[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Outlook 2010 Reports The name of the security certificate is invalid or does not match the name of the site Connecting to Exchange 2007

Posted on 2011-10-04
23
Medium Priority
?
807 Views
Last Modified: 2012-05-12
I have a UCC AAA certificate with a different FQDN name than the Netbios name of the server.  Recently I got a "The name of the security certificate is invalid or does not match the name of the site" when outlook 2010 clients start up on the internal LAN.  Yes, Ive read http://support.microsoft.com/kb/940726 and http://www.shudnow.net/2007/08/10/outlook-2007-certificate-error/    Im having problem with the exchange management shell accepting the command.  Here is exactly what im typing (with edit to the names)
Set-ClientAccessServer -Identity “ServerNetBIosName” -AutodiscoverServiceInternalUri https://ServerNetBiosName.company.com/autodiscover/autodiscover.xml 
* Note i for netbios name its a single name and does not include the .company.local, in this example the netbios name is webmail

This fails for all the commands shown in the articles.  The error is:
Set-ClientAccessServer : The operation could not be performed because object 'w
ebmail' could not be found on domain controller 'xxx.company.local'.
At line:1 char:23

I can ping the name webmail, webmail.company.com and use IE to nav to it with the \oab and \ews suffixes.  There is a DNS a record for webmail.  HELP!
0
Comment
Question by:PlatinumITS
  • 13
  • 10
23 Comments
 
LVL 21

Expert Comment

by:Hendrik Wiese
ID: 36914886
So you are running the following?:

Set-ClientAccessServer -Identity "webmail" –AutodiscoverServiceInternalURI https://webmail.company.local/autodiscover/autodiscover.xml 

Open in new window


If that is the case, do the following: (Assuming that you have more than one domain controller and the DNS name was configured on another domain controller)
1. Connect to your domain controller specified above xxx.company.local and ensure that the DNS name has replicated to this domain controller.

Hope this helps!!!
0
 

Author Comment

by:PlatinumITS
ID: 36914903
I have 2 domain controllers, both run DNS and cross replicate and both can ping that name and both show the A record in DNS and can resolve it, as can the mail server.
0
 
LVL 21

Expert Comment

by:Hendrik Wiese
ID: 36914922
Just to be sure, your server called webmail does host your CAS server role?
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 

Author Comment

by:PlatinumITS
ID: 36916567
Its not the real server netbios name, its just an a record that points at the server, and yes, its the only mail server.                                                                                                                  
0
 
LVL 21

Expert Comment

by:Hendrik Wiese
ID: 36916635
try running the script without the weird inverted commas: ““

Copy the code below and try to run it:
Set-ClientAccessServer -Identity "webmail" –AutodiscoverServiceInternalURI https://webmail.company.local/autodiscover/autodiscover.xml

Open in new window


0
 

Author Comment

by:PlatinumITS
ID: 36916720
Same error. By the way, they are not commas, they are quotes.  I think i was able to use the internal FQDN previously, such as webmail.company.local rather than just webmail    Does it matter?  

Can someone do a Get-ClientAccessServer -Identity CASServer | FL  and report back the values for AUTODISCOVERSERVICECN and AUTODISCOVERSERVICEINTERNALURI   I need to know if they match and if they are FQDN or single netbios name.
0
 
LVL 21

Expert Comment

by:Hendrik Wiese
ID: 36916759
If you do a Get-ClientAccessServer

AutoDiscoverServiceCN returns only the HOSTNAME
AutoDiscoverServiceInternalUri returns https://exchange.domain.co.za/autodiscover/autodiscover.xml

Hope this helps!!!

PS: With regards to commas / quotes (You know what I mean!!!)
0
 

Author Comment

by:PlatinumITS
ID: 36917084
My hostname is the server name (mismatch with the certificate name) thought the URI value is correct.
0
 
LVL 21

Expert Comment

by:Hendrik Wiese
ID: 36917153
Just to test Change the URI to your external URL and see if you still get the issue.
0
 

Author Comment

by:PlatinumITS
ID: 36917161
ok, testing....
0
 

Author Comment

by:PlatinumITS
ID: 36917185
Im sorry, it is already set to the outside FQDN.
0
 
LVL 21

Expert Comment

by:Hendrik Wiese
ID: 36917239
So it is set to:

Set-ClientAccessServer -Identity "webmail" –AutodiscoverServiceInternalURI https://webmail.company.com/autodiscover/autodiscover.xml

Is has to be the URL that the error is about. If the certificate error refers to your server name then you would have to ensure that the correct services is assigned to the NON self signed certificate.

When you go to EMS > Server Configuration and look at the certificate status, what does it say?
0
 

Author Comment

by:PlatinumITS
ID: 36917350
See image, no
snap.JPG
0
 
LVL 21

Expert Comment

by:Hendrik Wiese
ID: 36917406
When you go to EMS > Server Configuration and look at the certificate status on the CAS box, what does it say?
0
 

Author Comment

by:PlatinumITS
ID: 36917916
Be more specific.  The Management console or the management shell.  And where exactly or what exact command.
0
 
LVL 21

Expert Comment

by:Hendrik Wiese
ID: 36917958
Sorry Exchange Management Console
0
 

Author Comment

by:PlatinumITS
ID: 36917969
where?
0
 

Author Comment

by:PlatinumITS
ID: 36918010
see image
snap2.JPG
0
 

Author Comment

by:PlatinumITS
ID: 36926683
Any ideas?
0
 
LVL 21

Expert Comment

by:Hendrik Wiese
ID: 36929140
Try the following:

Set-ClientAccessServer -Identity "triad-mail" –AutodiscoverServiceInternalURI https://webmail.company.local/autodiscover/autodiscover.xml

Open in new window

0
 
LVL 21

Accepted Solution

by:
Hendrik Wiese earned 1500 total points
ID: 36929186
Sorry this is the correct one:

Set-ClientAccessServer -Identity "triad-mail" –AutodiscoverServiceInternalURI https://webmail.triadgate.com/autodiscover/autodiscover.xml

Open in new window

0
 

Author Comment

by:PlatinumITS
ID: 36931568
I had to set all three per that article.  Also my default website is OWA, not Default Web Site...So it worked.thanks.
0
 

Author Closing Comment

by:PlatinumITS
ID: 36931573
Thanks!
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
Steps to fix “Unable to mount database. (hr=0x80004005, ec=1108)”.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Suggested Courses
Course of the Month17 days, 22 hours left to enroll

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question