[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1242
  • Last Modified:

Outlook Security Alert for Certificate

We are getting the attached screen shot on ocassion and I'm not sure why.  I don't know if it is related, but last wek our PDC went down.  I've removed it and made our 2nd DC the PDC.  

Any ideas?
certificate2.png
0
J.R. Sitman
Asked:
J.R. Sitman
  • 6
  • 5
1 Solution
 
ExchangePanditCommented:
I guess you are getting this while accessing outlook client. May I know which exchange version are you running? Is it Exchange 2007 or Exchange 2010?

If it is SAN certificate then please confirm you have all required DNS entries on the certificate, e.g. autodiscover.domain.com etc. And there is DNS record on your internal DNS server which points to your CAS server?

KB article: 940726 (might be relevant but i cannot confirm until you provide more information)


Regards
0
 
J.R. SitmanAuthor Commented:
Exchange 2010.  I have no idea if it is a SAN certificate,  Our DNS records have changed since the PDC crashed, so that could be the issue.
0
 
ExchangePanditCommented:
Please make sure autodiscover.spcala.com is pointing to your CAS server? If you have a single exchange server then it will point to the Exchange 2010 box, if you have divided your Exchange server roles then it should only point to CAS role not any other role.

Secondly to find out whether it is a SAN certificate or not, simply click on the DETAILS tab of that certificate and try to find Subject Alternative Name in the FIELD column. If you find multiple entries like:

autodiscover.spcala.com
mail.spcala.com
etc
etc

then it is SAN certificate.

e.g: http://www.digicert.com/subject-alternative-name.htm

Regards
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
J.R. SitmanAuthor Commented:
Where do I find the certificate to open it?  I've already closed it.
0
 
J.R. SitmanAuthor Commented:
I found it and it points to the crashed server.  However, these is no way to edit it.  I think I need to have it revoked and reissued from GoDaddy.
0
 
ExchangePanditCommented:
Well it should point to your Exchange server not the domain controller, please confirm whether that can be done?
0
 
J.R. SitmanAuthor Commented:
nothing can be editied.  see attached
certificate3.png
0
 
ExchangePanditCommented:
Firstly, you dont edit the certificate to DNS entries to point them to a server, I was talking about DNS server where you can have an A record (autodiscover.domain.com) pointing to your exchange server.

But by the looks of it, this certificate does not have any DNS entries apart from common name i.e. spcala.com, to me it looks like you had SSL on for your Website as well . Check this out: https://spcala.com/

Now as far as Outlook client OR  Exchange server is concerned, firstly it is looking at the WRONG certificate. Secondly you mentioned GODADDY's name, now this certificate (screenshot provided by you) is issued  by Starfield (http://www.starfieldtech.com/), so I am guessing that you have got another certificate from GoDaddy which is used for Exchange server, please run this command on Exchange 2010 Management Shell for me:

Get-ExchangeCertificate | fl > c:\cert.txt

File will get saved in your exchange servers C drive, please open and paste the result for us (you might want to remove/omit sensitive information from the result like servername etc).

Regards
0
 
J.R. SitmanAuthor Commented:
Attached is the cert.txt.  Not sure what you want me to do on the DNS server, please explain.
cert.txt
0
 
J.R. SitmanAuthor Commented:
I had someome help me with the DNS setting.  That was the problem.
0
 
ExchangePanditCommented:
brilliant, many thanks for confirming the same. I looked at the above screenshot, the certificate is a SAN cert from GoDaddy:

https://owa.spcala.com/owa

Note: please award points if you think your issue is resolved.

Regards
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now