Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

SSL Certificate Issue

Posted on 2012-08-25
3
Medium Priority
?
883 Views
Last Modified: 2012-08-25
Renewed an SSL Cert from GoDaddy and got it installed on the single SBS 2008 server.  Internal & OWA is working fine but a domain added laptop is getting the following prompt:

There is a problem with the proxy server's certificate.  The name on the security certificate is invalid or does not match the name on target name.domain.com.

Outlook is unable to connect the proxy server.  (Error Code 10)

Aside from that; the iphone isn't getting email either BUT:

1.  If I add a Self Assigned CERT the Iphone gets email but then the Outlook 2010 client who is currently offsite gets the Self Assigned CERT but it doesn't match the name.
2.  If I remove the CERT nothing works obviously.

What I am trying to do is get the CA CERT from GoDaddy to be assigned to site and possibly even RPC over HTTP so this will be resolved.

I'm sure I'm missing something pretty obvious.

Please advise and thanks!
0
Comment
Question by:BGTSLLC
  • 3
3 Comments
 
LVL 4

Author Comment

by:BGTSLLC
ID: 38332773
I ran this:

[PS] C:\Windows\System32>get-clientaccessserver -identity “servername” |fl


Name                           : servername
OutlookAnywhereEnabled         : True
AutoDiscoverServiceCN          : servername
AutoDiscoverServiceClassName   : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri : https://mail.domainname.com/autodiscover/autodisco
                                 ver.xml
AutoDiscoverServiceGuid        : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
AutoDiscoverSiteScope          : {Default-First-Site-Name}
IsValid                        : True
OriginatingServer              : XXXXFP01.domainname.local
ExchangeVersion                : 0.1 (8.0.535.0)
DistinguishedName              : CN=XXXXFP01,CN=Servers,CN=Exchange Administrat
                                 ive Group (FYDIBOHF23SPDLT),CN=Administrative
                                 Groups,CN=First Organization,CN=Microsoft Exch
                                 ange,CN=Services,CN=Configuration,DC=XXXXX,DC
                                 =local
Identity                       :XXXXFP01
Guid                           : 4cc6d9a5-f28b-42ee-97d9-8f96a8634876
ObjectCategory                 : domainname.local/Configuration/Schema/ms-Exch-Exch
                                 ange-Server
ObjectClass                    : {top, server, msExchExchangeServer}
WhenChanged                    : 8/25/2012 9:37:36 AM
WhenCreated                    : 7/30/2010 9:49:45 AM

Based on this article:

This is because i’m connecting to services using the NetBIOS name of mbx1 which does not match the name on the certificate. If i run Get-ClientAccessServer -Identity mbx1 | FL i’ll see that the AutoDiscoverServiceInternalUri says https://MBX1/Autodiscover/Autodiscover.xml, this does not match the certificate. I can also check the other services and see that i get the same results for OAB, EWS, Outlook Anywhere (OA) and Exchange Active Sync (EAS). So i need to update all theses internal url’s to match the name on the cert.

•Set-ClientAccessServer -Identity "mbx1" –AutodiscoverServiceInternalURI https://nlb.nwtraders.msft/autodiscover/autodiscover.xml 

 


•Set-WebServicesVirtualDirectory -Identity "mbx1\EWS (Default Web Site)" –InternalUrl  https://nlb.nwtraders.msft/EWS/Exchange.asmx

 
•Set-OABVirtualDirectory -Identity “mbx1\OAB (Default Web Site)” -InternalURL https://nlb.nwtraders.msft/OAB 

 
•Enable-OutlookAnywhere -Server mbx1 -ExternalHostname “nlb.nwtraders.msft” -ClientAuthenticationMethod “NTLM”

 
•Set-ActiveSyncVirtualDirectory -Identity “mbx1\Microsoft-Server-ActiveSync (Default Web Site)” -InternalURL https://nlb.nwtraders.msft/Microsoft-Server-Activesync 

Not sure if I am headed in the right direction.
0
 
LVL 4

Accepted Solution

by:
BGTSLLC earned 0 total points
ID: 38332829
Ok so I deleted and re added the certificate, used DigiCerts utility and it worked for the domain laptop currently offsite.  Now I just need to confirm that iphones are picking up and this is done.
0
 
LVL 4

Author Comment

by:BGTSLLC
ID: 38332832
Woohoo - got it all fixed!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits …
You finally migrated Public Folders to Office 365, decommissioned the Public Folder mailbox database and since then, when you send an email from on-premise to mail-enabled Public Folders, you get the following error: "Misconfigured public folder mai…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses
Course of the Month15 days, 23 hours left to enroll

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question