Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Exchange 2010 and wildcard CA

Posted on 2013-11-08
15
Medium Priority
?
1,248 Views
Last Modified: 2014-04-23
Hi Experts,
I have Exchange 2010 SP3 with Godaddy wildcard Certificate "*.domain.com". Certificate is working fine for both outlook anywhere, OWA but some internal user got some certificate pop up for "mail.domain.com" which is external domain name . when I click on view certificate , the certificate untrusted is "Watchguard Fireware Web CA".

I have tried "Set-ClienAceessServer - identity ServerName  -autodiscoverserviceInternalUri "https://mail.domain.com/autodiscover/autodiscover.xml".

but , some internal clients are still looking for "mail.domain.com" via " Fireware Web CA"

Please , advise

Regards,
Zaw Tun Naing
0
Comment
Question by:mikenus
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +2
15 Comments
 
LVL 15

Expert Comment

by:Jaroslav Mraz
ID: 39633524
Hi,

simply change DNS A records or make internaly DNS A record MAIL.DOMAIN.COM and point it to EXCHANGE internal or external IP.
0
 

Author Comment

by:mikenus
ID: 39635033
Hi Jeremyno,
Thank you for your advise, I have done that.
I created mail.domain.com zone at internal DNS server and created A record pointing to both exchange internal and external IP address.
but, some of the users still have prompt for fireware web CA.

Regards,
Zaw Tun Naing
0
 
LVL 15

Expert Comment

by:Jaroslav Mraz
ID: 39637979
Strange.


this certificate is on webhosting only ? If you have it in exchange plase delete it. And you can also REPAIR button in account section of outlook after changes on exchange.
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 1500 total points
ID: 39638115
One of the URLs must be wrong, as the clients don't use another host unless they are told to.
Check the full list using my article here: http://semb.ee/hostnames

Simon.
0
 
LVL 37

Expert Comment

by:ArneLovius
ID: 39638199
Your internal DNS should only have your internal addresses.
0
 
LVL 14

Expert Comment

by:Radweld
ID: 39638203
if you have multiple client access servers, it's worth while checking if the correct certificate is installed and more importantly enabled for web services on each client access server. If they differ then this would explain why some work and some don't.  Also check your DHCP is issuing the correct internal DNS servers, if they are correct then run Ipconfig/flushdns on the client that's experiencing the problem to ensure the correct address is resolved.
0
 

Author Comment

by:mikenus
ID: 39715962
Hi
User cert is still poping up to Watch Guard Fireware Web CA? Any more idea?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39716090
You must have a Watchguard in place and therefore have DNS entries pointing to that, or it is listening on SSL. That isn't an Exchange issue, it is something outside of Exchange getting in the way.

Simon.
0
 

Author Comment

by:mikenus
ID: 39716092
May I know detail about Watchguard in place?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39717338
It is your network, so you must know if you have a Watchguard device or not.

Simon.
0
 

Author Comment

by:mikenus
ID: 39719480
Hi Simon,
I have watchguard firewall in place in Network. It is a Edge Device for Internal Network
0
 
LVL 37

Expert Comment

by:ArneLovius
ID: 39720634
might be worthwhile checking the hosts file on that users computer, and what DNS servers they are set for
0
 
LVL 14

Expert Comment

by:Radweld
ID: 39721109
Ping Autodiscover.domain.com and if this responds with the ip of the client access server or the load balancer. If it resolves to the firewall then there's your problem.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question