Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Outlook 2010 is getting Certificate Error Message in a Ex2003/2010 Coexistence Environment

Posted on 2011-10-25
Medium Priority
Last Modified: 2012-08-14
Hi Guys,

My company is moving from Exchange 2003 to Exchange 2010. Right now we've got both systems running in a coexistence environment.

There are no User's Mailboxes at Exchange 2010 servers yet. Some users are already using Outlook 2010 to connect to their mailboxes at Exchange 2003 servers.

This weekend I installed couple CAS Servers and configure autodiscover services. After that our outlook 2010 clients are poping up a certificate error message to the clients. Since I am installing the Exchange infrasctructre, this message was expected only on mailboxes that were running on Exchange 2010, not on that on Exchange 2003 Servers, because I haven't set up SAN certificates yet.

How can I get rid of this Certificate Error Message on Outlook 2010 used to access a legacy mailbox?


Rodrigo Garcone
Question by:garconer
  • 3
  • 2

Accepted Solution

FiberNut earned 1500 total points
ID: 37025458
You must have a (valid) multiple SAN certificate that bears the names of all the multiple connections you now have (also called a UCC). That was the only way I was able to completely eliminate any type of cert warnings when I migrated our company during coexist. (Wildcard cert is also apparently allowed by Microsoft, but best practices by them state UCC is best, esp. if one is going to implement UM later on.)

So the cert Subject Alternative Names would have to include stuff like yourdomain.com, autodiscover.yourdomain.com, webmail.yourdomain.com, and even the CAS server(s)'s hostname i.e. CASSERVER01.yourdomain.com

Author Comment

ID: 37027291
Actually I'm talking about legacy mailboxes running on Exchange 2003 from Outlook 2010. Why does Autodiscover and digital certificates matter in this case?

Assisted Solution

FiberNut earned 1500 total points
ID: 37027906
Because the mailboxes that live on the 2003 server are going to be accessed via the cas first, but the cas needs a name in the cert for the legacy piece of the older 2003 server, which is usually legacy.yourdomain.com

Author Comment

ID: 37141145
Find the answer myself. Changed the certificate from Self-Signed to Public Certificate but haven't updated IIS. After updating IIS, everything went fine.

Author Closing Comment

ID: 37141173
The guys gave to me a start point where to look for.

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Steps to fix error: “Couldn’t mount the database that you specified. Specified database: HU-DB; Error code: An Active Manager operation fail”
Exchange administrators are always vigilant about Exchange crashes and disasters that are possible any time. It is quite essential to identify the symptoms of a possible Exchange issue and be prepared with a proper recovery plan. There are multiple…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses
Course of the Month10 days, 7 hours left to enroll

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question