Go Premium for a chance to win a PS4. Enter to Win


Error SSL certificat prompt in Outlook - Exchange 2010

Posted on 2011-09-19
Medium Priority
Last Modified: 2012-05-12
Hello everyone,

I encountered a problem with SSL certificat.

I've just bought a SAN SSL certificate to protect all my external domain.
But I have now a prompt in my local domain on Outlook saying my certificate is note valide for this URL.
My Outlook client in local are connected to the Exchange server (srv-exchange.masociete.net).
Does I abligatory need to add the name of my Exchange server in the SAN ssl certificate or is there a workeround to use the generated certificate just for OWA, ActiveSync and Outlook Anywhere connection ?

Thanks in advance for your answers.

Question by:dbrenot
  • 5
  • 2
LVL 27

Expert Comment

ID: 36559412
you should have these names in your certificate
1. mail.external-domain-name.com

Please check this

Author Comment

ID: 36559426
thanks but the problem is my internal domain name was created with windows NT 4 and is like masociete.net and I've not bought the domain masociete.net.

Could I change the internal URL used by Outlook client to connect to Exchange ?

Author Comment

ID: 36559463
Could I use the command line get-clientaccessserver | fl *uri* and set-clientaccessserver -AutoDiscoverServiceInternalUri to change the URL to point to the URL in my certificate ?

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

LVL 27

Accepted Solution

MAS earned 2000 total points
ID: 36559557
Here is the full commands

[PS] C:\Documents and Settings\Administrator.UICDOMAIN>Get-clientAccessServer | fl Name,AutoDiscoverServiceInternalUri

Name                           : HUB1
AutoDiscoverServiceInternalUri : https://hub1.domain.com/Autodiscover/Autodiscover.xml
Set-ClientAccessServer -Identity hub1 -AutoDiscoverServiceInternalUri "https://mail.domain.com/autodiscover/autodiscover.xml"

[PS] C:\Documents and Settings\Administrator.UICDOMAIN>Get-AutodiscoverVirtualDirectory | fl Name,internalurl,externalurl

Name        : Autodiscover (Default Web Site)
InternalUrl :
ExternalUrl :

Offline Address Book

[PS] C:\Documents and Settings\Administrator.UICDOMAIN>Get-OabVirtualDirectory |  fl Server,Name,internalurl,externalurl

Server      : HUB1
Name        : OAB (Default Web Site)
InternalUrl : http://hub1.domain.com/OAB ExternalUrl :

Set-OabVirtualDirectory -Identity "hub1\oab (default web site)" -InternalUrl https://mail.domain.com/oab -ExternalUrl https://mail.domain.com/oab

[PS] C:\Documents and Settings\Administrator.UICDOMAIN>Get-UMVirtualDirectory | fl Name,Server,Internalurl,externalurl

Name        : UnifiedMessaging (Default Web Site)
Server      : HUB1
InternalUrl : https://hub1.domain.com/UnifiedMessaging/Service.asmx
ExternalUrl :

set-UMVirtualDirectory -Identity "hub1\UnifiedMessaging (Default Web Site)" -InternalUrl https://mail.domain.com/UnifiedMessaging/Service.asmx -ExternalUrl https://mail.domain.com/UnifiedMessaging/Service.asmx

[PS] C:\Documents and Settings\Administrator.UICDOMAIN>Get-WebServicesVirtualDir
ectory | fl name,internalurl,externalurl

Name        : EWS (Default Web Site)
InternalUrl : https://hub1.domain.com/EWS/Exchange.asmx
ExternalUrl :

set-WebservicesVirtualDirectory -Identity "hub1\EWS (default web site)" -InternalUrl https://mail.domain.com/EWS/Exchange.asmx -ExternalUrl https://mail.domain.com/EWS/Exchange.asmx


LVL 14

Expert Comment

ID: 36559561
you can do this from the EMC, give exchange 2007/2010.
You should indeed set your internal URLS to the same as the External, and have all the right internal dns records to resolve these.
LVL 27

Expert Comment

ID: 36559579

Change domain.com it to your external domain name.
LVL 27

Expert Comment

ID: 36559589
you make both internal and external the same
LVL 27

Expert Comment

ID: 36559608
Apart from that Why you keep windows NT,
Install windows2003/2008 server and promote it a domain controller and transfer all  FSMO roles.

Then change the DNS IP in the exchange server and restart and run command  'setup.com /prepareAD'


Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
Eseutil Hard Recovery is part of exchange tool and ensures Exchange mailbox data recovery when mailbox gets corrupt due to some problem on Exchange server.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question