Solved

Secure Certificate for Exchange Problem

Posted on 2014-02-05
3
290 Views
Last Modified: 2014-02-05
I have an external domain aaa.org and our internal network is zzz.net.  Users accessing email using mail.aaa.org/owa from outside our network have no problem.  However, users on our internal network connecting to email through outlook 2010 to server.zzz.net running Exchange 2010 get an error saying:
_____________________________________________________________________________________________
server.zzz.net

The name on the security certificate is invalid or does not match the name of the site.
_____________________________________________________________________________________________

This error occurs because the domain zzz.net is not on the certificate.  We can't include the domain zzz.net on the certificate because the network is internal and is not registered with whois.

Can you tell me the best way to configure this server so that users on the internal network do not get this certificate error?  I'd rather not go with a split DNS zone if at all possible, as that raises other issues.

Thanks in advance for your help.
0
Comment
Question by:Stolzman
  • 2
3 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 39836577
All you need to do is run the following Exchange Management Shell commands to change the internal URL pointers to the External URL that is included in the SSL Certificate:

Set-AutodiscoverVirtualDirectory -Identity * –internalurl “https://mail.aaa.org/autodiscover/autodiscover.xml”
Set-ClientAccessServer –Identity * –AutodiscoverServiceInternalUri “https://mail.aaa.org/autodiscover/autodiscover.xml”
Set-webservicesvirtualdirectory –Identity * –internalurl “https://mail.aaa.org/EWS/Exchange.asmx”
Set-oabvirtualdirectory –Identity * –internalurl “https://mail.aaa.org/oab”
Set-owavirtualdirectory –Identity * –internalurl “https://mail.aaa.org/owa”
Set-ecpvirtualdirectory –Identity * –internalurl “https://mail.aaa.org/ecp”
Set-ActiveSyncVirtualDirectory -Identity * -InternalUrl "https://mail.aaa.org/Microsoft-Server-ActiveSync

(Obviously replace the aaa.org part with your real domain name and then the error will go away).

Alan
0
 
LVL 1

Author Closing Comment

by:Stolzman
ID: 39837518
Yup, that stopped the error messages.  Thanks so much for the extremely quick and accurate response.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39837634
You're welcome.  Glad it fixed the messages for you.

Alan
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
how to add IIS SMTP to handle application/Scanner relays into office 365.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question