[Webinar] Streamline your web hosting managementRegister Today

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 305
  • Last Modified:

Exchange 2010 SSL/Cert question - local Outlook issue

We have deployed an Exchange 2010 server in our existing Exchange 2003 Organization.  A while back, we changed our company name.  Our domain is old.local, however our new public domain is new.net  I have a single Exchange Server with HT, CAS, and MB roles.  All health checks/etc are good.  I installed a cert for mail.new.net to enable active sync and OWA.

When we moved a couple guinea pigs last week, Outlook began throwing up errors due to the cert not correlating to the local netbios name of the server.  The cert is for mail.new.net however the internal server's name is mail.old.local.  I followed the info here http://blogs.technet.com/b/danielkenyon-smith/archive/2010/05/13/the-name-on-the-certificate-is-invalid-or-does-not-match-the-name-of-the-site-part-2.aspx and made these changes, while of course making the names accurate:

    Set-ClientAccessServer -Identity "mbx1" –AutodiscoverServiceInternalURI https://nlb.nwtraders.msft/autodiscover/autodiscover.xml

    Set-WebServicesVirtualDirectory -Identity "mbx1\EWS (Default Web Site)" –InternalUrl  https://nlb.nwtraders.msft/EWS/Exchange.asmx

    Set-OABVirtualDirectory -Identity “mbx1\OAB (Default Web Site)” -InternalURL https://nlb.nwtraders.msft/OAB

     Enable-OutlookAnywhere -Server mbx1 -ExternalHostname “nlb.nwtraders.msft” -ClientAuthenticationMethod “NTLM”

    Set-ActiveSyncVirtualDirectory -Identity “mbx1\Microsoft-Server-ActiveSync (Default Web Site)” -InternalURL https://nlb.nwtraders.msft/Microsoft-Server-Activesync

Plenty of hell ensued.  We had users unable to email internally, and weird things happening like the famous "Sent emails hanging in drafts" folders.  The only way we were able to fix things was to:

1.  Uninstall the Cert to remove the Outlook cert warnings/etc.
2.  Rerun the commands above and setting everything back to how Exchange initially configured itself.

I obviously need to deploy an SSL cert soon, however a secondary CAS server just for Active Sync/OWA isn't an option.  How can I configure the 2010 server so:

1.  External clients access mail.new.net
2.  Internal clients via Outlook access mail.old.local and don't receive the cert warning

Thank you for any assistance!  
  • 2
1 Solution

You need to put new url name mail.new.net in new created certificate.
wylde342Author Commented:

Not sure if you missed it, but that's exactly what I did.  The problem is the url does not correlate to the internal netbios name, hence the Outlook security warnings.  The certificate was for mail.new.net, however Outlook was connecting to mail.old.local, hence the warnings.
wylde342Author Commented:
solved on my own

Featured Post

Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now