Link to home
Start Free TrialLog in
Avatar of BGTSLLC
BGTSLLCFlag for United States of America

asked on

SSL Certificate Issue

Renewed an SSL Cert from GoDaddy and got it installed on the single SBS 2008 server.  Internal & OWA is working fine but a domain added laptop is getting the following prompt:

There is a problem with the proxy server's certificate.  The name on the security certificate is invalid or does not match the name on target name.domain.com.

Outlook is unable to connect the proxy server.  (Error Code 10)

Aside from that; the iphone isn't getting email either BUT:

1.  If I add a Self Assigned CERT the Iphone gets email but then the Outlook 2010 client who is currently offsite gets the Self Assigned CERT but it doesn't match the name.
2.  If I remove the CERT nothing works obviously.

What I am trying to do is get the CA CERT from GoDaddy to be assigned to site and possibly even RPC over HTTP so this will be resolved.

I'm sure I'm missing something pretty obvious.

Please advise and thanks!
Avatar of BGTSLLC
BGTSLLC
Flag of United States of America image

ASKER

I ran this:

[PS] C:\Windows\System32>get-clientaccessserver -identity “servername” |fl


Name                           : servername
OutlookAnywhereEnabled         : True
AutoDiscoverServiceCN          : servername
AutoDiscoverServiceClassName   : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri : https://mail.domainname.com/autodiscover/autodisco
                                 ver.xml
AutoDiscoverServiceGuid        : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
AutoDiscoverSiteScope          : {Default-First-Site-Name}
IsValid                        : True
OriginatingServer              : XXXXFP01.domainname.local
ExchangeVersion                : 0.1 (8.0.535.0)
DistinguishedName              : CN=XXXXFP01,CN=Servers,CN=Exchange Administrat
                                 ive Group (FYDIBOHF23SPDLT),CN=Administrative
                                 Groups,CN=First Organization,CN=Microsoft Exch
                                 ange,CN=Services,CN=Configuration,DC=XXXXX,DC
                                 =local
Identity                       :XXXXFP01
Guid                           : 4cc6d9a5-f28b-42ee-97d9-8f96a8634876
ObjectCategory                 : domainname.local/Configuration/Schema/ms-Exch-Exch
                                 ange-Server
ObjectClass                    : {top, server, msExchExchangeServer}
WhenChanged                    : 8/25/2012 9:37:36 AM
WhenCreated                    : 7/30/2010 9:49:45 AM

Based on this article:

This is because i’m connecting to services using the NetBIOS name of mbx1 which does not match the name on the certificate. If i run Get-ClientAccessServer -Identity mbx1 | FL i’ll see that the AutoDiscoverServiceInternalUri says https://MBX1/Autodiscover/Autodiscover.xml, this does not match the certificate. I can also check the other services and see that i get the same results for OAB, EWS, Outlook Anywhere (OA) and Exchange Active Sync (EAS). So i need to update all theses internal url’s to match the name on the cert.

•Set-ClientAccessServer -Identity "mbx1" –AutodiscoverServiceInternalURI https://nlb.nwtraders.msft/autodiscover/autodiscover.xml 

 


•Set-WebServicesVirtualDirectory -Identity "mbx1\EWS (Default Web Site)" –InternalUrl  https://nlb.nwtraders.msft/EWS/Exchange.asmx

 
•Set-OABVirtualDirectory -Identity “mbx1\OAB (Default Web Site)” -InternalURL https://nlb.nwtraders.msft/OAB 

 
•Enable-OutlookAnywhere -Server mbx1 -ExternalHostname “nlb.nwtraders.msft” -ClientAuthenticationMethod “NTLM”

 
•Set-ActiveSyncVirtualDirectory -Identity “mbx1\Microsoft-Server-ActiveSync (Default Web Site)” -InternalURL https://nlb.nwtraders.msft/Microsoft-Server-Activesync 

Not sure if I am headed in the right direction.
ASKER CERTIFIED SOLUTION
Avatar of BGTSLLC
BGTSLLC
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of BGTSLLC

ASKER

Woohoo - got it all fixed!