Solved

Exchange 2013, Outlook Profile, and security certificate

Posted on 2013-11-05
8
759 Views
Last Modified: 2013-11-14
Hello,

I installed Exchange 2013 and I installed SSL. From outside of the network, I can connect to the Exchange Server with Outlook using autodiscover. When I connect to the Exchange Server using autodiscover, I believe I establish a secure connection and the SSL certificates are trusted. So, everything seems to be working fine.

But, when I am inside of the network and when I use autodiscover, I get a security alert warning saying:

server.domain.com
information you exchange with this site cannot be viewed or changed... there is a problem with the site's security certificate... do you want to proceed?

What do I need to change inside of the network so that my Outlook profile is trusted when I use autodiscover?

By the way, I do not have any DNS records for autodiscover in my server's DNS. If I need to do something here, please be specific.

Thanks,
J:\
0
Comment
Question by:jhieb
  • 4
  • 4
8 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39625058
You need to change the URLs in Exchange to work with the external host name.
That will also require a split DNS.
The Exchange 2010 version of my article applies here: http://semb.ee/hostnames
The script at the end does work.

Must get round to completing the Exchange 2013 version.

Simon.
0
 
LVL 1

Author Comment

by:jhieb
ID: 39626032
Thanks. My internal and external URLs are already set to be the same. Externally, I am using mail.domain.com, and this is what autodiscover uses. Internally, I noticed that I a reverse DNS entry for an internal IP address that is for mail, also. Do you think this reverse DNS entry is conflicting with my external DNS entry? If so, should I remove the internal mail reverse DNS entry?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39627108
Are you sure you have got them all - including the ones in Shell only? The error you are getting would suggest that either you have missed one, or your DNS is wrong so the external name doesn't resolve internally to the correct place.

A reverse DNS entry will not be the cause of this.

Simon.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 1

Author Comment

by:jhieb
ID: 39628177
I will check this in a day or two. I am side tracked because of another project. Thanks.
0
 
LVL 1

Author Comment

by:jhieb
ID: 39632253
When I setup my URLs, I used the following Microsoft article. My settings are the same as in this article. The Internal and External URL's are the same. I also used the PowerShell example in this article to make sure my internal URL's were the same as the external URLs.

I compared my URL's with your URL script. The only difference is autodiscover. In my environment, autodiscover is set to the default web site so there is no external URL displayed. When I look at the ECP for Exchange 2013, there is no URL shown.

This is why I was thinking this was a reverse DNS issue. What do you think the Internal Autodiscover setting should be?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39632893
You haven't included any Microsoft article link, so I don't know what you were following.
My script doesn't set the Autodiscover virtual directories - those should be left as default.
If you haven't changed the value on the CAS Server role then that will cause the problems you see.

get-clientaccessserver | select identity, autodiscoverserviceinternaluri

If that is the default value, which is the server name, then you need to change it to match the host name on your SSL certificate.

Simon.
0
 
LVL 1

Author Comment

by:jhieb
ID: 39633604
Here is the link:
http://technet.microsoft.com/en-us/library/4acc7f2a-93ce-468c-9ace-d5f7eecbd8d4(v=exchg.150)#CreateConnector

I ran the command you gave and here is what the results are:
https://ectsvr02.mydomain.com/Autodiscover/Autodiscove...

The path shows my server name like you thought. Where do I change the value of my CAS server role?
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39638225
As with most things with Exchange 2010, change the get to set

set-clientaccessserver -identity servername -AutodiscoverServiceInternalURI https://host.example.com/Autodiscover/Autodiscover.xml

or follow the guide I posted in my first answer.

Simon.
0

Featured Post

Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question