asked on Exchange 2007 security certificate issue.
Hi all,
Hope you can assist me or point me in the right direction...
I read about this everywhere, but I can't find a solution that works for me. The problem is that I get the old "The name on the security certificate is invalid or does not match the name of the site." error when you open Outlook. When you press "YES" to proceed then the error does not appear during the use of Outlook "It does come back though when you close Outlook and re-open.
My certificates looks O.K:
Get-ExchangeCertificate | FL
Name of server: server
AccessRules : {System.Security.AccessCon
.Security.AccessControl.Cr
ty.AccessControl.CryptoKey
ssControl.CryptoKeyAccessR
CertificateDomains : {server, server.domain.co.za}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=server
NotAfter : 2013/02/28 12:39:15
NotBefore : 2012/02/28 12:39:15
PublicKeySize : 2048
RootCAType : None
SerialNumber : 57F5F21E478F2C894E7E820019
Services : IMAP, POP, IIS, SMTP
Status : Valid
Subject : CN=server
Thumbprint : D9F5556274277169F6120AE9FF
AccessRules : {System.Security.AccessCon
.Security.AccessControl.Cr
ty.AccessControl.CryptoKey
CertificateDomains : {WMSvc-SERVER}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=WMSvc-SERVER
NotAfter : 2020/09/10 11:29:06
NotBefore : 2010/09/13 11:29:06
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 61EFB0F252AC1B934C5F426766
Services : None
Status : Valid
Subject : CN=WMSvc-SERVER
Thumbprint : 555EFA2BA0FD988B0332A892BB
Get-ClientAccessServer -Identity server | FL
Name : SERVER
OutlookAnywhereEnabled : False
AutoDiscoverServiceCN : server
AutoDiscoverServiceClassNa
AutoDiscoverServiceInterna
discover.xml
AutoDiscoverServiceGuid : 77378f46-2c66-4aa9-a6a6-3e
AutoDiscoverSiteScope : {Default-First-Site-Name}
IsValid : True
OriginatingServer : server.domain.co.za
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=SERVER,CN=Servers,CN=Ex
ative Group (FIBOHF23SPDLT),CN=Adminis
e Groups,CN=First Organization,CN=Microsoft Ex
change,CN=Services,CN=Conf
co,DC=za
Identity : SERVER
Guid : 862d75ef-f20e-4331-8831-91
ObjectCategory : domain.co.za/Configuration
e-Server
ObjectClass : {top, server, msExchExchangeServer}
WhenChanged : 2012/03/07 14:07:19
WhenCreated : 2010/09/13 12:49:22
Also - the AutoDiscoverServiceInterna
Please - any help in the right direction would be appreciated.
Scrooge.
Hope you can assist me or point me in the right direction...
I read about this everywhere, but I can't find a solution that works for me. The problem is that I get the old "The name on the security certificate is invalid or does not match the name of the site." error when you open Outlook. When you press "YES" to proceed then the error does not appear during the use of Outlook "It does come back though when you close Outlook and re-open.
