Improve company productivity with a Business Account.Sign Up

x
?
Solved

Outlook 2010 \ Exchange 2010 Security Alert Message

Posted on 2011-09-15
11
Medium Priority
?
347 Views
Last Modified: 2012-08-14
Experts,

Need your help! We just added 2010 Exchange and now getting Security Alerts on clients with Outlook 2010. How do we fixed this? Do we need a cert? Or can this be fixed without one?

Outlook 2010 Alert Message
0
Comment
Question by:occredit
  • 5
  • 5
11 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 2000 total points
ID: 36545717
This is certificate related and you would be best advised to buy one.  You will need a SAN / UCC (Multi-Name) SSL Cert (minimum 5 names) and you will need to include the following names in the Certificate:

mail.externaldomain.com (or whatever you choose to use)
autodiscover.externaldomain.com
internalservername.internaldomain.local
internalservername

Once installed, the errors will go away and things like Activesync / OWA will be happy and won't complain one little bit.

GoDaddy are about the cheapest.

Alan
0
 

Author Comment

by:occredit
ID: 36545747
Will a CSR required? Also, how do we install the cert? Our CAS server is windows 2008 R2.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36545786
Yes - you need to generate a CSR for Exchange to be able to order a certificate.  Run the Wizard in the Exchange Management Console> Server Configuration and make sure you end up with all the names I have suggested at the end of the wizard before you proceed.

Then copy / paste the contents of the CSR into your SSL Cert site, wait for them to approve the cert, download it and then import / enable the certificate using the Exchange Management Shell using these commands:

Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\PathToCertificate\IssuedCert.cer -Encoding byte -ReadCount 0))

Get-ExchangeCertificate

Copy / paste the Thumbprint from the cert you installed above and replace the Thumbprint in the command below

Enable-ExchangeCertificate -Thumbprint 5113ae0233a72fccb75b1d0198628675333d010e -Services POP,IMAP,SMTP,IIS

Job done - sit back and enjoy a Certificate Error Free life (until Cert renewal time)!!
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 5

Expert Comment

by:warddhooghe
ID: 36545811
If you dont have budget for it, you can also install (trust) the probably self signed certificate on the client:
http://support.microsoft.com/kb/2006728/en-us
0
 

Author Comment

by:occredit
ID: 36545843
Thanks for the prompt replies and suggestions. Once we get the Cert, we'll give it a try.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36545848
No probs - here if you need me.
0
 

Author Comment

by:occredit
ID: 36545937
Question on the CSR. The wizard only allow one domain name (common name) how do we generate for multiple domains?
0
 

Author Comment

by:occredit
ID: 36545956
I meant mutiple names.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36545981
You don't need to generate one for multiple domain names.

You can host multiple domain names with Exchange with just a 5-name SSL certificate and have everything work happily.

Setup an Autodiscover A record for your Primary Domain name (or an SRV record pointing to a name in your SSL cert e.g., mail.domaina.com) and then setup an SRV record for all the other domain names and point the SRV record to mail.domaina.com and there won't be any complaints.  I do this myself and it works like a charm :)
0
 

Author Closing Comment

by:occredit
ID: 36712045
Got a Multiple Domain (UCC) SSL up to 5 domains from Go Daddy and it worked!

Thanks for the help.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36712258
Excellent - thanks for the points.

Alan
0

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

This guide provides step by step instructions on how to convert an Offline(.ost) to a Personal file(.pst). A different situation occurs when a conversion of OST file to PST format is needed. Use the described manual methods and SysTools OST to PST C…
Exchange not receiving an external email in 2016/ 13/ 10 / 07 version can occur due to the various issues. Get complete information to fix Exchange Server not receiving external or outside Email messages in a Public Folder mailbox and Distribution G…
There may be issues when you are trying to access Outlook or send & receive emails or due to Outlook crash which leads to corrupt or damaged PST file. To eliminate the corruption from your PST file, you need to repair the corrupt Outlook PST file. U…
Watch the video to know how one can repair corrupt Exchange OST file effortlessly and convert OST emails to MS Outlook PST file format by using Kernel for OST to PST converter tool. It can convert OST to MSG, MBOX, EML to access them. It can migrate…

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question