Solved

Exchange 2007 Split DNS certificate error

Posted on 2014-03-19
5
586 Views
Last Modified: 2014-06-25
Hi

I have an issue with my exchange box. A few month ago I renewed my UCC certificate which resulted in me having to set up a split dns configuration (due to no longer being able to alias private domains).

External clients now resolve on remote.domain.com, This is seamless.
Internal clients (Outlook) resolve on exchserver.domain.local. This results in certificate errors.

I have told users to accept / ignore certificate errors for a few weeks while I get around to resolving. Issue is the GAB is now getting out of date (I believe it connects through web services). Send and receive results in an error.

Outlook Client will never keep the external address, even though it would resolve internally and offer the correct certificate.

My question is, what is standard practice for setting up certificates on a split dns install?. Should I concentrate on making internal clients connect to the external address, or should I be looking at making web services offer different certificates?

Apologies if I am asking daft questions, I just don't want to focus time on a wild goose chase!

Many thanks
Errors.png
0
Comment
Question by:noooodlez
5 Comments
 
LVL 6

Expert Comment

by:vmdude
ID: 39939227
Concentrate on setting up the URLs so that everything is the same internally and externally using the Slit DNS method. If the client is on the domain they will resolve the internal IP address of Exchange and if the client is external to the domain they will resolve the external IP address of Exchange.

Make sure you set the URLs everywhere mind there are number that need to be set.

This will resolve all your certificate warning internally
0
 
LVL 6

Expert Comment

by:vmdude
ID: 39939238
Here is the Microsoft article with a bit more detail: http://support.microsoft.com/kb/940726
0
 
LVL 1

Expert Comment

by:SrinivasanITPro
ID: 39939311
Hi

Setup DNS A record for remote.domain.com and associate the Internal IP Address of the Exchange Server.  This should resolve.

Regards

KS
0
 

Author Comment

by:noooodlez
ID: 39939322
Hi SrinivasanITPro
DNS A record is already set (hence the split DNS)

The issue is when you configure the exchange client, and you specify remote.domain.com as your domain server, the setup process resolves this address to EXCHBOX.domain.local.

Hence the wrong certificate is served internally!

I think there are 2 separate issues here. I will look at ensuring the exchange web services point to the correct address first!
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 400 total points
ID: 39941907
The server name being server.domain.local is NOT the cause of your SSL errors. That is perfectly normal and you shouldn't attempt to change it.

The most common reason for SSL errors is not changing all of the URLs within Exchange. They are not all exposed to GUI.

The method I have outlined on this page will work for you:
http://exchange.sembee.info/2007/install/singlenamessl.asp

Simon.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
how to add IIS SMTP to handle application/Scanner relays into office 365.

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question