Solved

Exchange 2007 Split DNS certificate error

Posted on 2014-03-19
5
570 Views
Last Modified: 2014-06-25
Hi

I have an issue with my exchange box. A few month ago I renewed my UCC certificate which resulted in me having to set up a split dns configuration (due to no longer being able to alias private domains).

External clients now resolve on remote.domain.com, This is seamless.
Internal clients (Outlook) resolve on exchserver.domain.local. This results in certificate errors.

I have told users to accept / ignore certificate errors for a few weeks while I get around to resolving. Issue is the GAB is now getting out of date (I believe it connects through web services). Send and receive results in an error.

Outlook Client will never keep the external address, even though it would resolve internally and offer the correct certificate.

My question is, what is standard practice for setting up certificates on a split dns install?. Should I concentrate on making internal clients connect to the external address, or should I be looking at making web services offer different certificates?

Apologies if I am asking daft questions, I just don't want to focus time on a wild goose chase!

Many thanks
Errors.png
0
Comment
Question by:noooodlez
5 Comments
 
LVL 6

Expert Comment

by:vmdude
Comment Utility
Concentrate on setting up the URLs so that everything is the same internally and externally using the Slit DNS method. If the client is on the domain they will resolve the internal IP address of Exchange and if the client is external to the domain they will resolve the external IP address of Exchange.

Make sure you set the URLs everywhere mind there are number that need to be set.

This will resolve all your certificate warning internally
0
 
LVL 6

Expert Comment

by:vmdude
Comment Utility
Here is the Microsoft article with a bit more detail: http://support.microsoft.com/kb/940726
0
 
LVL 1

Expert Comment

by:SrinivasanITPro
Comment Utility
Hi

Setup DNS A record for remote.domain.com and associate the Internal IP Address of the Exchange Server.  This should resolve.

Regards

KS
0
 

Author Comment

by:noooodlez
Comment Utility
Hi SrinivasanITPro
DNS A record is already set (hence the split DNS)

The issue is when you configure the exchange client, and you specify remote.domain.com as your domain server, the setup process resolves this address to EXCHBOX.domain.local.

Hence the wrong certificate is served internally!

I think there are 2 separate issues here. I will look at ensuring the exchange web services point to the correct address first!
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 400 total points
Comment Utility
The server name being server.domain.local is NOT the cause of your SSL errors. That is perfectly normal and you shouldn't attempt to change it.

The most common reason for SSL errors is not changing all of the URLs within Exchange. They are not all exposed to GUI.

The method I have outlined on this page will work for you:
http://exchange.sembee.info/2007/install/singlenamessl.asp

Simon.
0

Featured Post

Want to promote your upcoming event?

Is your company attending an event or exhibiting at a trade show soon? Are you speaking at a conference? Spread the word by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

Join & Write a Comment

Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now