We help IT Professionals succeed at work.

SBS 2011 - Exchange 2010 - Best Practices Analyzer - 6x Certificate SAN Mismatch errors

TheSonicGod
TheSonicGod asked
on
Hi Everyone,

Have some strange errors with outlook, so I ran the Best Practices Analyzer and I have the follow 6 errors - all similar:

1) Certificate SAN Mismatch - The subject alternative name (SAN) of SSL certificate for https://remote.mydomain.ca/Autodiscover/Autodiscover.xml does not appear to match the host address. Host address: remote.mydomain.ca. Current SAN: DNS Name=mail.mydomain.ca, DNS Name=www.mail.mydomain.ca, DNS Name=mydomain.ca.

2) Certificate SAN Mismatch - The subject alternative name (SAN) of SSL certificate for https://remote.mydomain.ca/EWS/Exchange.asmx does not appear to match the host address. Host address: remote.mydomain.ca. Current SAN: DNS Name=mail.mydomain.ca, DNS Name=www.mail.mydomain.ca, DNS Name=mydomain.ca.

3) Certificate SAN Mismatch - The subject alternative name (SAN) of SSL certificate for https://remote.mydomain.ca/Microsoft-Server-ActiveSync does not appear to match the host address. Host address: remote.mydomain.ca. Current SAN: DNS Name=mail.mydomain.ca, DNS Name=www.mail.mydomain.ca, DNS Name=mydomain.ca

4) Certificate SAN Mismatch - The subject alternative name (SAN) of SSL certificate for https://remote.mydomain.ca/OAB does not appear to match the host address. Host address: remote.mydomain.ca. Current SAN: DNS Name=mail.mydomain.ca, DNS Name=www.mail.mydomain.ca, DNS Name=mydomain.ca.

5) Certificate SAN Mismatch - The subject alternative name (SAN) of SSL certificate for https://remote.mydomain.ca/owa/ does not appear to match the host address. Host address: remote.mydomain.ca. Current SAN: DNS Name=mail.mydomain.ca, DNS Name=www.mail.mydomain.ca, DNS Name=mydomain.ca.

6) Certificate SAN Mismatch - The subject alternative name (SAN) of SSL certificate for HTTPS://remote.mydomain.ca/RPC does not appear to match the host address. Host address: remote.mydomain.ca. Current SAN: DNS Name=mail.mydomain.ca, DNS Name=www.mail.mydomain.ca, DNS Name=mydomain.ca.

Obviously I have a issue with some configuration with the SSL and possibly certificate. I can not seem to resolve the issue no matter what I have tried

thanks in advance for your replies,

TheSonicGod
Comment
Watch Question

Have you checked in IIS to make sure that the correct certificate is listed and bindings are correct? Also I have come across issues with changing the external and internal address within the exchange settings. I would definitely check in IIS first.
ChrisLead Infrastructure Architect
CERTIFIED EXPERT
Commented:
check the certificate that is installed on the Server do you have all your external names and your internal name included on the certificate

Does this match the URL's set on exchange for OWA etc

but the obvious call is does the certificate include the SAN of remote.mydomain.ca and is there an external DNS record to point at this.

Do you get any issues when access OWA or anything externally - you can use the exchange connectivity tester which does checks on the all the required certificates

https://www.testexchangeconnectivity.com/

Author

Commented:
Thanks Feebleminder & irweazelwallis,

I checked in IIS and I have a number of entries that I am not familiar with under certificates & bindings (I have attached the screen shots below).

Also I checked the godaddy certificate and it only has the mail.mydomain.ca listing - should I add the remote.mydomain.ca as I am not aware if we even use this but I know outlook has been popping logins showing this address.

And - not sure if related, I noticed that there are some questions marks next to default website and sharepoint in IIS - (screen shot also attached below)

Thanks again for any replies,

TheSonicGod


Untitled.jpg
Untitled1.jpg
Untitled2.jpg

Author

Commented:
Sorry - also OWA is accessible externally via https://mail.mydomain.ca/owa - no certificate errors

Explore More ContentExplore courses, solutions, and other research materials related to this topic.