Exchange 2010 / SBS 2011 DNS problem? Certificate error in outlook
Posted on 2014-03-21
Everything was working fine with outlook on the users PCs on the LAN connecting to the SBS 2011 box.
Then we made the following changes and at the end, users are now getting security alerts that the name on the security certificate is invalid or does not match the name of the site.
Not sure what to do.
1) The system was set up to send mail out from server via DNS on a static IP from a T1 provider. Incoming mail was picked up via POP3 connector from a spam filtering service
2) We got a new IP address from verizon a week ago. It turned out to be on a microsoft RBL and Microsoft hasn't responded to our emails asking to be delisted.
3) So we set up exchange to send out via the spam filterers smart host and changed exchange to receive mail via SMTP, not the POP3 connector.
And now when opening outlook on any of the machines on the lan, we get certificate errors about:
and sometimes autodiscovery.domain.com
from any of these machines, if we ping those addresses, we get the server's IP.
if we look at the certificate, it says it was issued to exchange.domain.com (also, pinging from inside the LAN, it gets the server IP address).
looking at the detail, the Subject is CN=exchange.domain.com
under subject alternate name,
DNS name = domain.com
dns name= exchange.domain.com
dns name = server.domain.local
the last 2 resolve to the server IP
in outlook, the settings for the account on each users machine is the same, except for their user name:
the server is listed as server.domain.local
under security tab, encrypt between outlok and server is checked
and login network security is set to negotiate
under connection, the outlook anywhere box is checked and the settings are:
connection settings: remote.domain.com
only connect to proxy servers taht have the principal name as is checked and the box has:
and authentication is set to basic.
so again, the things that changed are:
Public IP changed (and the public DNS was changed to reflect that)
Moved away from POP3 to SMTP receive
Moved from DNS sending to smart host sending.
all that was on the server. so what's broken between server and desktops that outlook is complaining : ) ??
I am thining - we did have problems with the smtp receive and I deleted / recreated 2 receive connectors..... it asks what it's looking for in the helo field.
hmmmm could that be it? what should I use then? I put in exchange.domain.com for both