This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.
Solved
Exchange 2010 Autodiscover cerfication error
Posted on 2012-04-05
Hello!
I have a problem with my Exchange 2010 server.
When users connect while on the domain they get the autodiscover uri from AD and that works great.
However, when connected outsite the domain - they get a certification error stating "The name on the security certification is invalid or does not match the name of the site."
I have been googling this for a while now and tryed all kinds of soloutions with no success.
I have;
Point DNS from autodiscover.domain.com TO mail.domain.com
My autodiscover Url is set to https://mail.domain.com/autodiscover/autodiscover.xml
The problem is, the cert is for mail.domain.com and this does not match with autodiscover.domain.com !
This is from testexchangeconnectivity.c
Please, anyone who could assist me?
I have a problem with my Exchange 2010 server.
When users connect while on the domain they get the autodiscover uri from AD and that works great.
However, when connected outsite the domain - they get a certification error stating "The name on the security certification is invalid or does not match the name of the site."
I have been googling this for a while now and tryed all kinds of soloutions with no success.
I have;
Point DNS from autodiscover.domain.com TO mail.domain.com
My autodiscover Url is set to https://mail.domain.com/autodiscover/autodiscover.xml
The problem is, the cert is for mail.domain.com and this does not match with autodiscover.domain.com !
This is from testexchangeconnectivity.c
Attempting to test potential Autodiscover URL https://autodiscover.domain.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name autodiscover.domain.com in DNS.
The host name resolved successfully.
Additional Details
Testing TCP port 443 on host autodiscover.domain.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server autodiscover.domain.com on port 443.
ExRCA successfully obtained the remote SSL certificate.
Additional Details
Validating the certificate name.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Please, anyone who could assist me?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
3 Comments
>> My autodiscover Url is set to https://mail.domain.com/autodiscover/autodiscover.xml
I presume you are referring to the autodiscover URL you have set in your Service Connection Point (SCP) for internal purposes? (Set using Set-ClientAccessServer -AutodiscoverServiceIntern
If so, the SCP is valid only for domain-joined machines. If you are connecting externally or from a non-domain machine, the value stored in Active Directory is not available to those computers. In these cases, Outlook automatically infers the URL, trying https://<smtp-domain>/Autodiscover
In this case, the process will fail because your SSL certificate does not mention autodiscover.domain.com as a valid DNS name.
How to resolve the problem?
-Matt
I presume you are referring to the autodiscover URL you have set in your Service Connection Point (SCP) for internal purposes? (Set using Set-ClientAccessServer -AutodiscoverServiceIntern
If so, the SCP is valid only for domain-joined machines. If you are connecting externally or from a non-domain machine, the value stored in Active Directory is not available to those computers. In these cases, Outlook automatically infers the URL, trying https://<smtp-domain>/Autodiscover
In this case, the process will fail because your SSL certificate does not mention autodiscover.domain.com as a valid DNS name.
How to resolve the problem?
Purchase a Unified Communications certificate from somewhere like GoDaddy which lists the autodiscover domain in addition to the mail domain. This is the standard practice.
Remove your autodiscover.domain.com record from external DNS and instead use the SRV connection point method to direct Autodiscover to the mail.domain.com record: http://support.microsoft.com/kb/940881 - this method does require your public DNS provider to support SRV records. Many do not.
Use a wildcard certificate - not something I would recommend. I have had issues with wildcard certificates, and they are generally a lot more costly than a multi-name SAN/UC certificate anyway
-Matt
generate a new cert request from exchange 2010 and include all your FQDN, then purshace UCC cert from a public CA.
continue your pending request in exchange 2010 console.
continue your pending request in exchange 2010 console.
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP, Windows Server…
- Ransomware
- Experts Exchange
- Windows XP
- Windows OS
- Windows Server 2008
- Windows Server 2003, Security
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller.
Log onto the new domain controller with a user account t…
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
- Microsoft Office
- Office 365
- Outlook
- Office / Productivity
- Microsoft Word
- Microsoft PowerPoint, Microsoft Excel, *Office 2013, *office 2010, *Office 2016
Suggested Courses
Course of the Month6 days, 2 hours left to enroll
688 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.