zubby1977
asked on
Outlook 2010
I am just installing Exchange 2013 and I also have Exchange 2007 in my environment. The problem is users on the 2013 Exchange server is getting "The name of the security certificate is invalid or does not match the name of the site" when they open outlook.
Please help
Please help
ASKER
I purchased and installed a trusted certificate on the exchange 2013 server. I called the CA company I purchase it from and they told me a dot local name cannot be on the certificated. Please help
You have to change your FQDN to match the name on your certificates.
This is a common issue since 2010, it is consider a best practice to match your internal and external names therefore your certificate will be valid for both.
You only have to do that and of course have the name on your DNS server pointing to the IP.
This is a common issue since 2010, it is consider a best practice to match your internal and external names therefore your certificate will be valid for both.
You only have to do that and of course have the name on your DNS server pointing to the IP.
I ran into this issue couple of days ago.
When you setup Exchange Server it creates a default self-signed certificate for internal use and the common name on it is usually the machinename.domainname, when you installed the new certificate you did with your external (internet facing) name which is normal but now you need to replacement he fully qualified domain name (FQDN) of the URL that is stored in the following objects:
The Service Connection Point for the Autodiscover
The InternalUrl of Exchange Web Service (EWS)
The InternalUrl of the OAB Web service
Here is what worked for me: http://support.microsoft.com/kb/940726
It is for 2010 but may work for 2013.... Let me know!!!
When you setup Exchange Server it creates a default self-signed certificate for internal use and the common name on it is usually the machinename.domainname, when you installed the new certificate you did with your external (internet facing) name which is normal but now you need to replacement he fully qualified domain name (FQDN) of the URL that is stored in the following objects:
The Service Connection Point for the Autodiscover
The InternalUrl of Exchange Web Service (EWS)
The InternalUrl of the OAB Web service
Here is what worked for me: http://support.microsoft.com/kb/940726
It is for 2010 but may work for 2013.... Let me know!!!
The Exchange 2010 methods work for Exchange 2013 as well. The only addition is that you need to have a split DNS http://semb.ee/splitdns and will need to set Outlook Anywhere addresses through the GUI.
http://semb.ee/hostnames
Simon.
http://semb.ee/hostnames
Simon.
ASKER
It seem that it's getting the old cert from Exchange 2007 instead of the Exchange 2013 Sever which I installed a Trusted Cert
ASKER
Can someone help me with this please. It's critical.
Thanks
Thanks
This isn't uncommon.
Do you have a trusted SSL certificate on the old server?
This is probably the problem you are seeing:
http://blog.sembee.co.uk/post/Introduction-of-a-New-CAS-Server-Causes-Certificate-Prompts.aspx
Simon.
Do you have a trusted SSL certificate on the old server?
This is probably the problem you are seeing:
http://blog.sembee.co.uk/post/Introduction-of-a-New-CAS-Server-Causes-Certificate-Prompts.aspx
Simon.
Did you try my previous suggestion?
Did you change all your records to point to your new server?
If your outlook client still trying to open from the old server you still have something pointing to it you need to change.
Like I said I had the same problem, once I did the steps on the article it when away.
Did you change all your records to point to your new server?
If your outlook client still trying to open from the old server you still have something pointing to it you need to change.
Like I said I had the same problem, once I did the steps on the article it when away.
ASKER
I get an error when i run the Set-ClientAccessServer -Identity on my Exchange 2013 server
OK... what is the error?
You need to post the full command that you are running and the error being returned.
Simon.
Simon.
ASKER
Set-ClientAccessServer -Identity MYSERVERNAME -AutodiscoverServiceIntern alUrl https://mail.DOMAINNAME.com/autodiscover/autodiscover.xml
The mail.domainname.com is a SAN of the certificated purchase.
The mail.domainname.com is a SAN of the certificated purchase.
ASKER
the error:
A parameter cannot be found that matches parameter name 'AutodiscoverServiceIntern alUrl'.
+ CategoryInfo : InvalidArgument: (:) [Set-ClientAccessServer], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Set -ClientAcc essServer
+ PSComputerName : servername.domainname.loca l
A parameter cannot be found that matches parameter name 'AutodiscoverServiceIntern
+ CategoryInfo : InvalidArgument: (:) [Set-ClientAccessServer], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Set
+ PSComputerName : servername.domainname.loca
I think for this one you have to change "AutodiscoverServiceIntern alUrl" for "AutodiscoverServiceIntern alUri"
ASKER
Ok. I will try that now.
Now I also have users not getting emails on their phones anymore. These users I moved from Exchange 2007 to Exchange 2013
Now I also have users not getting emails on their phones anymore. These users I moved from Exchange 2007 to Exchange 2013
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks...I'll do that now
ASKER
Thanks for your help. Issue resolved.
If not then you probably have an Autodiscover war.
http://blog.sembee.co.uk/post/Introduction-of-a-New-CAS-Server-Causes-Certificate-Prompts.aspx
Simon.