how to disable the message i got when i open outlook 2010 ? "security alert"

hi
- i have Microsoft outlook 2007 and exchange server 2007 installed, when i open outlook 2010 i get a message "Security Alert "
security-Alert.jpg
LVL 1
RawasiAsked:
Who is Participating?
 
Glen KnightCommented:
This is because you don't hava an SSL certificate with autodiscover.domainname.com.

Do you have a SAN/UCC certificate?
0
 
NeilMMCommented:
are you using s self signed exchange certificate in Exchange 2007?
0
 
Glen KnightCommented:
NeilMM the image quite clearly states it is from a trusted source.
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
NeilMMCommented:
demazter - self signed certs also show truster source.

This problem is due Outlook uses Autodiscover not only when is configured the first time but every start up time. When Outlook start (2007 or 2010) try first to establish a SSL connection with the Client Acces Server, for example : cas.company.local, the original Certificate in Exchange was issued with that Subject name, for that there is no problem internally.

The problem appear when the certificate is changed, tipically scenario owa is enabled to be reached by externall address , for example: mail.company.com (in this example users wil contact owa on the address https:mail.company.com/owa). To match the name on the certificate cas.company.local with the externall URL mail.company.com, people change the subject name on the certificate from cas.company .local to mail.company.com. It works fantastic externally, after import the respective certificate and create the record autodiscover.company.com you can even configure new external users (users not connected to the domain) using Autodiscover .
 
Now you have the problem with the local users running Outlook 2007 or 2010, they are going to receive a certificate warning that says:

You trust on this certificate authority
 The certificate is valid
 BUT the server name (cas.company.local) doesn’t match with the name on the certificate (mail.company.com)
 
Possible Solution? you can create a SAN certificate ( Subject alternative names) that include all the names, local or externall in where Outlook will try to establish the SSL connection fro default. It can be a Self Signed certificate or a Comercial one
 
0
 
Glen KnightCommented:
I am fully aware of how outlook works.

The issue is because autodiscover.domainname.com is not in the certificate, the error message quite clearly says this.  Which is exactly what it says in http:#37367602
0
 
RawasiAuthor Commented:
demazter: i have sna certificate
0
 
Glen KnightCommented:
yes but do you have the autodiscover name in it?
If not, does autodiscover.domainname.com resolve to your exchange server or somewhere else?

Quite often what can happen if the autodiscover record resolves to an external source (or if it isn't configured) then it will go to your web hosters which of course doesn't have your domain names in it.

if you PING autodiscover.domainname.com where does it translate to?
0
 
RawasiAuthor Commented:
how to make autodiscover.domainname.com resolve to my exchange server ?
0
 
Glen KnightCommented:
for internal users follow my article here (it's written for a different purpose but the principle is exactly the same): http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_3703-Use-iPhone-on-wifi-network-without-the-need-to-reconfigure.html

configure autodiscover.domainname.com as the zone instead of owa.domainname.com

if it's external then you need to configure the autodiscover record to go to the public IP address of your exchange server.
0
 
RawasiAuthor Commented:
Mr NeilMM
give me the stabs to create a SAN certificate ( Subject alternative names) that include all the names,
"owa.domain.local,owa.public.com"
0
 
Glen KnightCommented:
0
 
RawasiAuthor Commented:
I've requested that this question be deleted for the following reason:

none of the comments was helpful !!
0
 
Glen KnightCommented:
You were provided with a solution.  Comment http:#37367602 advised you didn't have autodiscover.domainname.com in your certificate.

The warning you get titled autodiscover.domainname.com clearly says this name is not present in the certificate.

Comment http;#37373354 then provided a pointer to a guide explaining how to request the certificate.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.