Solved

Exchange 2013, Outlook Profile, and security certificate

Posted on 2013-11-05
8
750 Views
Last Modified: 2013-11-14
Hello,

I installed Exchange 2013 and I installed SSL. From outside of the network, I can connect to the Exchange Server with Outlook using autodiscover. When I connect to the Exchange Server using autodiscover, I believe I establish a secure connection and the SSL certificates are trusted. So, everything seems to be working fine.

But, when I am inside of the network and when I use autodiscover, I get a security alert warning saying:

server.domain.com
information you exchange with this site cannot be viewed or changed... there is a problem with the site's security certificate... do you want to proceed?

What do I need to change inside of the network so that my Outlook profile is trusted when I use autodiscover?

By the way, I do not have any DNS records for autodiscover in my server's DNS. If I need to do something here, please be specific.

Thanks,
J:\
0
Comment
Question by:jhieb
  • 4
  • 4
8 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39625058
You need to change the URLs in Exchange to work with the external host name.
That will also require a split DNS.
The Exchange 2010 version of my article applies here: http://semb.ee/hostnames
The script at the end does work.

Must get round to completing the Exchange 2013 version.

Simon.
0
 
LVL 1

Author Comment

by:jhieb
ID: 39626032
Thanks. My internal and external URLs are already set to be the same. Externally, I am using mail.domain.com, and this is what autodiscover uses. Internally, I noticed that I a reverse DNS entry for an internal IP address that is for mail, also. Do you think this reverse DNS entry is conflicting with my external DNS entry? If so, should I remove the internal mail reverse DNS entry?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39627108
Are you sure you have got them all - including the ones in Shell only? The error you are getting would suggest that either you have missed one, or your DNS is wrong so the external name doesn't resolve internally to the correct place.

A reverse DNS entry will not be the cause of this.

Simon.
0
 
LVL 1

Author Comment

by:jhieb
ID: 39628177
I will check this in a day or two. I am side tracked because of another project. Thanks.
0
Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 
LVL 1

Author Comment

by:jhieb
ID: 39632253
When I setup my URLs, I used the following Microsoft article. My settings are the same as in this article. The Internal and External URL's are the same. I also used the PowerShell example in this article to make sure my internal URL's were the same as the external URLs.

I compared my URL's with your URL script. The only difference is autodiscover. In my environment, autodiscover is set to the default web site so there is no external URL displayed. When I look at the ECP for Exchange 2013, there is no URL shown.

This is why I was thinking this was a reverse DNS issue. What do you think the Internal Autodiscover setting should be?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39632893
You haven't included any Microsoft article link, so I don't know what you were following.
My script doesn't set the Autodiscover virtual directories - those should be left as default.
If you haven't changed the value on the CAS Server role then that will cause the problems you see.

get-clientaccessserver | select identity, autodiscoverserviceinternaluri

If that is the default value, which is the server name, then you need to change it to match the host name on your SSL certificate.

Simon.
0
 
LVL 1

Author Comment

by:jhieb
ID: 39633604
Here is the link:
http://technet.microsoft.com/en-us/library/4acc7f2a-93ce-468c-9ace-d5f7eecbd8d4(v=exchg.150)#CreateConnector

I ran the command you gave and here is what the results are:
https://ectsvr02.mydomain.com/Autodiscover/Autodiscove...

The path shows my server name like you thought. Where do I change the value of my CAS server role?
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39638225
As with most things with Exchange 2010, change the get to set

set-clientaccessserver -identity servername -AutodiscoverServiceInternalURI https://host.example.com/Autodiscover/Autodiscover.xml

or follow the guide I posted in my first answer.

Simon.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Child Domain and dns suffixes 9 27
outlook 2013 8 30
Global Address book 5 36
Can't See Site After DNS Resolved 7 0
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now