Exchange 2010 autodiscover security certificate

We have been running Exchange 2010 for about a year with no trouble. All of the sudden when we open Outlook we get a Security Alert pop up stating the autodiscover.domain.com, the name on the security certificate is invalid or does not match the name of the site. Everything looks correct on the server, why is this happening and how do I fix it?  certificate-error.pdf
clifford_m71IT ManagerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Alan HardistyCo-OwnerCommented:
Is your SSL certificate a SAN / UCC (Multi-Name) SSL certificate with the following names included:

mail.externaldomain.com (or whichever FQDN you prefer to use)
autodiscover.externaldomain.com
internalservername.internamdomainname.local
internalservername

Without those names - you will get certificate errors.
0
AkhaterCommented:
Your certificate has expired in 2010 how can you say it was working ?

also how is it showing notyourdomain.com is this your certificate ?

0
clifford_m71IT ManagerAuthor Commented:
I should have mentioned, when I view the certificate it is absolutely not our domain. Our domain is registered with GoDaddy, the one that shows up with this error message is registered with Equifax.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

AkhaterCommented:
yes I noticed this thus my question....


are you having these warning internally or from outside the organization ?
0
Alan HardistyCo-OwnerCommented:
Where does autodiscover.domain.com point to ?  Does it point to your server?

Does your Firewall / Router use an SSL cert issued by Equifax?

Is your firewall grabbing port 443 for itself for remote management?
0
Vipin VasudevanInfrastructure SpecialistCommented:
try to get Exchange server certificate by runnning "Get-ExchangeCertificate |fl " on CAS server

Or on EMC go to Server configuration and check assigned certificate for IIS, SMTP and others as required.

Are getting the proper certificate on WEbaccess?

Is it happning from internal or externla access?
0
clifford_m71IT ManagerAuthor Commented:
Thanks for the reponses. I will try to answer all of your questions. As I had mentioned, this was all working great a couple of weeks ago.

The correct certificate is from GoDaddy and is a UCC/SAN certificate with all the correct names. The correct certificate is good until 2014, but somehow Outlook is not seeing that certificate anymore. The warnings are internal and are not really affecting anything. It is simply an annoyance having the error message pop up everytime you open outlook. Also, since Autodiscover does not work anymore, when I set up a new mailbox I have to manually enter the information on the client side. Web access is working fine with the correct cert and when I run Get-ExchangeCertificate |fl all looks good.

Our firewall does not use 443 for management and there is no cert attached to it.
0
Alan HardistyCo-OwnerCommented:
Do you have Autodiscover.domain.com configured in DNS externally?
0
AkhaterCommented:
you didn't answer my question are you having these warning internally or from outside the organization ?


also from a computer you are working on remove any proxy settings from IE and test again.


also from a computer giving this warning run nslookup autodiscover.yourdomain.com and make sure it returns the correct ip
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
clifford_m71IT ManagerAuthor Commented:
In my previous post I did state that the problem was internal. I said that because OWA is working fine and the only time I see the autodiscover error is when I am in Outlook on the local network. That being said, I did an nslookup and the reply was the server name and IP of our domain controller/dns server and the Non-Authoritative answer is the public IP of our website, not our exchange server. Our website is hosted offsite, our exchange server is internal.

Just a little more info. When I do an nslookup of mail.mydomain.com I get the server name and IP of our DC/DNS server and the internal IP of our Exchange Server.

Whenever I deal with DNS I get a headache.....I hope this means something to one of you.

Thanks!

0
Vipin VasudevanInfrastructure SpecialistCommented:
Do you have an autodiscover.<yourdomain.com> mapped to your CAS server?

as per your latest port, when you do nslookup to autodiscover.<yourdomain.com>, going to public IP of your website.

Do you have an entry for Autodiscover.<yourdomain.com> in public DNS ( Which may causing this issue)
0
AkhaterCommented:
well as a start you should point autodiscover.domain.com to your exchange 2010 server on your internal DNS also did you try to remove proxy settings from IE as I suggested ?
0
clifford_m71IT ManagerAuthor Commented:
Thank you gentlemen. I had never set up autodiscover externaly and never had a problem with it. All of my outlook 2010 clients seemed to be working fine but my 2007 couldn't use their Out Of Office Assistant. Now they can and I realize that's because of Autodiscover. Learn something new everyday! I can also see the online archive in 2007.

As far as to why we never had this certificate error before I do not know but now that I have configured autodiscover on both internal and external DNS the error is gone. I am awarding points to all of you because each pointed me in the right direction. Thank you.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.