Rawasi
asked on
how to disable the message i got when i open outlook 2010 ? "security alert"
hi
- i have Microsoft outlook 2007 and exchange server 2007 installed, when i open outlook 2010 i get a message "Security Alert "
security-Alert.jpg
- i have Microsoft outlook 2007 and exchange server 2007 installed, when i open outlook 2010 i get a message "Security Alert "
security-Alert.jpg
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
are you using s self signed exchange certificate in Exchange 2007?
NeilMM the image quite clearly states it is from a trusted source.
demazter - self signed certs also show truster source.
This problem is due Outlook uses Autodiscover not only when is configured the first time but every start up time. When Outlook start (2007 or 2010) try first to establish a SSL connection with the Client Acces Server, for example : cas.company.local, the original Certificate in Exchange was issued with that Subject name, for that there is no problem internally.
The problem appear when the certificate is changed, tipically scenario owa is enabled to be reached by externall address , for example: mail.company.com (in this example users wil contact owa on the address https:mail.company.com/owa). To match the name on the certificate cas.company.local with the externall URL mail.company.com, people change the subject name on the certificate from cas.company .local to mail.company.com. It works fantastic externally, after import the respective certificate and create the record autodiscover.company.com you can even configure new external users (users not connected to the domain) using Autodiscover .
Now you have the problem with the local users running Outlook 2007 or 2010, they are going to receive a certificate warning that says:
You trust on this certificate authority
The certificate is valid
BUT the server name (cas.company.local) doesn’t match with the name on the certificate (mail.company.com)
Possible Solution? you can create a SAN certificate ( Subject alternative names) that include all the names, local or externall in where Outlook will try to establish the SSL connection fro default. It can be a Self Signed certificate or a Comercial one
This problem is due Outlook uses Autodiscover not only when is configured the first time but every start up time. When Outlook start (2007 or 2010) try first to establish a SSL connection with the Client Acces Server, for example : cas.company.local, the original Certificate in Exchange was issued with that Subject name, for that there is no problem internally.
The problem appear when the certificate is changed, tipically scenario owa is enabled to be reached by externall address , for example: mail.company.com (in this example users wil contact owa on the address https:mail.company.com/owa). To match the name on the certificate cas.company.local with the externall URL mail.company.com, people change the subject name on the certificate from cas.company .local to mail.company.com. It works fantastic externally, after import the respective certificate and create the record autodiscover.company.com you can even configure new external users (users not connected to the domain) using Autodiscover .
Now you have the problem with the local users running Outlook 2007 or 2010, they are going to receive a certificate warning that says:
You trust on this certificate authority
The certificate is valid
BUT the server name (cas.company.local) doesn’t match with the name on the certificate (mail.company.com)
Possible Solution? you can create a SAN certificate ( Subject alternative names) that include all the names, local or externall in where Outlook will try to establish the SSL connection fro default. It can be a Self Signed certificate or a Comercial one
I am fully aware of how outlook works.
The issue is because autodiscover.domainname.co m is not in the certificate, the error message quite clearly says this. Which is exactly what it says in http:#37367602
The issue is because autodiscover.domainname.co
ASKER
demazter: i have sna certificate
yes but do you have the autodiscover name in it?
If not, does autodiscover.domainname.co m resolve to your exchange server or somewhere else?
Quite often what can happen if the autodiscover record resolves to an external source (or if it isn't configured) then it will go to your web hosters which of course doesn't have your domain names in it.
if you PING autodiscover.domainname.co m where does it translate to?
If not, does autodiscover.domainname.co
Quite often what can happen if the autodiscover record resolves to an external source (or if it isn't configured) then it will go to your web hosters which of course doesn't have your domain names in it.
if you PING autodiscover.domainname.co
ASKER
how to make autodiscover.domainname.co m resolve to my exchange server ?
for internal users follow my article here (it's written for a different purpose but the principle is exactly the same): https://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_3703-Use-iPhone-on-wifi-network-without-the-need-to-reconfigure.html
configure autodiscover.domainname.co m as the zone instead of owa.domainname.com
if it's external then you need to configure the autodiscover record to go to the public IP address of your exchange server.
configure autodiscover.domainname.co
if it's external then you need to configure the autodiscover record to go to the public IP address of your exchange server.
ASKER
Mr NeilMM
give me the stabs to create a SAN certificate ( Subject alternative names) that include all the names,
"owa.domain.local,owa.publ ic.com"
give me the stabs to create a SAN certificate ( Subject alternative names) that include all the names,
"owa.domain.local,owa.publ
Follow step 7 in my article here: https://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2881-Migrate-Small-Business-Server-2003-to-Exchange-2010-and-Windows-2008-R2.html
It gives you step by step instructions on how to do it.
It gives you step by step instructions on how to do it.
ASKER
I've requested that this question be deleted for the following reason:
none of the comments was helpful !!
none of the comments was helpful !!
You were provided with a solution. Comment http:#37367602 advised you didn't have autodiscover.domainname.co m in your certificate.
The warning you get titled autodiscover.domainname.co m clearly says this name is not present in the certificate.
Comment http;#37373354 then provided a pointer to a guide explaining how to request the certificate.
The warning you get titled autodiscover.domainname.co
Comment http;#37373354 then provided a pointer to a guide explaining how to request the certificate.