Solved

Verify Certificate

Posted on 2013-01-08
4
458 Views
Last Modified: 2013-01-09
before I start searching all over the web for a solution on this I decided to start here first. So here it goes.

Every time outlook for mac or outlook 2010 open it prompts me to verify cert and the cert is from totally different server. I think there is some corky DNS issue but I am not too clear where the issue is originating from on this one. I can tell you this OWA has the right cert but for some reason Outlook keeps prompting to verify this cert

I looked at this post and this is DOES NOT solve my issue http://support.microsoft.com/kb/2467145

Any help on this one will be greatly appreciated check out the screen shot attached and notes. Oh yeah its connecting to a SBS 2011 server
Screen-Shot-2013-01-08-at-5.30.0.png
0
Comment
Question by:armenprintsian
  • 2
4 Comments
 
LVL 56

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 250 total points
ID: 38757478
With all of the blackouts and vague "example.com" entries, it is tough to be certain. Hey, not publishing a .local domain or internal server name? Totally get that. Not publishing two server names that are both clearly public and easily identifiable via WHOIS searches? There is no security in keeping it a secret and just makes life harder on us.

But with that out of the way, my first speculation is that your *public* DNS record has a wildcard catch-all record. So when the server is trying to do something like autodiscover.yourdomain.com, it is hitting that catch-all and being redirected to a webserver somewhere, and poof, certificate mismatch.

Wildcard DNS entries are generally not necessary and don't often help much. Have a good www record, a good root record (yourdomain.com without any subdomain entries) and this should clear up.
0
 

Author Comment

by:armenprintsian
ID: 38757520
cgaliher I am TOTALLY with you on the blackouts if it was a server I owned I would of left it visable on top of that I have no clue how this server is setup so took the extra secure route on the info. Not trying to make it hard for anyone especially because I want this solved so I can move on as well.

That being said I checked out DNS but didnt even think about a wildcard since the certs were not setup that way. I will take a look and keep you posted thanks for the quick reply
0
 

Author Comment

by:armenprintsian
ID: 38757607
so I checked out the public dns for the domain and there is no wildcard entry. However this is how dns is setup (below are just examples of the DNS setup)

example.com

A  Records:
mail.example.com - 192.168.1.10
example.com - 10.10.1.2
example.com - 10.10.1.3
example.com - 10.10.1.4
example.com - 10.10.1.5
example.com - 10.10.1.6
example.com - 10.10.1.7
example.com - 10.10.1.8

CNAME:
autodiscover.example.com -> mail.example.com
www -> example.com

mx records: (hosted by postini)
example.com.s6a1.psmtp.com.
example.com.s6a2.psmtp.com.
example.com.s6b1.psmtp.com.
example.com.s6b2.psmtp.com.

TXT RECORD:
example.com - "v=spf1 ip4:192.168.1.10/24 mx ~all"

PTR:

example.com.s6a1.psmtp.com. - 192.168.1.10

So I deleted all example.com A and "www" CName records and the "Verify Certificate" error went away which is GREAT!

Issue now is that www.example.com and example.com websites dont work???? If I put things back I will get the error again but websites will work again
0
 
LVL 49

Accepted Solution

by:
Akhater earned 250 total points
ID: 38758089
remove all example.com from the dns and create instead a records www.example.com pointing to the ips directly

in short replace every example.com with a www.example.com and delete the cname record
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Are you unable to connect or configure Hotmail email account in Microsoft Outlook 2010, 2007? Or Outlook.com emails are not downloading to Outlook? Lets’ see the problem and resolve Outlook Connector error syncing folder hierarchy (0x8004102A).
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now