Daddy and it worked!

Thanks for the help.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36712258
Excellent - thanks for the points.

Alan
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In this step by step procedure, you will come to know the details of creating an Outlook meeting in 2007, 2010, 2013 & 2016.
how to add IIS SMTP to handle application/Scanner relays into office 365.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question