Outlook 2010 \ Exchange 2010 Security Alert Message

Experts,

Need your help! We just added 2010 Exchange and now getting Security Alerts on clients with Outlook 2010. How do we fixed this? Do we need a cert? Or can this be fixed without one?

Outlook 2010 Alert Message
occreditAsked:
Who is Participating?
 
Alan HardistyCo-OwnerCommented:
This is certificate related and you would be best advised to buy one.  You will need a SAN / UCC (Multi-Name) SSL Cert (minimum 5 names) and you will need to include the following names in the Certificate:

mail.externaldomain.com (or whatever you choose to use)
autodiscover.externaldomain.com
internalservername.internaldomain.local
internalservername

Once installed, the errors will go away and things like Activesync / OWA will be happy and won't complain one little bit.

GoDaddy are about the cheapest.

Alan
0
 
occreditAuthor Commented:
Will a CSR required? Also, how do we install the cert? Our CAS server is windows 2008 R2.
0
 
Alan HardistyCo-OwnerCommented:
Yes - you need to generate a CSR for Exchange to be able to order a certificate.  Run the Wizard in the Exchange Management Console> Server Configuration and make sure you end up with all the names I have suggested at the end of the wizard before you proceed.

Then copy / paste the contents of the CSR into your SSL Cert site, wait for them to approve the cert, download it and then import / enable the certificate using the Exchange Management Shell using these commands:

Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\PathToCertificate\IssuedCert.cer -Encoding byte -ReadCount 0))

Get-ExchangeCertificate

Copy / paste the Thumbprint from the cert you installed above and replace the Thumbprint in the command below

Enable-ExchangeCertificate -Thumbprint 5113ae0233a72fccb75b1d0198628675333d010e -Services POP,IMAP,SMTP,IIS

Job done - sit back and enjoy a Certificate Error Free life (until Cert renewal time)!!
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
warddhoogheCommented:
If you dont have budget for it, you can also install (trust) the probably self signed certificate on the client:
http://support.microsoft.com/kb/2006728/en-us
0
 
occreditAuthor Commented:
Thanks for the prompt replies and suggestions. Once we get the Cert, we'll give it a try.
0
 
Alan HardistyCo-OwnerCommented:
No probs - here if you need me.
0
 
occreditAuthor Commented:
Question on the CSR. The wizard only allow one domain name (common name) how do we generate for multiple domains?
0
 
occreditAuthor Commented:
I meant mutiple names.
0
 
Alan HardistyCo-OwnerCommented:
You don't need to generate one for multiple domain names.

You can host multiple domain names with Exchange with just a 5-name SSL certificate and have everything work happily.

Setup an Autodiscover A record for your Primary Domain name (or an SRV record pointing to a name in your SSL cert e.g., mail.domaina.com) and then setup an SRV record for all the other domain names and point the SRV record to mail.domaina.com and there won't be any complaints.  I do this myself and it works like a charm :)
0
 
occreditAuthor Commented:
Got a Multiple Domain (UCC) SSL up to 5 domains from Go Daddy and it worked!

Thanks for the help.
0
 
Alan HardistyCo-OwnerCommented:
Excellent - thanks for the points.

Alan
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.