Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 627
  • Last Modified:

Exchange 2007 Split DNS certificate error

Hi

I have an issue with my exchange box. A few month ago I renewed my UCC certificate which resulted in me having to set up a split dns configuration (due to no longer being able to alias private domains).

External clients now resolve on remote.domain.com, This is seamless.
Internal clients (Outlook) resolve on exchserver.domain.local. This results in certificate errors.

I have told users to accept / ignore certificate errors for a few weeks while I get around to resolving. Issue is the GAB is now getting out of date (I believe it connects through web services). Send and receive results in an error.

Outlook Client will never keep the external address, even though it would resolve internally and offer the correct certificate.

My question is, what is standard practice for setting up certificates on a split dns install?. Should I concentrate on making internal clients connect to the external address, or should I be looking at making web services offer different certificates?

Apologies if I am asking daft questions, I just don't want to focus time on a wild goose chase!

Many thanks
Errors.png
0
noooodlez
Asked:
noooodlez
1 Solution
 
vmdudeCommented:
Concentrate on setting up the URLs so that everything is the same internally and externally using the Slit DNS method. If the client is on the domain they will resolve the internal IP address of Exchange and if the client is external to the domain they will resolve the external IP address of Exchange.

Make sure you set the URLs everywhere mind there are number that need to be set.

This will resolve all your certificate warning internally
0
 
vmdudeCommented:
Here is the Microsoft article with a bit more detail: http://support.microsoft.com/kb/940726
0
 
SrinivasanITProCommented:
Hi

Setup DNS A record for remote.domain.com and associate the Internal IP Address of the Exchange Server.  This should resolve.

Regards

KS
0
 
noooodlezAuthor Commented:
Hi SrinivasanITPro
DNS A record is already set (hence the split DNS)

The issue is when you configure the exchange client, and you specify remote.domain.com as your domain server, the setup process resolves this address to EXCHBOX.domain.local.

Hence the wrong certificate is served internally!

I think there are 2 separate issues here. I will look at ensuring the exchange web services point to the correct address first!
0
 
Simon Butler (Sembee)ConsultantCommented:
The server name being server.domain.local is NOT the cause of your SSL errors. That is perfectly normal and you shouldn't attempt to change it.

The most common reason for SSL errors is not changing all of the URLs within Exchange. They are not all exposed to GUI.

The method I have outlined on this page will work for you:
http://exchange.sembee.info/2007/install/singlenamessl.asp

Simon.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now