• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 345
  • Last Modified:

Outlook 2010 \ Exchange 2010 Security Alert Message

Experts,

Need your help! We just added 2010 Exchange and now getting Security Alerts on clients with Outlook 2010. How do we fixed this? Do we need a cert? Or can this be fixed without one?

Outlook 2010 Alert Message
0
occredit
Asked:
occredit
  • 5
  • 5
1 Solution
 
Alan HardistyCo-OwnerCommented:
This is certificate related and you would be best advised to buy one.  You will need a SAN / UCC (Multi-Name) SSL Cert (minimum 5 names) and you will need to include the following names in the Certificate:

mail.externaldomain.com (or whatever you choose to use)
autodiscover.externaldomain.com
internalservername.internaldomain.local
internalservername

Once installed, the errors will go away and things like Activesync / OWA will be happy and won't complain one little bit.

GoDaddy are about the cheapest.

Alan
0
 
occreditAuthor Commented:
Will a CSR required? Also, how do we install the cert? Our CAS server is windows 2008 R2.
0
 
Alan HardistyCo-OwnerCommented:
Yes - you need to generate a CSR for Exchange to be able to order a certificate.  Run the Wizard in the Exchange Management Console> Server Configuration and make sure you end up with all the names I have suggested at the end of the wizard before you proceed.

Then copy / paste the contents of the CSR into your SSL Cert site, wait for them to approve the cert, download it and then import / enable the certificate using the Exchange Management Shell using these commands:

Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\PathToCertificate\IssuedCert.cer -Encoding byte -ReadCount 0))

Get-ExchangeCertificate

Copy / paste the Thumbprint from the cert you installed above and replace the Thumbprint in the command below

Enable-ExchangeCertificate -Thumbprint 5113ae0233a72fccb75b1d0198628675333d010e -Services POP,IMAP,SMTP,IIS

Job done - sit back and enjoy a Certificate Error Free life (until Cert renewal time)!!
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
warddhoogheCommented:
If you dont have budget for it, you can also install (trust) the probably self signed certificate on the client:
http://support.microsoft.com/kb/2006728/en-us
0
 
occreditAuthor Commented:
Thanks for the prompt replies and suggestions. Once we get the Cert, we'll give it a try.
0
 
Alan HardistyCo-OwnerCommented:
No probs - here if you need me.
0
 
occreditAuthor Commented:
Question on the CSR. The wizard only allow one domain name (common name) how do we generate for multiple domains?
0
 
occreditAuthor Commented:
I meant mutiple names.
0
 
Alan HardistyCo-OwnerCommented:
You don't need to generate one for multiple domain names.

You can host multiple domain names with Exchange with just a 5-name SSL certificate and have everything work happily.

Setup an Autodiscover A record for your Primary Domain name (or an SRV record pointing to a name in your SSL cert e.g., mail.domaina.com) and then setup an SRV record for all the other domain names and point the SRV record to mail.domaina.com and there won't be any complaints.  I do this myself and it works like a charm :)
0
 
occreditAuthor Commented:
Got a Multiple Domain (UCC) SSL up to 5 domains from Go Daddy and it worked!

Thanks for the help.
0
 
Alan HardistyCo-OwnerCommented:
Excellent - thanks for the points.

Alan
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now