Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Exchange 2013 invalid certificate

Posted on 2014-04-10
10
Medium Priority
?
576 Views
Last Modified: 2014-04-18
Hi Guys
I just installed an Exchange 2013 and I install an 3 party certificate that point to mail.extdomain.com and I create a zone on DNS called extdoamin.com the I create an A record on that zone called mail.extdomain.com pointing to the internal IP of the Exchange server and an autodiscover.extdomain.com pointing to the IP of the Exchange server.
For some reason when I start to configure Outlook 2013 on the clients PC's I get he certificate error bellow.
Any idea why?

cert
0
Comment
Question by:infedonetwork
  • 5
  • 5
10 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 39993180
You can run the following commands to get the External Urls:
Get-ActiveSyncVirtualDirectory   | ft server,*lur* -AutoSize
Get-AutodiscoverVirtualDirectory | ft server,*lur* -AutoSize
Get-ClientAccessServer           | ft name,  *lur* -AutoSize
Get-EcpVirtualDirectory          | ft server,*lur* -AutoSize
Get-OabVirtualDirectory          | ft server,*lur* -AutoSize
Get-OwaVirtualDirectory          | ft server,*lur* -AutoSize
Get-WebServicesVirtualDirectory  | ft server,*lur* –AutoSize

Then change your internal urls to match the external urls:

Set-ClientAccessServer -Identity HostName -AutodiscoverServiceInternalUri https://mail.yourdomain.com/autodiscover/autodiscover.xml 

Set-WebServicesVirtualDirectory -Identity "HostName\EWS (Default Web Site)" -InternalUrl https://mail.yourdomain.com/ews/exchange.asmx 

Set-OABVirtualDirectory -Identity "HostName\oab (Default Web Site)" -InternalUrl https://mail.yourdomain.com/oab
0
 
LVL 2

Author Comment

by:infedonetwork
ID: 39993188
Can I do this from the ECP?
I already set all the externals URL from ECP under virtual directory.
I can try to do it but lust time I did it from there it mess-up.
0
 
LVL 29

Expert Comment

by:becraig
ID: 39993195
Do you not have the exchange cmdlets available ?

That would make it much easier for you, you can validate the command here before you run, however the first command I gave you would give you the EXACT urls under both Internal and External - the first command makes no changes it only gives you the detailed info on current configuration.
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
LVL 2

Author Comment

by:infedonetwork
ID: 39993201
Those are the results for the commands you give me.
I was wondering if the autodiscover "exchange" I should change it to "mail.domain.com"?
Also do I have to change all those internal URL to match the external or just the autodiscover one and the OWA?
Can that be done from ECP virtual directory?

exchange
0
 
LVL 2

Author Comment

by:infedonetwork
ID: 39993207
If you look at the certificate error on top right it say autodiscover.domain.ca
That's when I create the A record for Autodiscover on DNS.
If I delete that record and leave on DNS only mail.domain.com then I 'm getting on the certificate the exchange name instead of the autodiscover.doamain.ca
0
 
LVL 29

Accepted Solution

by:
becraig earned 2000 total points
ID: 39993211
No you do not need to change to mail.xx.com

you are using a .ca domain just have the domain reflect what the EXT url currently says.
Hostname - being the name of the server

Commands:
Set-ClientAccessServer -Identity HostName -AutodiscoverServiceInternalUri https://mail.xx.ca/autodiscover/autodiscover.xml 

Set-WebServicesVirtualDirectory -Identity "HostName\EWS (Default Web Site)" -InternalUrl https://mail.xx.ca/ews/exchange.asmx

Set-OABVirtualDirectory -Identity "HostName\oab (Default Web Site)" -InternalUrl https://mail.xx.ca/oab

Validate the urls against your actual domain names
0
 
LVL 2

Author Comment

by:infedonetwork
ID: 39994436
I did all that and 2 out of 5 outlook profiles was not giving me the certificate error.
So I delete from DNS the autodiscover.domain.ca and left only mail.domain.com and now I did 3 profiles and no more cert error.
I will let you know how that goes once I'm done with everything.
Also I was wondering if I did something wrong on the deployment or this is something that needs to be done every time after Exchange is installed. I have the felling that I did something wrong with the 3th party certificate when I did the cert request.
I'm just assuming.
0
 
LVL 29

Expert Comment

by:becraig
ID: 39994615
I was just the mapping of the names to the certificates.

Now that is resolved I think you should be ok.
0
 
LVL 2

Author Comment

by:infedonetwork
ID: 39994663
So this is something that I can do to make sure it does not happen next time or I have to do this every exchange I deploy?
0
 
LVL 29

Expert Comment

by:becraig
ID: 39994665
Once you deploy with the internal and External URLs matching then you will not run into this issue.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
If you have come across a situation where you need to find some EDB mailbox recovery techniques, then here you will find the same. In this article, we will take you through three techniques using which you will be able to perform EDB recovery. You …
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
how to add IIS SMTP to handle application/Scanner relays into office 365.

782 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question