My certificates looks O.K:
Get-ExchangeCertificate | FL
Name of server: server
AccessRules : {System.Security.AccessCon
.Security.AccessControl.Cr
ty.AccessControl.CryptoKey
ssControl.CryptoKeyAccessR
CertificateDomains : {server, server.domain.co.za}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=server
NotAfter : 2013/02/28 12:39:15
NotBefore : 2012/02/28 12:39:15
PublicKeySize : 2048
RootCAType : None
SerialNumber : 57F5F21E478F2C894E7E820019
Services : IMAP, POP, IIS, SMTP
Status : Valid
Subject : CN=server
Thumbprint : D9F5556274277169F6120AE9FF
AccessRules : {System.Security.AccessCon
.Security.AccessControl.Cr
ty.AccessControl.CryptoKey
CertificateDomains : {WMSvc-SERVER}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=WMSvc-SERVER
NotAfter : 2020/09/10 11:29:06
NotBefore : 2010/09/13 11:29:06
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 61EFB0F252AC1B934C5F426766
Services : None
Status : Valid
Subject : CN=WMSvc-SERVER
Thumbprint : 555EFA2BA0FD988B0332A892BB
Get-ClientAccessServer -Identity server | FL
Name : SERVER
OutlookAnywhereEnabled : False
AutoDiscoverServiceCN : server
AutoDiscoverServiceClassNa
AutoDiscoverServiceInterna
discover.xml
AutoDiscoverServiceGuid : 77378f46-2c66-4aa9-a6a6-3e
AutoDiscoverSiteScope : {Default-First-Site-Name}
IsValid : True
OriginatingServer : server.domain.co.za
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=SERVER,CN=Servers,CN=Ex
ative Group (FIBOHF23SPDLT),CN=Adminis
e Groups,CN=First Organization,CN=Microsoft Ex
change,CN=Services,CN=Conf
co,DC=za
Identity : SERVER
Guid : 862d75ef-f20e-4331-8831-91
ObjectCategory : domain.co.za/Configuration
e-Server
ObjectClass : {top, server, msExchExchangeServer}
WhenChanged : 2012/03/07 14:07:19
WhenCreated : 2010/09/13 12:49:22
Also - the AutoDiscoverServiceInterna
Please - any help in the right direction would be appreciated.
Scrooge.
ExchangeWindows Server 2008
Last Comment
wimpie_asg
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
looks like your missing (autodiscover.domain.co.za
You will need to recreate your certificate to include the correct entry for autodiscover.
ASKER
Good day all,
Thank-you for all the quick responses!
What happened was the following:
Everything I came across indicated that the autodiscovery name is not the same as on the security certificate. It did not make any sense to me as it was. So I realised I am dealing with another issue. So what I did was, since autodiscovery uses https, I took the FQDN of my exchange server and pasted it in the web browser to see what the result was. To my amazement, it actually retrieved a website of another company on the Internet, but it also removed my https and made it normal http.
What had happened was, all the client computers on the domain uses a proxy. No problem or surprise here as they always used a proxy. But the problem on the proxy server was that the order of my DNS search lookup changed. It looked on the Internet before it tried to resolve names locally. So it resolved the autodiscovery name to an actual website on the Internet, and not on my local LAN, there for the error "The name on the security certificate is invalid or does not match the name of the site" as autodiscovery went to the Internet and not my Exchange.
So, if you are using a proxy and you get the above error, make sure your DNS lookup of your proxy server tries to resolve names on the LAN first before trying the Internet "A quick test would be to disable the proxy on the local computer". Mine was setup like this, but something I did changed it the order of the DNS lookup. Now since I did not changed it deliberately, I did not know this was the actual problem :-)
Anyway - I hope this helps someone out there that has the same problem.
--Scrooge
Thank-you for all the quick responses!
What happened was the following:
Everything I came across indicated that the autodiscovery name is not the same as on the security certificate. It did not make any sense to me as it was. So I realised I am dealing with another issue. So what I did was, since autodiscovery uses https, I took the FQDN of my exchange server and pasted it in the web browser to see what the result was. To my amazement, it actually retrieved a website of another company on the Internet, but it also removed my https and made it normal http.
What had happened was, all the client computers on the domain uses a proxy. No problem or surprise here as they always used a proxy. But the problem on the proxy server was that the order of my DNS search lookup changed. It looked on the Internet before it tried to resolve names locally. So it resolved the autodiscovery name to an actual website on the Internet, and not on my local LAN, there for the error "The name on the security certificate is invalid or does not match the name of the site" as autodiscovery went to the Internet and not my Exchange.
So, if you are using a proxy and you get the above error, make sure your DNS lookup of your proxy server tries to resolve names on the LAN first before trying the Internet "A quick test would be to disable the proxy on the local computer". Mine was setup like this, but something I did changed it the order of the DNS lookup. Now since I did not changed it deliberately, I did not know this was the actual problem :-)
Anyway - I hope this helps someone out there that has the same problem.
--Scrooge
ASKER
This came to be a DNS related issue.
The problem is resolved.
Scrooge.
The problem is resolved.
Scrooge.
Have you create a DNS entry for autodiscover which points to your email server?