Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1285
  • Last Modified:

Exchange 2010 and wildcard CA

Hi Experts,
I have Exchange 2010 SP3 with Godaddy wildcard Certificate "*.domain.com". Certificate is working fine for both outlook anywhere, OWA but some internal user got some certificate pop up for "mail.domain.com" which is external domain name . when I click on view certificate , the certificate untrusted is "Watchguard Fireware Web CA".

I have tried "Set-ClienAceessServer - identity ServerName  -autodiscoverserviceInternalUri "https://mail.domain.com/autodiscover/autodiscover.xml".

but , some internal clients are still looking for "mail.domain.com" via " Fireware Web CA"

Please , advise

Regards,
Zaw Tun Naing
0
mikenus
Asked:
mikenus
  • 4
  • 3
  • 2
  • +2
1 Solution
 
Jaroslav MrazCTOCommented:
Hi,

simply change DNS A records or make internaly DNS A record MAIL.DOMAIN.COM and point it to EXCHANGE internal or external IP.
0
 
mikenusAuthor Commented:
Hi Jeremyno,
Thank you for your advise, I have done that.
I created mail.domain.com zone at internal DNS server and created A record pointing to both exchange internal and external IP address.
but, some of the users still have prompt for fireware web CA.

Regards,
Zaw Tun Naing
0
 
Jaroslav MrazCTOCommented:
Strange.


this certificate is on webhosting only ? If you have it in exchange plase delete it. And you can also REPAIR button in account section of outlook after changes on exchange.
0
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

 
Simon Butler (Sembee)ConsultantCommented:
One of the URLs must be wrong, as the clients don't use another host unless they are told to.
Check the full list using my article here: http://semb.ee/hostnames

Simon.
0
 
ArneLoviusCommented:
Your internal DNS should only have your internal addresses.
0
 
RadweldCommented:
if you have multiple client access servers, it's worth while checking if the correct certificate is installed and more importantly enabled for web services on each client access server. If they differ then this would explain why some work and some don't.  Also check your DHCP is issuing the correct internal DNS servers, if they are correct then run Ipconfig/flushdns on the client that's experiencing the problem to ensure the correct address is resolved.
0
 
mikenusAuthor Commented:
Hi
User cert is still poping up to Watch Guard Fireware Web CA? Any more idea?
0
 
Simon Butler (Sembee)ConsultantCommented:
You must have a Watchguard in place and therefore have DNS entries pointing to that, or it is listening on SSL. That isn't an Exchange issue, it is something outside of Exchange getting in the way.

Simon.
0
 
mikenusAuthor Commented:
May I know detail about Watchguard in place?
0
 
Simon Butler (Sembee)ConsultantCommented:
It is your network, so you must know if you have a Watchguard device or not.

Simon.
0
 
mikenusAuthor Commented:
Hi Simon,
I have watchguard firewall in place in Network. It is a Edge Device for Internal Network
0
 
ArneLoviusCommented:
might be worthwhile checking the hosts file on that users computer, and what DNS servers they are set for
0
 
RadweldCommented:
Ping Autodiscover.domain.com and if this responds with the ip of the client access server or the load balancer. If it resolves to the firewall then there's your problem.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 4
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now