• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 298
  • Last Modified:

Secure Certificate for Exchange Problem

I have an external domain aaa.org and our internal network is zzz.net.  Users accessing email using mail.aaa.org/owa from outside our network have no problem.  However, users on our internal network connecting to email through outlook 2010 to server.zzz.net running Exchange 2010 get an error saying:
_____________________________________________________________________________________________
server.zzz.net

The name on the security certificate is invalid or does not match the name of the site.
_____________________________________________________________________________________________

This error occurs because the domain zzz.net is not on the certificate.  We can't include the domain zzz.net on the certificate because the network is internal and is not registered with whois.

Can you tell me the best way to configure this server so that users on the internal network do not get this certificate error?  I'd rather not go with a split DNS zone if at all possible, as that raises other issues.

Thanks in advance for your help.
0
Stolzman
Asked:
Stolzman
  • 2
1 Solution
 
Alan HardistyCo-OwnerCommented:
All you need to do is run the following Exchange Management Shell commands to change the internal URL pointers to the External URL that is included in the SSL Certificate:

Set-AutodiscoverVirtualDirectory -Identity * –internalurl “https://mail.aaa.org/autodiscover/autodiscover.xml”
Set-ClientAccessServer –Identity * –AutodiscoverServiceInternalUri “https://mail.aaa.org/autodiscover/autodiscover.xml”
Set-webservicesvirtualdirectory –Identity * –internalurl “https://mail.aaa.org/EWS/Exchange.asmx”
Set-oabvirtualdirectory –Identity * –internalurl “https://mail.aaa.org/oab”
Set-owavirtualdirectory –Identity * –internalurl “https://mail.aaa.org/owa”
Set-ecpvirtualdirectory –Identity * –internalurl “https://mail.aaa.org/ecp”
Set-ActiveSyncVirtualDirectory -Identity * -InternalUrl "https://mail.aaa.org/Microsoft-Server-ActiveSync

(Obviously replace the aaa.org part with your real domain name and then the error will go away).

Alan
0
 
StolzmanAuthor Commented:
Yup, that stopped the error messages.  Thanks so much for the extremely quick and accurate response.
0
 
Alan HardistyCo-OwnerCommented:
You're welcome.  Glad it fixed the messages for you.

Alan
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now