how to disable the message i got when i open outlook 2010 ? "security alert"

hi
- i have Microsoft outlook 2007 and exchange server 2007 installed, when i open outlook 2010 i get a message "Security Alert "
security-Alert.jpg
LVL 1
RawasiAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Glen KnightCommented:
This is because you don't hava an SSL certificate with autodiscover.domainname.com.

Do you have a SAN/UCC certificate?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
NeilMMCommented:
are you using s self signed exchange certificate in Exchange 2007?
0
Glen KnightCommented:
NeilMM the image quite clearly states it is from a trusted source.
0
The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

NeilMMCommented:
demazter - self signed certs also show truster source.

This problem is due Outlook uses Autodiscover not only when is configured the first time but every start up time. When Outlook start (2007 or 2010) try first to establish a SSL connection with the Client Acces Server, for example : cas.company.local, the original Certificate in Exchange was issued with that Subject name, for that there is no problem internally.

The problem appear when the certificate is changed, tipically scenario owa is enabled to be reached by externall address , for example: mail.company.com (in this example users wil contact owa on the address https:mail.company.com/owa). To match the name on the certificate cas.company.local with the externall URL mail.company.com, people change the subject name on the certificate from cas.company .local to mail.company.com. It works fantastic externally, after import the respective certificate and create the record autodiscover.company.com you can even configure new external users (users not connected to the domain) using Autodiscover .
 
Now you have the problem with the local users running Outlook 2007 or 2010, they are going to receive a certificate warning that says:

You trust on this certificate authority
 The certificate is valid
 BUT the server name (cas.company.local) doesn’t match with the name on the certificate (mail.company.com)
 
Possible Solution? you can create a SAN certificate ( Subject alternative names) that include all the names, local or externall in where Outlook will try to establish the SSL connection fro default. It can be a Self Signed certificate or a Comercial one
 
0
Glen KnightCommented:
I am fully aware of how outlook works.

The issue is because autodiscover.domainname.com is not in the certificate, the error message quite clearly says this.  Which is exactly what it says in http:#37367602
0
RawasiAuthor Commented:
demazter: i have sna certificate
0
Glen KnightCommented:
yes but do you have the autodiscover name in it?
If not, does autodiscover.domainname.com resolve to your exchange server or somewhere else?

Quite often what can happen if the autodiscover record resolves to an external source (or if it isn't configured) then it will go to your web hosters which of course doesn't have your domain names in it.

if you PING autodiscover.domainname.com where does it translate to?
0
RawasiAuthor Commented:
how to make autodiscover.domainname.com resolve to my exchange server ?
0
Glen KnightCommented:
for internal users follow my article here (it's written for a different purpose but the principle is exactly the same): http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_3703-Use-iPhone-on-wifi-network-without-the-need-to-reconfigure.html

configure autodiscover.domainname.com as the zone instead of owa.domainname.com

if it's external then you need to configure the autodiscover record to go to the public IP address of your exchange server.
0
RawasiAuthor Commented:
Mr NeilMM
give me the stabs to create a SAN certificate ( Subject alternative names) that include all the names,
"owa.domain.local,owa.public.com"
0
Glen KnightCommented:
0
RawasiAuthor Commented:
I've requested that this question be deleted for the following reason:

none of the comments was helpful !!
0
Glen KnightCommented:
You were provided with a solution.  Comment http:#37367602 advised you didn't have autodiscover.domainname.com in your certificate.

The warning you get titled autodiscover.domainname.com clearly says this name is not present in the certificate.

Comment http;#37373354 then provided a pointer to a guide explaining how to request the certificate.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Applications

From novice to tech pro — start learning today.