Exchange 2013 Auto Discover SSL annoyance

We have recently purchased a GeoTrust EV SSL certificate to prevent those annoying SSL warnings when you start outlook 2013.

The errors seem to have some almost completely, however...

The certificate has been issued for an FQDN, e.g. "exchange.domain.com".
Our internal domain (AD)/hostname for that server is "exchange2013.company.corp"

Most of the errors seem fixed, I even ran some scripts to update autodiscover issues.
http://jaworskiblog.com/2013/04/13/setting-internal-and-external-urls-in-exchange-2013/

But, when outlook starts, it still asks to accept a certificate for "exchange2013.company.corp" and not the correct URL "exchange.domain.com"
Mind you, under outlook settings, I have changed the msstd to exchange.domain.com

It seems the configuration on the server still has a reference to "autodiscover.company.corp" (complains about this too) and "exchange2013.company.corp". I tried browsing using ADSIedit, but can't find it...

Anyone, any idea?
redworksAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
redworksConnect With a Mentor Author Commented:
Turns out there were some old, self signed certificates, bound to the SMTP.
When I removed those, reapplied EV certificate to SMTP (seemed to be have done already, but appearantly not fully). Then it stopped complaining.
0
 
Peter HutchisonSenior Network Systems SpecialistCommented:
Your certificate will require multiple alternate names so it should include external, internal names and the Autodiscover name as well included in the same certificate.

http://exchangeserverpro.com/exchange-server-2013-ssl-certificates/

The autodiscover name is for Outlook, Outlook Anywhere and ActiveSync web services.
Configuration for this is via the Get-AutoDiscoverVirtualDirectory and Set-AutoDiscoverVirtualDirectory for the InternalUrl and ExternalUrl attributes (empty by default).
0
 
Simon Butler (Sembee)ConsultantCommented:
@ cmsxpjh

"The autodiscover name is for Outlook, Outlook Anywhere and ActiveSync web services.
Configuration for this is via the Get-AutoDiscoverVirtualDirectory and Set-AutoDiscoverVirtualDirectory for the InternalUrl and ExternalUrl attributes (empty by default). "

This is incorrect information, as is this:

"Your certificate will require multiple alternate names so it should include external, internal names"

The settings you have applied are blank by default and should be left blank. They have nothing to do with Autodiscover and are not the cause of this problem.
Internal names are not possible on SSL certificates which are valid after November 2014. Therefore there is no requirement to include them.

The error is probably from Autodiscover which is set on the Client Access Server properties.

get-clientaccessserver | select identity, AutodiscoverServiceInternalURI

The host name listed should be one that matches your trusted certificate.

Simon.
0
 
redworksAuthor Commented:
this is the solution
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.