Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 402
  • Last Modified:

Certificate message in Outlook 2010 connecting to Exchange 2010

Hi guys!  I recently completed my migration from Exchange 2003 to Exchange 2010.  All of my clients are running Outlook 2010.  I bought a new SSL cert for this.  Now every time somebody opens Outlook (and a lot of random times when they already have it open), the stupid SSL message comes up warning about the certificate.  If I install the certificate on the client it seems to make no difference.  Also, I find that Outlook is crashing repeatedly for quite a few of my clients.  I did the "repair" utility under Control Panel --> Mail, and this fixes it for a while, but then it starts happening again after a couple of days.   Help !!!
0
zagnutttt4
Asked:
zagnutttt4
  • 9
  • 6
  • 2
2 Solutions
 
Jamie McKillopIT ManagerCommented:
Hello,

When the certificate warning comes up, does the name it presents match the name on the certificate? Are you using that same name for all your Outlook Anywhere services?

-JJ
0
 
zagnutttt4Author Commented:
Well, technically no...  The name on the certificate is for the external hostname of our single WAN IP address..   so from the outside world, we are simply known by "mail.externaldomainname.com" and that's the name on my certificate.  Internally, the server's name is obviously different (storage1.internaldomainname.local).  How can I do this correctly without have two different SSL certs?    

To answer your 2nd question, yes, from the outside world, everything that uses Outlook Anywhere, ActiveSync, etc..  uses the same name that is on the cert (mail.externaldomainname.com).
0
 
Jamie McKillopIT ManagerCommented:
The best practice is to use split-DNS. This is where you have both an internal and external DNS infrastructure for your public zone. Both infrastructures are independent, so you can use internal IPs on your internal DNS infrastructure. You could also use a different DNS zone internally. The caveat with that is that you can no longer register private DNS zones, like .local on SSL certs. You would need to register another domain and use that.

-JJ
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
zagnutttt4Author Commented:
Is there any way to utilize two SSL certificates instead of using split-DNS?
0
 
Jamie McKillopIT ManagerCommented:
No, you can only use one cert but you can add multiple names to a single SAN cert.

-JJ
0
 
zagnutttt4Author Commented:
Interesting...   What is a SAN cert?  I don't know if mine is that or not...
0
 
Jamie McKillopIT ManagerCommented:
Subject Alternate Name cert. Sometimes also referred to as a UCC cert. You really should already have one as you need mail.externaldomainname.com and autodiscover.externaldomainname.com on your cert.

-JJ
0
 
zagnutttt4Author Commented:
Cool - if so, I can just reissue a request then regenerate the cert, redownload the cert and reinstall the cert ?
0
 
Jamie McKillopIT ManagerCommented:
You will need to contact your SSL cert vendor to see if you can add names to your cert.

-JJ
0
 
zagnutttt4Author Commented:
It's a GoDaddy cert so I will contact them today and see what they say.  Is there any way to make Exchange use one of the other built in certs for the internal client connections?  It looks like those already have the internal name of the server on them.
0
 
Jamie McKillopIT ManagerCommented:
No, Exchange can only use one cert.

-JJ
0
 
zagnutttt4Author Commented:
Gotcha.  Well, I am on hold with GoDaddy right now so I will see what they have to say !  Wish me luck....
0
 
Simon Butler (Sembee)ConsultantCommented:
Why don't you want to use a split DNS system? If you have the certificate in place then the configuration is 30 seconds and fixed.
You will need to adjust the configuration of Exchange - the problem you have is caused by the introduction of Exchange 2010 - the clients attempt Autodiscover all the time and now it works.

http://semb.ee/hostnames

Simon.
0
 
zagnutttt4Author Commented:
Hi Sembee..  I'm willing to try the Split-DNS, but I'm not sure where to start.  RIght now there is one DNS 'zone"..  we have two domain controllers.  Where do I begin ?
0
 
Simon Butler (Sembee)ConsultantCommented:
It is very easy. You just need to create the required zone if your AD domain is something different to your public domain.

http://semb.ee/splitdns

Simon.
0
 
zagnutttt4Author Commented:
Thank you Simon, I am going to attempt this today after lunch and I will update you on my status afterwards.  Wish me luck!
0
 
zagnutttt4Author Commented:
Guys, thank you very much!  I implemented split-DNS and it indeed did the trick!  Now to move on to other fires that need to be put out.   Thanks again, I highly appreciate your help with this matter!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 9
  • 6
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now