Solved

Verify Certificate

Posted on 2013-01-08
4
460 Views
Last Modified: 2013-01-09
before I start searching all over the web for a solution on this I decided to start here first. So here it goes.

Every time outlook for mac or outlook 2010 open it prompts me to verify cert and the cert is from totally different server. I think there is some corky DNS issue but I am not too clear where the issue is originating from on this one. I can tell you this OWA has the right cert but for some reason Outlook keeps prompting to verify this cert

I looked at this post and this is DOES NOT solve my issue http://support.microsoft.com/kb/2467145

Any help on this one will be greatly appreciated check out the screen shot attached and notes. Oh yeah its connecting to a SBS 2011 server
Screen-Shot-2013-01-08-at-5.30.0.png
0
Comment
Question by:armenprintsian
  • 2
4 Comments
 
LVL 57

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 250 total points
ID: 38757478
With all of the blackouts and vague "example.com" entries, it is tough to be certain. Hey, not publishing a .local domain or internal server name? Totally get that. Not publishing two server names that are both clearly public and easily identifiable via WHOIS searches? There is no security in keeping it a secret and just makes life harder on us.

But with that out of the way, my first speculation is that your *public* DNS record has a wildcard catch-all record. So when the server is trying to do something like autodiscover.yourdomain.com, it is hitting that catch-all and being redirected to a webserver somewhere, and poof, certificate mismatch.

Wildcard DNS entries are generally not necessary and don't often help much. Have a good www record, a good root record (yourdomain.com without any subdomain entries) and this should clear up.
0
 

Author Comment

by:armenprintsian
ID: 38757520
cgaliher I am TOTALLY with you on the blackouts if it was a server I owned I would of left it visable on top of that I have no clue how this server is setup so took the extra secure route on the info. Not trying to make it hard for anyone especially because I want this solved so I can move on as well.

That being said I checked out DNS but didnt even think about a wildcard since the certs were not setup that way. I will take a look and keep you posted thanks for the quick reply
0
 

Author Comment

by:armenprintsian
ID: 38757607
so I checked out the public dns for the domain and there is no wildcard entry. However this is how dns is setup (below are just examples of the DNS setup)

example.com

A  Records:
mail.example.com - 192.168.1.10
example.com - 10.10.1.2
example.com - 10.10.1.3
example.com - 10.10.1.4
example.com - 10.10.1.5
example.com - 10.10.1.6
example.com - 10.10.1.7
example.com - 10.10.1.8

CNAME:
autodiscover.example.com -> mail.example.com
www -> example.com

mx records: (hosted by postini)
example.com.s6a1.psmtp.com.
example.com.s6a2.psmtp.com.
example.com.s6b1.psmtp.com.
example.com.s6b2.psmtp.com.

TXT RECORD:
example.com - "v=spf1 ip4:192.168.1.10/24 mx ~all"

PTR:

example.com.s6a1.psmtp.com. - 192.168.1.10

So I deleted all example.com A and "www" CName records and the "Verify Certificate" error went away which is GREAT!

Issue now is that www.example.com and example.com websites dont work???? If I put things back I will get the error again but websites will work again
0
 
LVL 49

Accepted Solution

by:
Akhater earned 250 total points
ID: 38758089
remove all example.com from the dns and create instead a records www.example.com pointing to the ips directly

in short replace every example.com with a www.example.com and delete the cname record
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now