Secure Certificate for Exchange Problem

I have an external domain aaa.org and our internal network is zzz.net.  Users accessing email using mail.aaa.org/owa from outside our network have no problem.  However, users on our internal network connecting to email through outlook 2010 to server.zzz.net running Exchange 2010 get an error saying:
_____________________________________________________________________________________________
server.zzz.net

The name on the security certificate is invalid or does not match the name of the site.
_____________________________________________________________________________________________

This error occurs because the domain zzz.net is not on the certificate.  We can't include the domain zzz.net on the certificate because the network is internal and is not registered with whois.

Can you tell me the best way to configure this server so that users on the internal network do not get this certificate error?  I'd rather not go with a split DNS zone if at all possible, as that raises other issues.

Thanks in advance for your help.
LVL 1
StolzmanAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Alan HardistyConnect With a Mentor Co-OwnerCommented:
All you need to do is run the following Exchange Management Shell commands to change the internal URL pointers to the External URL that is included in the SSL Certificate:

Set-AutodiscoverVirtualDirectory -Identity * –internalurl “https://mail.aaa.org/autodiscover/autodiscover.xml”
Set-ClientAccessServer –Identity * –AutodiscoverServiceInternalUri “https://mail.aaa.org/autodiscover/autodiscover.xml”
Set-webservicesvirtualdirectory –Identity * –internalurl “https://mail.aaa.org/EWS/Exchange.asmx”
Set-oabvirtualdirectory –Identity * –internalurl “https://mail.aaa.org/oab”
Set-owavirtualdirectory –Identity * –internalurl “https://mail.aaa.org/owa”
Set-ecpvirtualdirectory –Identity * –internalurl “https://mail.aaa.org/ecp”
Set-ActiveSyncVirtualDirectory -Identity * -InternalUrl "https://mail.aaa.org/Microsoft-Server-ActiveSync

(Obviously replace the aaa.org part with your real domain name and then the error will go away).

Alan
0
 
StolzmanAuthor Commented:
Yup, that stopped the error messages.  Thanks so much for the extremely quick and accurate response.
0
 
Alan HardistyCo-OwnerCommented:
You're welcome.  Glad it fixed the messages for you.

Alan
0
All Courses

From novice to tech pro — start learning today.