?
Solved

Domain Name

Posted on 2012-04-11
6
Medium Priority
?
414 Views
Last Modified: 2013-02-28
Hello
Our internal domain name is setup as company.ca (not the same address for external/web purposes).  We have upgraded to Exchange 2010 and are now receiving an annoying security alert popup (the name on the security certificate is invalid or does not match the name of the site.  After research i decided to purchase a certificate and add the domain name.  I contacted Symantec who explained I cannot add this domain name into my existing certificate due to our internal domain name being owned by someone else (who wants big dollars to sell).  

I am hoping someone can help me with this problem - the best way to get rid of the popup.  

Thank you.
0
Comment
Question by:kinggirl
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 7

Expert Comment

by:BelushiLomax
ID: 37832925
If you use the Exchange Management tool with 2010 to generate and import your certificate you may get a certificate error warning when connecting with Outlook 2007 or 2010. The issue appears to be in the Internal URL path. If you use the External URL for both internal and external, usually done this way, the certificate import does not update the Internal URL path. To verify and change use the following:

#Check the SCP details (Autodiscover Uri):
Get-ClientAccessServer | FL

#Set the new URI for SCP
Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://server external FQDN/Autodiscover/Autodiscover.xml



#Check the Web Services URL:
Get-WebServicesVirtualDirectory | FL

#Set the new URL for Web Services:
Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory -InternalUrl https://server external FQDN /EWS/Exchange.asmx -ExternalUrl https://server external FQDN /EWS/Exchange.asmx


Example FQDN:                email.Contoso.com


Options Error:

If you set the default domain name in the OWA authentication and users logon with their user name instead of domain\user when choosing Options in OWA it will\may log them off. They should use the describe method on the logon page.
0
 
LVL 34

Accepted Solution

by:
Paul MacDonald earned 1000 total points
ID: 37834178
It's circuitous, but you could set up your own Certification Authority (CA), and then issue your own certificate for internal use.
0
 
LVL 7

Assisted Solution

by:abdulalikhan
abdulalikhan earned 1000 total points
ID: 37836946
There are two option,

One is the public CA which is the best choice, you can buy a UCC with the following names [if there is no co-existance]

mail.domain.com [should be set as default]
autodiscover.domain.com

With this configuration, you need to set every VD (except autodiscover VD) for internal and external as mail.domain.com.

Also set your internal DNS for mail.domain.com and autodiscover.domain.com to point to your CAS server/NLB.

Second option, is to use a local CA and define it as,

mail.domain.com [should be set as default]
autodiscover.domain.com
localhostFQDN [Every CAS server FQDN]

This will only alert your users if they are not on the domain or the root CA is not on their machine.
0

Featured Post

Percona Live Europe 2017 | Sep 25 - 27, 2017

The Percona Live Open Source Database Conference Europe 2017 is the premier event for the diverse and active European open source database community, as well as businesses that develop and use open source database software.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
New style of hardware planning for Microsoft Exchange server.
This video discusses moving either the default database or any database to a new volume.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the adminiā€¦
Suggested Courses
Course of the Month12 days, 8 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question