Solved

Error SSL certificat prompt in Outlook - Exchange 2010

Posted on 2011-09-19
8
360 Views
Last Modified: 2012-05-12
Hello everyone,

I encountered a problem with SSL certificat.

I've just bought a SAN SSL certificate to protect all my external domain.
But I have now a prompt in my local domain on Outlook saying my certificate is note valide for this URL.
My Outlook client in local are connected to the Exchange server (srv-exchange.masociete.net).
Does I abligatory need to add the name of my Exchange server in the SAN ssl certificate or is there a workeround to use the generated certificate just for OWA, ActiveSync and Outlook Anywhere connection ?

Thanks in advance for your answers.

Damien
0
Comment
Question by:dbrenot
  • 5
  • 2
8 Comments
 
LVL 25

Expert Comment

by:-MAS
ID: 36559412
you should have these names in your certificate
1. mail.external-domain-name.com
2.autodiscover.domain.com
3.exch-servername.domain.com

Please check this
http://exchangeserverpro.com/configure-an-ssl-certificate-for-exchange-server-2010
http://technet.microsoft.com/en-us/library/dd351044.aspx
0
 

Author Comment

by:dbrenot
ID: 36559426
thanks but the problem is my internal domain name was created with windows NT 4 and is like masociete.net and I've not bought the domain masociete.net.

Could I change the internal URL used by Outlook client to connect to Exchange ?
0
 

Author Comment

by:dbrenot
ID: 36559463
Could I use the command line get-clientaccessserver | fl *uri* and set-clientaccessserver -AutoDiscoverServiceInternalUri to change the URL to point to the URL in my certificate ?

0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 25

Accepted Solution

by:
-MAS earned 500 total points
ID: 36559557
Here is the full commands

[PS] C:\Documents and Settings\Administrator.UICDOMAIN>Get-clientAccessServer | fl Name,AutoDiscoverServiceInternalUri

Name                           : HUB1
AutoDiscoverServiceInternalUri : https://hub1.domain.com/Autodiscover/Autodiscover.xml
Set-ClientAccessServer -Identity hub1 -AutoDiscoverServiceInternalUri "https://mail.domain.com/autodiscover/autodiscover.xml"
================================================================================

[PS] C:\Documents and Settings\Administrator.UICDOMAIN>Get-AutodiscoverVirtualDirectory | fl Name,internalurl,externalurl

Name        : Autodiscover (Default Web Site)
InternalUrl :
ExternalUrl :

================================================================================
Offline Address Book

[PS] C:\Documents and Settings\Administrator.UICDOMAIN>Get-OabVirtualDirectory |  fl Server,Name,internalurl,externalurl

Server      : HUB1
Name        : OAB (Default Web Site)
InternalUrl : http://hub1.domain.com/OAB ExternalUrl :

Set-OabVirtualDirectory -Identity "hub1\oab (default web site)" -InternalUrl https://mail.domain.com/oab -ExternalUrl https://mail.domain.com/oab
================================================================================

[PS] C:\Documents and Settings\Administrator.UICDOMAIN>Get-UMVirtualDirectory | fl Name,Server,Internalurl,externalurl

Name        : UnifiedMessaging (Default Web Site)
Server      : HUB1
InternalUrl : https://hub1.domain.com/UnifiedMessaging/Service.asmx
ExternalUrl :

set-UMVirtualDirectory -Identity "hub1\UnifiedMessaging (Default Web Site)" -InternalUrl https://mail.domain.com/UnifiedMessaging/Service.asmx -ExternalUrl https://mail.domain.com/UnifiedMessaging/Service.asmx

============================================================================================
EWS:
[PS] C:\Documents and Settings\Administrator.UICDOMAIN>Get-WebServicesVirtualDir
ectory | fl name,internalurl,externalurl

Name        : EWS (Default Web Site)
InternalUrl : https://hub1.domain.com/EWS/Exchange.asmx
ExternalUrl :

set-WebservicesVirtualDirectory -Identity "hub1\EWS (default web site)" -InternalUrl https://mail.domain.com/EWS/Exchange.asmx -ExternalUrl https://mail.domain.com/EWS/Exchange.asmx

===============================================================================

0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 36559561
you can do this from the EMC, give exchange 2007/2010.
You should indeed set your internal URLS to the same as the External, and have all the right internal dns records to resolve these.
0
 
LVL 25

Expert Comment

by:-MAS
ID: 36559579

Change domain.com it to your external domain name.
0
 
LVL 25

Expert Comment

by:-MAS
ID: 36559589
you make both internal and external the same
0
 
LVL 25

Expert Comment

by:-MAS
ID: 36559608
Apart from that Why you keep windows NT,
Install windows2003/2008 server and promote it a domain controller and transfer all  FSMO roles.

Then change the DNS IP in the exchange server and restart and run command  'setup.com /prepareAD'

Cheers
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
how to add IIS SMTP to handle application/Scanner relays into office 365.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question