Outlook 2010 Reports The name of the security certificate is invalid or does not match the name of the site Connecting to Exchange 2007

I have a UCC AAA certificate with a different FQDN name than the Netbios name of the server.  Recently I got a "The name of the security certificate is invalid or does not match the name of the site" when outlook 2010 clients start up on the internal LAN.  Yes, Ive read http://support.microsoft.com/kb/940726 and http://www.shudnow.net/2007/08/10/outlook-2007-certificate-error/    Im having problem with the exchange management shell accepting the command.  Here is exactly what im typing (with edit to the names)
Set-ClientAccessServer -Identity “ServerNetBIosName” -AutodiscoverServiceInternalUri https://ServerNetBiosName.company.com/autodiscover/autodiscover.xml 
* Note i for netbios name its a single name and does not include the .company.local, in this example the netbios name is webmail

This fails for all the commands shown in the articles.  The error is:
Set-ClientAccessServer : The operation could not be performed because object 'w
ebmail' could not be found on domain controller 'xxx.company.local'.
At line:1 char:23

I can ping the name webmail, webmail.company.com and use IE to nav to it with the \oab and \ews suffixes.  There is a DNS a record for webmail.  HELP!
PlatinumITSAsked:
Who is Participating?
 
Hendrik WieseConnect With a Mentor Information Security ManagerCommented:
Sorry this is the correct one:

Set-ClientAccessServer -Identity "triad-mail" –AutodiscoverServiceInternalURI https://webmail.triadgate.com/autodiscover/autodiscover.xml

Open in new window

0
 
Hendrik WieseInformation Security ManagerCommented:
So you are running the following?:

Set-ClientAccessServer -Identity "webmail" –AutodiscoverServiceInternalURI https://webmail.company.local/autodiscover/autodiscover.xml 

Open in new window


If that is the case, do the following: (Assuming that you have more than one domain controller and the DNS name was configured on another domain controller)
1. Connect to your domain controller specified above xxx.company.local and ensure that the DNS name has replicated to this domain controller.

Hope this helps!!!
0
 
PlatinumITSAuthor Commented:
I have 2 domain controllers, both run DNS and cross replicate and both can ping that name and both show the A record in DNS and can resolve it, as can the mail server.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
Hendrik WieseInformation Security ManagerCommented:
Just to be sure, your server called webmail does host your CAS server role?
0
 
PlatinumITSAuthor Commented:
Its not the real server netbios name, its just an a record that points at the server, and yes, its the only mail server.                                                                                                                  
0
 
Hendrik WieseInformation Security ManagerCommented:
try running the script without the weird inverted commas: ““

Copy the code below and try to run it:
Set-ClientAccessServer -Identity "webmail" –AutodiscoverServiceInternalURI https://webmail.company.local/autodiscover/autodiscover.xml

Open in new window


0
 
PlatinumITSAuthor Commented:
Same error. By the way, they are not commas, they are quotes.  I think i was able to use the internal FQDN previously, such as webmail.company.local rather than just webmail    Does it matter?  

Can someone do a Get-ClientAccessServer -Identity CASServer | FL  and report back the values for AUTODISCOVERSERVICECN and AUTODISCOVERSERVICEINTERNALURI   I need to know if they match and if they are FQDN or single netbios name.
0
 
Hendrik WieseInformation Security ManagerCommented:
If you do a Get-ClientAccessServer

AutoDiscoverServiceCN returns only the HOSTNAME
AutoDiscoverServiceInternalUri returns https://exchange.domain.co.za/autodiscover/autodiscover.xml

Hope this helps!!!

PS: With regards to commas / quotes (You know what I mean!!!)
0
 
PlatinumITSAuthor Commented:
My hostname is the server name (mismatch with the certificate name) thought the URI value is correct.
0
 
Hendrik WieseInformation Security ManagerCommented:
Just to test Change the URI to your external URL and see if you still get the issue.
0
 
PlatinumITSAuthor Commented:
ok, testing....
0
 
PlatinumITSAuthor Commented:
Im sorry, it is already set to the outside FQDN.
0
 
Hendrik WieseInformation Security ManagerCommented:
So it is set to:

Set-ClientAccessServer -Identity "webmail" –AutodiscoverServiceInternalURI https://webmail.company.com/autodiscover/autodiscover.xml

Is has to be the URL that the error is about. If the certificate error refers to your server name then you would have to ensure that the correct services is assigned to the NON self signed certificate.

When you go to EMS > Server Configuration and look at the certificate status, what does it say?
0
 
PlatinumITSAuthor Commented:
See image, no
snap.JPG
0
 
Hendrik WieseInformation Security ManagerCommented:
When you go to EMS > Server Configuration and look at the certificate status on the CAS box, what does it say?
0
 
PlatinumITSAuthor Commented:
Be more specific.  The Management console or the management shell.  And where exactly or what exact command.
0
 
Hendrik WieseInformation Security ManagerCommented:
Sorry Exchange Management Console
0
 
PlatinumITSAuthor Commented:
where?
0
 
PlatinumITSAuthor Commented:
see image
snap2.JPG
0
 
PlatinumITSAuthor Commented:
Any ideas?
0
 
Hendrik WieseInformation Security ManagerCommented:
Try the following:

Set-ClientAccessServer -Identity "triad-mail" –AutodiscoverServiceInternalURI https://webmail.company.local/autodiscover/autodiscover.xml

Open in new window

0
 
PlatinumITSAuthor Commented:
I had to set all three per that article.  Also my default website is OWA, not Default Web Site...So it worked.thanks.
0
 
PlatinumITSAuthor Commented:
Thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.