Solved

Domain Name

Posted on 2012-04-11
6
336 Views
Last Modified: 2013-02-28
Hello
Our internal domain name is setup as company.ca (not the same address for external/web purposes).  We have upgraded to Exchange 2010 and are now receiving an annoying security alert popup (the name on the security certificate is invalid or does not match the name of the site.  After research i decided to purchase a certificate and add the domain name.  I contacted Symantec who explained I cannot add this domain name into my existing certificate due to our internal domain name being owned by someone else (who wants big dollars to sell).  

I am hoping someone can help me with this problem - the best way to get rid of the popup.  

Thank you.
0
Comment
Question by:kinggirl
6 Comments
 
LVL 7

Expert Comment

by:BelushiLomax
Comment Utility
If you use the Exchange Management tool with 2010 to generate and import your certificate you may get a certificate error warning when connecting with Outlook 2007 or 2010. The issue appears to be in the Internal URL path. If you use the External URL for both internal and external, usually done this way, the certificate import does not update the Internal URL path. To verify and change use the following:

#Check the SCP details (Autodiscover Uri):
Get-ClientAccessServer | FL

#Set the new URI for SCP
Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://server external FQDN/Autodiscover/Autodiscover.xml



#Check the Web Services URL:
Get-WebServicesVirtualDirectory | FL

#Set the new URL for Web Services:
Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory -InternalUrl https://server external FQDN /EWS/Exchange.asmx -ExternalUrl https://server external FQDN /EWS/Exchange.asmx


Example FQDN:                email.Contoso.com


Options Error:

If you set the default domain name in the OWA authentication and users logon with their user name instead of domain\user when choosing Options in OWA it will\may log them off. They should use the describe method on the logon page.
0
 
LVL 33

Accepted Solution

by:
paulmacd earned 250 total points
Comment Utility
It's circuitous, but you could set up your own Certification Authority (CA), and then issue your own certificate for internal use.
0
 
LVL 7

Assisted Solution

by:abdulalikhan
abdulalikhan earned 250 total points
Comment Utility
There are two option,

One is the public CA which is the best choice, you can buy a UCC with the following names [if there is no co-existance]

mail.domain.com [should be set as default]
autodiscover.domain.com

With this configuration, you need to set every VD (except autodiscover VD) for internal and external as mail.domain.com.

Also set your internal DNS for mail.domain.com and autodiscover.domain.com to point to your CAS server/NLB.

Second option, is to use a local CA and define it as,

mail.domain.com [should be set as default]
autodiscover.domain.com
localhostFQDN [Every CAS server FQDN]

This will only alert your users if they are not on the domain or the root CA is not on their machine.
0

Featured Post

Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

Join & Write a Comment

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now