?
Solved

Verify Certificate

Posted on 2013-01-08
4
Medium Priority
?
466 Views
Last Modified: 2013-01-09
before I start searching all over the web for a solution on this I decided to start here first. So here it goes.

Every time outlook for mac or outlook 2010 open it prompts me to verify cert and the cert is from totally different server. I think there is some corky DNS issue but I am not too clear where the issue is originating from on this one. I can tell you this OWA has the right cert but for some reason Outlook keeps prompting to verify this cert

I looked at this post and this is DOES NOT solve my issue http://support.microsoft.com/kb/2467145

Any help on this one will be greatly appreciated check out the screen shot attached and notes. Oh yeah its connecting to a SBS 2011 server
Screen-Shot-2013-01-08-at-5.30.0.png
0
Comment
Question by:armenprintsian
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 59

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 1000 total points
ID: 38757478
With all of the blackouts and vague "example.com" entries, it is tough to be certain. Hey, not publishing a .local domain or internal server name? Totally get that. Not publishing two server names that are both clearly public and easily identifiable via WHOIS searches? There is no security in keeping it a secret and just makes life harder on us.

But with that out of the way, my first speculation is that your *public* DNS record has a wildcard catch-all record. So when the server is trying to do something like autodiscover.yourdomain.com, it is hitting that catch-all and being redirected to a webserver somewhere, and poof, certificate mismatch.

Wildcard DNS entries are generally not necessary and don't often help much. Have a good www record, a good root record (yourdomain.com without any subdomain entries) and this should clear up.
0
 

Author Comment

by:armenprintsian
ID: 38757520
cgaliher I am TOTALLY with you on the blackouts if it was a server I owned I would of left it visable on top of that I have no clue how this server is setup so took the extra secure route on the info. Not trying to make it hard for anyone especially because I want this solved so I can move on as well.

That being said I checked out DNS but didnt even think about a wildcard since the certs were not setup that way. I will take a look and keep you posted thanks for the quick reply
0
 

Author Comment

by:armenprintsian
ID: 38757607
so I checked out the public dns for the domain and there is no wildcard entry. However this is how dns is setup (below are just examples of the DNS setup)

example.com

A  Records:
mail.example.com - 192.168.1.10
example.com - 10.10.1.2
example.com - 10.10.1.3
example.com - 10.10.1.4
example.com - 10.10.1.5
example.com - 10.10.1.6
example.com - 10.10.1.7
example.com - 10.10.1.8

CNAME:
autodiscover.example.com -> mail.example.com
www -> example.com

mx records: (hosted by postini)
example.com.s6a1.psmtp.com.
example.com.s6a2.psmtp.com.
example.com.s6b1.psmtp.com.
example.com.s6b2.psmtp.com.

TXT RECORD:
example.com - "v=spf1 ip4:192.168.1.10/24 mx ~all"

PTR:

example.com.s6a1.psmtp.com. - 192.168.1.10

So I deleted all example.com A and "www" CName records and the "Verify Certificate" error went away which is GREAT!

Issue now is that www.example.com and example.com websites dont work???? If I put things back I will get the error again but websites will work again
0
 
LVL 49

Accepted Solution

by:
Akhater earned 1000 total points
ID: 38758089
remove all example.com from the dns and create instead a records www.example.com pointing to the ips directly

in short replace every example.com with a www.example.com and delete the cname record
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Changing a few Outlook Options can help keep you organized!
This article describes how to import Lotus Notes Contacts into Outlook 2016, 2013, 2010 and 2007 etc. with a few manual steps. You can easily export and migrate Lotus Notes contacts into Microsoft Outlook without having to use any third party tools.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses
Course of the Month9 days, 23 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question