Solved

Outlook 2010

Posted on 2014-03-10
19
366 Views
Last Modified: 2014-03-12
I am just installing Exchange 2013 and I also have Exchange 2007 in my environment.  The problem is users on the 2013 Exchange server is getting "The name of the security certificate is invalid or does not match the name of the site" when they open outlook.

Please help
0
Comment
Question by:zubby1977
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 6
  • 4
19 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39917910
Have you installed a trusted SSL certificate on to your Exchange 2013 server?
If not then you probably have an Autodiscover war.

http://blog.sembee.co.uk/post/Introduction-of-a-New-CAS-Server-Causes-Certificate-Prompts.aspx

Simon.
0
 

Author Comment

by:zubby1977
ID: 39921831
I purchased and installed a trusted certificate on the exchange 2013 server.  I called the CA company I purchase it from and they told me a dot local name cannot be on the certificated.  Please help
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 39921917
You have to change your FQDN to match the name on your certificates.

This is a common issue since 2010, it is consider a best practice to match your internal and external names therefore your certificate will be valid for both.

You only have to do that and of course have the name on your DNS server pointing to the IP.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 11

Expert Comment

by:hecgomrec
ID: 39921929
I ran into this issue couple of days ago.

When you setup Exchange Server it creates a default self-signed certificate for internal use and the common name on it is usually the machinename.domainname, when you installed the new certificate you did with your external (internet facing) name which is normal but now you need to replacement he fully qualified domain name (FQDN) of the URL that is stored in the following objects:

The Service Connection Point for the Autodiscover
The InternalUrl of Exchange Web Service (EWS)
The InternalUrl of the OAB Web service


Here is what worked for me: http://support.microsoft.com/kb/940726 

It is for 2010 but may work for 2013.... Let me know!!!
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39922125
The Exchange 2010 methods work for Exchange 2013 as well. The only addition is that you need to have a split DNS http://semb.ee/splitdns and will need to set Outlook Anywhere addresses through the GUI.

http://semb.ee/hostnames

Simon.
0
 

Author Comment

by:zubby1977
ID: 39922322
It seem that it's getting the old cert from Exchange 2007 instead of the Exchange 2013 Sever which I installed a Trusted Cert
0
 

Author Comment

by:zubby1977
ID: 39923435
Can someone help me with this please.   It's critical.

Thanks
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39923466
This isn't uncommon.
Do you have a trusted SSL certificate on the old server?

This is probably the problem you are seeing:
http://blog.sembee.co.uk/post/Introduction-of-a-New-CAS-Server-Causes-Certificate-Prompts.aspx

Simon.
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 39923502
Did you try my previous suggestion?

Did you change all your records to point to your new server?

If your outlook client still trying to open from the old server you still have something pointing to it you need to change.

Like I said I had the same problem, once I did the steps on the article it when away.
0
 

Author Comment

by:zubby1977
ID: 39923592
I get an error when i run the  Set-ClientAccessServer -Identity on my Exchange 2013 server
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 39923601
OK... what is the error?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39923626
You need to post the full command that you are running and the error being returned.

Simon.
0
 

Author Comment

by:zubby1977
ID: 39923633
Set-ClientAccessServer -Identity MYSERVERNAME -AutodiscoverServiceInternalUrl https://mail.DOMAINNAME.com/autodiscover/autodiscover.xml 

The mail.domainname.com is a SAN of the certificated purchase.
0
 

Author Comment

by:zubby1977
ID: 39923662
the error:

A parameter cannot be found that matches parameter name 'AutodiscoverServiceInternalUrl'.
    + CategoryInfo          : InvalidArgument: (:) [Set-ClientAccessServer], ParameterBindingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Set-ClientAccessServer
    + PSComputerName        : servername.domainname.local
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 39923678
I think for this one you have to change "AutodiscoverServiceInternalUrl" for "AutodiscoverServiceInternalUri"
0
 

Author Comment

by:zubby1977
ID: 39923698
Ok.  I will try that now.
Now I also have users not getting emails on their phones anymore.  These users I moved from Exchange 2007 to Exchange 2013
0
 
LVL 11

Accepted Solution

by:
hecgomrec earned 500 total points
ID: 39923714
Again, you have to finish the steps I gave you, then you have to change all your records to point to your new server.

The reason is, in your firewall and/or your DNS records are looking for their mailboxes on the old OWA box and it is not able to open them because they are not there..

Resolve the Certificate issue and make your 2013 box your "official" mail server by changing all your DNS records and firewalls port forwarding to the server and you should be ok.
0
 

Author Comment

by:zubby1977
ID: 39923741
Thanks...I'll do that now
0
 

Author Closing Comment

by:zubby1977
ID: 39925402
Thanks for your help.  Issue resolved.
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read this checklist to learn more about the 15 things you should never include in an email signature.
Many people use more than one email account and so it becomes difficult for them to manage them when they use separate accounts,  so, in this article, I have shared an easy way to add Other Mail Accounts in your Google Inbox. It helps to combine all…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question