Outlook 2010 is getting Certificate Error Message in a Ex2003/2010 Coexistence Environment

Posted on 2011-10-25
Last Modified: 2012-08-14
Hi Guys,

My company is moving from Exchange 2003 to Exchange 2010. Right now we've got both systems running in a coexistence environment.

There are no User's Mailboxes at Exchange 2010 servers yet. Some users are already using Outlook 2010 to connect to their mailboxes at Exchange 2003 servers.

This weekend I installed couple CAS Servers and configure autodiscover services. After that our outlook 2010 clients are poping up a certificate error message to the clients. Since I am installing the Exchange infrasctructre, this message was expected only on mailboxes that were running on Exchange 2010, not on that on Exchange 2003 Servers, because I haven't set up SAN certificates yet.

How can I get rid of this Certificate Error Message on Outlook 2010 used to access a legacy mailbox?


Rodrigo Garcone
Question by:garconer

    Accepted Solution

    You must have a (valid) multiple SAN certificate that bears the names of all the multiple connections you now have (also called a UCC). That was the only way I was able to completely eliminate any type of cert warnings when I migrated our company during coexist. (Wildcard cert is also apparently allowed by Microsoft, but best practices by them state UCC is best, esp. if one is going to implement UM later on.)

    So the cert Subject Alternative Names would have to include stuff like,,, and even the CAS server(s)'s hostname i.e.

    Author Comment

    Actually I'm talking about legacy mailboxes running on Exchange 2003 from Outlook 2010. Why does Autodiscover and digital certificates matter in this case?

    Assisted Solution

    Because the mailboxes that live on the 2003 server are going to be accessed via the cas first, but the cas needs a name in the cert for the legacy piece of the older 2003 server, which is usually

    Author Comment

    Find the answer myself. Changed the certificate from Self-Signed to Public Certificate but haven't updated IIS. After updating IIS, everything went fine.

    Author Closing Comment

    The guys gave to me a start point where to look for.

    Featured Post

    Are end users causing IT problems again?

    You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

    Join & Write a Comment

    Suggested Solutions

    Set OWA language and time zone in Exchange for individuals, all users or per database.
    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
    In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

    730 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now