Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Exchange Certificate update failure

Posted on 2014-02-03
8
171 Views
Last Modified: 2014-02-10
I have an SBS 2011 Standard server with Exchange 2010.

The business recently changed it's name/domain. As a result I have changed the email domain in exchange. Exchange is being used for internal send/receive mail only, no remote access.

After completing the process, everything looks and is operating appropriately, with the exception of the certificate being updated in some fashion.

Users are using outlook 2010, as they also have some pop3 emails configured. Upon launching outlook, they immediately get a certificate warning that pops up twice. They can say yes to proceed and function normally.

The certificate warning is attached below. It references the email domain name at the top, but when I open the certificate, it appears to be for the new email domain name.

I have run the internet setup wizard multiple time, as well as the fix my network wizard without success. Is there another manual means of updating/correcting this issue?
Untitled.jpg
0
Comment
Question by:tjwo94
8 Comments
 

Author Comment

by:tjwo94
ID: 39830984
Additional information:

When I run an autodiscover test from an outlook client I notice these things are still referencing the old domain:


Exchange RPC
Availability URL service
OOF URL
OAB URL
Unified Message Service URL

Exchange HTTP
Availability URL service
OOF URL
OAB URL
Unified Message Service URL
Certificate Principle Name
0
 
LVL 12

Expert Comment

by:David Paris Vicente
ID: 39831194
If you are just using for internal purposes the Exchange organization, you can generate a new certificate with your internal CA, if you have one.

The SAN certificate name is probably wrong you have to generate a new SAN certificate with the correct domain .

Please take a look here:Create a New Exchange Certificate to see how you accomplish that.

Regards
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 500 total points
ID: 39831263
After you have installed your cert did you change your Exchange Virtual directories to reflect your new domain name on the cert? Also if you users mailboxes that reside on the old exchange server your certificate will need to have the following...

- autodiscover.domain.com
- mail.domain.com
- legacy.domain.com

You will then need to install the cert on the new Exchange server, export it and import it on any other CAS servers in your environment, including your old Exchange server.

If you do not have your old Exchange server in play then you probably just need to modify your virtual directories in the ECP or using powershell.

Will.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:tjwo94
ID: 39831435
Will,

I have not updated exchange virtual directories, and can't say that I know how. There is only one exchange server which is what I have updated.
0
 

Accepted Solution

by:
tjwo94 earned 0 total points
ID: 39831469
Will,

Looks like you pointed me in the right direction. While determining how to update virtual directories, I came upon this:

http://premnair.wordpress.com/2010/07/03/configure-ews-autodiscover-owa-oab-ecp-on-exchange-server-2010/

Ran through the steps, and now my test outlook client isn't popping up cert errors. I'll check regular users tomorrow and update.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39832125
Your mistake was making the changes in Exchange directly.
If you had ran the wizards in SBS Console it would have changed the domain for you AND generated an SSL certificate that was suitable for the task. SBS should not be managed in the same way as the full product, as you will never make all of the changes the wizards make (I read somewhere it was over 200).

Simon.
0
 

Author Comment

by:tjwo94
ID: 39832151
I re ran the wizards first Simon. First the internet setup wizard to change the email domain, then a fix network wizard ti hopefully clean up any lose ends. The certificate was created, however the wizard failed to apply all the changes necessary to other exchange components in order for everything to work properly. The url I posted shows the pieces the wizard failed to complete, otherwise the wizard did a great job.
0
 

Author Closing Comment

by:tjwo94
ID: 39846821
What I found did the trick, no more cert errors. Thank for getting me looking in the right place.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
how to add IIS SMTP to handle application/Scanner relays into office 365.

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question