Exchange 2010 SSL/Cert question - local Outlook issue

Posted on 2011-10-03
Last Modified: 2012-08-05
We have deployed an Exchange 2010 server in our existing Exchange 2003 Organization.  A while back, we changed our company name.  Our domain is old.local, however our new public domain is  I have a single Exchange Server with HT, CAS, and MB roles.  All health checks/etc are good.  I installed a cert for to enable active sync and OWA.

When we moved a couple guinea pigs last week, Outlook began throwing up errors due to the cert not correlating to the local netbios name of the server.  The cert is for however the internal server's name is mail.old.local.  I followed the info here and made these changes, while of course making the names accurate:

    Set-ClientAccessServer -Identity "mbx1" –AutodiscoverServiceInternalURI https://nlb.nwtraders.msft/autodiscover/autodiscover.xml

    Set-WebServicesVirtualDirectory -Identity "mbx1\EWS (Default Web Site)" –InternalUrl  https://nlb.nwtraders.msft/EWS/Exchange.asmx

    Set-OABVirtualDirectory -Identity “mbx1\OAB (Default Web Site)” -InternalURL https://nlb.nwtraders.msft/OAB

     Enable-OutlookAnywhere -Server mbx1 -ExternalHostname “nlb.nwtraders.msft” -ClientAuthenticationMethod “NTLM”

    Set-ActiveSyncVirtualDirectory -Identity “mbx1\Microsoft-Server-ActiveSync (Default Web Site)” -InternalURL https://nlb.nwtraders.msft/Microsoft-Server-Activesync

Plenty of hell ensued.  We had users unable to email internally, and weird things happening like the famous "Sent emails hanging in drafts" folders.  The only way we were able to fix things was to:

1.  Uninstall the Cert to remove the Outlook cert warnings/etc.
2.  Rerun the commands above and setting everything back to how Exchange initially configured itself.

I obviously need to deploy an SSL cert soon, however a secondary CAS server just for Active Sync/OWA isn't an option.  How can I configure the 2010 server so:

1.  External clients access
2.  Internal clients via Outlook access mail.old.local and don't receive the cert warning

Thank you for any assistance!  
Question by:wylde342
    LVL 7

    Expert Comment


    You need to put new url name in new created certificate.

    Accepted Solution


    Not sure if you missed it, but that's exactly what I did.  The problem is the url does not correlate to the internal netbios name, hence the Outlook security warnings.  The certificate was for, however Outlook was connecting to mail.old.local, hence the warnings.

    Author Closing Comment

    solved on my own

    Featured Post

    How does your email signature look on mobiles?

    Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

    Join & Write a Comment

    Learn more about how the humble email signature can be used as more than just an electronic business card. When used correctly, a signature can easily be tailored for different purposes by different departments within an organization.
    Use email signature images to promote corporate certifications and industry awards.
    In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
    This video discusses moving either the default database or any database to a new volume.

    730 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now