Solved

Verify Certificate

Posted on 2013-01-08
4
459 Views
Last Modified: 2013-01-09
before I start searching all over the web for a solution on this I decided to start here first. So here it goes.

Every time outlook for mac or outlook 2010 open it prompts me to verify cert and the cert is from totally different server. I think there is some corky DNS issue but I am not too clear where the issue is originating from on this one. I can tell you this OWA has the right cert but for some reason Outlook keeps prompting to verify this cert

I looked at this post and this is DOES NOT solve my issue http://support.microsoft.com/kb/2467145

Any help on this one will be greatly appreciated check out the screen shot attached and notes. Oh yeah its connecting to a SBS 2011 server
Screen-Shot-2013-01-08-at-5.30.0.png
0
Comment
Question by:armenprintsian
  • 2
4 Comments
 
LVL 56

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 250 total points
ID: 38757478
With all of the blackouts and vague "example.com" entries, it is tough to be certain. Hey, not publishing a .local domain or internal server name? Totally get that. Not publishing two server names that are both clearly public and easily identifiable via WHOIS searches? There is no security in keeping it a secret and just makes life harder on us.

But with that out of the way, my first speculation is that your *public* DNS record has a wildcard catch-all record. So when the server is trying to do something like autodiscover.yourdomain.com, it is hitting that catch-all and being redirected to a webserver somewhere, and poof, certificate mismatch.

Wildcard DNS entries are generally not necessary and don't often help much. Have a good www record, a good root record (yourdomain.com without any subdomain entries) and this should clear up.
0
 

Author Comment

by:armenprintsian
ID: 38757520
cgaliher I am TOTALLY with you on the blackouts if it was a server I owned I would of left it visable on top of that I have no clue how this server is setup so took the extra secure route on the info. Not trying to make it hard for anyone especially because I want this solved so I can move on as well.

That being said I checked out DNS but didnt even think about a wildcard since the certs were not setup that way. I will take a look and keep you posted thanks for the quick reply
0
 

Author Comment

by:armenprintsian
ID: 38757607
so I checked out the public dns for the domain and there is no wildcard entry. However this is how dns is setup (below are just examples of the DNS setup)

example.com

A  Records:
mail.example.com - 192.168.1.10
example.com - 10.10.1.2
example.com - 10.10.1.3
example.com - 10.10.1.4
example.com - 10.10.1.5
example.com - 10.10.1.6
example.com - 10.10.1.7
example.com - 10.10.1.8

CNAME:
autodiscover.example.com -> mail.example.com
www -> example.com

mx records: (hosted by postini)
example.com.s6a1.psmtp.com.
example.com.s6a2.psmtp.com.
example.com.s6b1.psmtp.com.
example.com.s6b2.psmtp.com.

TXT RECORD:
example.com - "v=spf1 ip4:192.168.1.10/24 mx ~all"

PTR:

example.com.s6a1.psmtp.com. - 192.168.1.10

So I deleted all example.com A and "www" CName records and the "Verify Certificate" error went away which is GREAT!

Issue now is that www.example.com and example.com websites dont work???? If I put things back I will get the error again but websites will work again
0
 
LVL 49

Accepted Solution

by:
Akhater earned 250 total points
ID: 38758089
remove all example.com from the dns and create instead a records www.example.com pointing to the ips directly

in short replace every example.com with a www.example.com and delete the cname record
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you unable to connect or configure Hotmail email account in Microsoft Outlook 2010, 2007? Or Outlook.com emails are not downloading to Outlook? Lets’ see the problem and resolve Outlook Connector error syncing folder hierarchy (0x8004102A).
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now