Solved

Domain Name

Posted on 2012-04-11
6
390 Views
Last Modified: 2013-02-28
Hello
Our internal domain name is setup as company.ca (not the same address for external/web purposes).  We have upgraded to Exchange 2010 and are now receiving an annoying security alert popup (the name on the security certificate is invalid or does not match the name of the site.  After research i decided to purchase a certificate and add the domain name.  I contacted Symantec who explained I cannot add this domain name into my existing certificate due to our internal domain name being owned by someone else (who wants big dollars to sell).  

I am hoping someone can help me with this problem - the best way to get rid of the popup.  

Thank you.
0
Comment
Question by:kinggirl
6 Comments
 
LVL 7

Expert Comment

by:BelushiLomax
ID: 37832925
If you use the Exchange Management tool with 2010 to generate and import your certificate you may get a certificate error warning when connecting with Outlook 2007 or 2010. The issue appears to be in the Internal URL path. If you use the External URL for both internal and external, usually done this way, the certificate import does not update the Internal URL path. To verify and change use the following:

#Check the SCP details (Autodiscover Uri):
Get-ClientAccessServer | FL

#Set the new URI for SCP
Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://server external FQDN/Autodiscover/Autodiscover.xml



#Check the Web Services URL:
Get-WebServicesVirtualDirectory | FL

#Set the new URL for Web Services:
Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory -InternalUrl https://server external FQDN /EWS/Exchange.asmx -ExternalUrl https://server external FQDN /EWS/Exchange.asmx


Example FQDN:                email.Contoso.com


Options Error:

If you set the default domain name in the OWA authentication and users logon with their user name instead of domain\user when choosing Options in OWA it will\may log them off. They should use the describe method on the logon page.
0
 
LVL 34

Accepted Solution

by:
Paul MacDonald earned 250 total points
ID: 37834178
It's circuitous, but you could set up your own Certification Authority (CA), and then issue your own certificate for internal use.
0
 
LVL 7

Assisted Solution

by:abdulalikhan
abdulalikhan earned 250 total points
ID: 37836946
There are two option,

One is the public CA which is the best choice, you can buy a UCC with the following names [if there is no co-existance]

mail.domain.com [should be set as default]
autodiscover.domain.com

With this configuration, you need to set every VD (except autodiscover VD) for internal and external as mail.domain.com.

Also set your internal DNS for mail.domain.com and autodiscover.domain.com to point to your CAS server/NLB.

Second option, is to use a local CA and define it as,

mail.domain.com [should be set as default]
autodiscover.domain.com
localhostFQDN [Every CAS server FQDN]

This will only alert your users if they are not on the domain or the root CA is not on their machine.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Many people use more than one email account and so it becomes difficult for them to manage them when they use separate accounts,  so, in this article, I have shared an easy way to add Other Mail Accounts in your Google Inbox. It helps to combine all…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question