Solved

Exchange 2007 security certificate issue.

Posted on 2012-03-15
6
459 Views
Last Modified: 2012-03-19
Hi all,

 Hope you can assist me or point me in the right direction...

I read about this everywhere, but I can't find a solution that works for me. The problem is that I get the old "The name on the security certificate is invalid or does not match the name of the site." error when you open Outlook. When you press "YES" to proceed then the error does not appear during the use of Outlook "It does come back though when you close Outlook and re-open.

My certificates looks O.K:

Get-ExchangeCertificate | FL

Name of server: server

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
                     ssControl.CryptoKeyAccessRule}
CertificateDomains : {server, server.domain.co.za}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=server
NotAfter           : 2013/02/28 12:39:15
NotBefore          : 2012/02/28 12:39:15
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 57F5F21E478F2C894E7E820019D04
Services           : IMAP, POP, IIS, SMTP
Status             : Valid
Subject            : CN=server
Thumbprint         : D9F5556274277169F6120AE9FFE339BCC6EFE

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {WMSvc-SERVER}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=WMSvc-SERVER
NotAfter           : 2020/09/10 11:29:06
NotBefore          : 2010/09/13 11:29:06
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 61EFB0F252AC1B934C5F4267662A1
Services           : None
Status             : Valid
Subject            : CN=WMSvc-SERVER
Thumbprint         : 555EFA2BA0FD988B0332A892BB491CFA7CE17



Get-ClientAccessServer -Identity server | FL


Name                           : SERVER
OutlookAnywhereEnabled         : False
AutoDiscoverServiceCN          : server
AutoDiscoverServiceClassName   : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri : https://server.domain.co.za/autodiscover/auto
                                 discover.xml
AutoDiscoverServiceGuid        : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
AutoDiscoverSiteScope          : {Default-First-Site-Name}
IsValid                        : True
OriginatingServer              : server.domain.co.za
ExchangeVersion                : 0.1 (8.0.535.0)
DistinguishedName              : CN=SERVER,CN=Servers,CN=Exchange Administr
                                 ative Group (FIBOHF23SPDLT),CN=Administrativ
                                 e Groups,CN=First Organization,CN=Microsoft Ex
                                 change,CN=Services,CN=Configuration,DC=domain,DC=
                                 co,DC=za
Identity                       : SERVER
Guid                           : 862d75ef-f20e-4331-8831-91914a87dd14
ObjectCategory                 : domain.co.za/Configuration/Schema/ms-Exch-Exchang
                                 e-Server
ObjectClass                    : {top, server, msExchExchangeServer}
WhenChanged                    : 2012/03/07 14:07:19
WhenCreated                    : 2010/09/13 12:49:22


Also - the AutoDiscoverServiceInternalUri name does match the name on the security certificate, in this case they are both server.domain.co.za.

Please - any help in the right direction would be appreciated.

Scrooge.
0
Comment
Question by:wimpie_asg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 5

Expert Comment

by:Guyver-it
ID: 37726468
Are you using a self signed or externally signed certificate?
Have you create a DNS entry for autodiscover which points to your email server?
0
 
LVL 8

Accepted Solution

by:
thomasdavis earned 500 total points
ID: 37726499
also on the cert what 3 names do you have?

Common Name - exchange.domain.com (owa site)
Alter name - exchange.local.com, exchange

Check DNS also.

Help with testing exchange https://www.testexchangeconnectivity.com/
0
 
LVL 8

Expert Comment

by:thomasdavis
ID: 37726515
looks like your missing (autodiscover.domain.co.za) in the certificatedomains:
0
Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

 
LVL 5

Expert Comment

by:Guyver-it
ID: 37727095
You will need to recreate your certificate to include the correct entry for autodiscover.
0
 
LVL 3

Author Comment

by:wimpie_asg
ID: 37738536
Good day all,

Thank-you for all the quick responses!

What happened was the following:

Everything I came across indicated that the autodiscovery name is not the same as on the security certificate. It did not make any sense to me as it was. So I realised I am dealing with another issue. So what I did was, since autodiscovery uses https, I took the FQDN of my exchange server and pasted it in the web browser to see what the result was. To my amazement, it actually retrieved a website of another company on the Internet, but it also removed my https and made it normal http.

What had happened was, all the client computers on the domain uses a proxy. No problem or surprise here as they always used a proxy. But the problem on the proxy server was that the order of my DNS search lookup changed. It looked on the Internet before it tried to resolve names locally. So it resolved the autodiscovery name to an actual website on the Internet, and not on my local LAN, there for the error "The name on the security certificate is invalid or does not match the name of the site" as autodiscovery went to the Internet and not my Exchange.
So, if you are using a proxy and you get the above error, make sure your DNS lookup of your proxy server tries to resolve names on the LAN first before trying the Internet "A quick test would be to disable the proxy on the local computer". Mine was setup like this, but something I did changed it the order of the DNS lookup. Now since I did not changed it deliberately, I did not know this was the actual problem :-)
Anyway - I hope this helps someone out there that has the same problem.

--Scrooge
0
 
LVL 3

Author Closing Comment

by:wimpie_asg
ID: 37738554
This came to be a DNS related issue.

The problem is resolved.


Scrooge.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question