Solved

Exchange 2010 and wildcard CA

Posted on 2013-11-08
15
1,164 Views
Last Modified: 2014-04-23
Hi Experts,
I have Exchange 2010 SP3 with Godaddy wildcard Certificate "*.domain.com". Certificate is working fine for both outlook anywhere, OWA but some internal user got some certificate pop up for "mail.domain.com" which is external domain name . when I click on view certificate , the certificate untrusted is "Watchguard Fireware Web CA".

I have tried "Set-ClienAceessServer - identity ServerName  -autodiscoverserviceInternalUri "https://mail.domain.com/autodiscover/autodiscover.xml".

but , some internal clients are still looking for "mail.domain.com" via " Fireware Web CA"

Please , advise

Regards,
Zaw Tun Naing
0
Comment
Question by:mikenus
  • 4
  • 3
  • 2
  • +2
15 Comments
 
LVL 15

Expert Comment

by:Jaroslav Mraz
Comment Utility
Hi,

simply change DNS A records or make internaly DNS A record MAIL.DOMAIN.COM and point it to EXCHANGE internal or external IP.
0
 

Author Comment

by:mikenus
Comment Utility
Hi Jeremyno,
Thank you for your advise, I have done that.
I created mail.domain.com zone at internal DNS server and created A record pointing to both exchange internal and external IP address.
but, some of the users still have prompt for fireware web CA.

Regards,
Zaw Tun Naing
0
 
LVL 15

Expert Comment

by:Jaroslav Mraz
Comment Utility
Strange.


this certificate is on webhosting only ? If you have it in exchange plase delete it. And you can also REPAIR button in account section of outlook after changes on exchange.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
Comment Utility
One of the URLs must be wrong, as the clients don't use another host unless they are told to.
Check the full list using my article here: http://semb.ee/hostnames

Simon.
0
 
LVL 36

Expert Comment

by:ArneLovius
Comment Utility
Your internal DNS should only have your internal addresses.
0
 
LVL 14

Expert Comment

by:Radweld
Comment Utility
if you have multiple client access servers, it's worth while checking if the correct certificate is installed and more importantly enabled for web services on each client access server. If they differ then this would explain why some work and some don't.  Also check your DHCP is issuing the correct internal DNS servers, if they are correct then run Ipconfig/flushdns on the client that's experiencing the problem to ensure the correct address is resolved.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:mikenus
Comment Utility
Hi
User cert is still poping up to Watch Guard Fireware Web CA? Any more idea?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
You must have a Watchguard in place and therefore have DNS entries pointing to that, or it is listening on SSL. That isn't an Exchange issue, it is something outside of Exchange getting in the way.

Simon.
0
 

Author Comment

by:mikenus
Comment Utility
May I know detail about Watchguard in place?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
It is your network, so you must know if you have a Watchguard device or not.

Simon.
0
 

Author Comment

by:mikenus
Comment Utility
Hi Simon,
I have watchguard firewall in place in Network. It is a Edge Device for Internal Network
0
 
LVL 36

Expert Comment

by:ArneLovius
Comment Utility
might be worthwhile checking the hosts file on that users computer, and what DNS servers they are set for
0
 
LVL 14

Expert Comment

by:Radweld
Comment Utility
Ping Autodiscover.domain.com and if this responds with the ip of the client access server or the load balancer. If it resolves to the firewall then there's your problem.
0

Featured Post

Wish Marketing would stop bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

Join & Write a Comment

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now