• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 593
  • Last Modified:

Exchange 2013 invalid certificate

Hi Guys
I just installed an Exchange 2013 and I install an 3 party certificate that point to mail.extdomain.com and I create a zone on DNS called extdoamin.com the I create an A record on that zone called mail.extdomain.com pointing to the internal IP of the Exchange server and an autodiscover.extdomain.com pointing to the IP of the Exchange server.
For some reason when I start to configure Outlook 2013 on the clients PC's I get he certificate error bellow.
Any idea why?

cert
0
infedonetwork
Asked:
infedonetwork
  • 5
  • 5
1 Solution
 
becraigCommented:
You can run the following commands to get the External Urls:
Get-ActiveSyncVirtualDirectory   | ft server,*lur* -AutoSize
Get-AutodiscoverVirtualDirectory | ft server,*lur* -AutoSize
Get-ClientAccessServer           | ft name,  *lur* -AutoSize
Get-EcpVirtualDirectory          | ft server,*lur* -AutoSize
Get-OabVirtualDirectory          | ft server,*lur* -AutoSize
Get-OwaVirtualDirectory          | ft server,*lur* -AutoSize
Get-WebServicesVirtualDirectory  | ft server,*lur* –AutoSize

Then change your internal urls to match the external urls:

Set-ClientAccessServer -Identity HostName -AutodiscoverServiceInternalUri https://mail.yourdomain.com/autodiscover/autodiscover.xml 

Set-WebServicesVirtualDirectory -Identity "HostName\EWS (Default Web Site)" -InternalUrl https://mail.yourdomain.com/ews/exchange.asmx 

Set-OABVirtualDirectory -Identity "HostName\oab (Default Web Site)" -InternalUrl https://mail.yourdomain.com/oab
0
 
infedonetworkAuthor Commented:
Can I do this from the ECP?
I already set all the externals URL from ECP under virtual directory.
I can try to do it but lust time I did it from there it mess-up.
0
 
becraigCommented:
Do you not have the exchange cmdlets available ?

That would make it much easier for you, you can validate the command here before you run, however the first command I gave you would give you the EXACT urls under both Internal and External - the first command makes no changes it only gives you the detailed info on current configuration.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
infedonetworkAuthor Commented:
Those are the results for the commands you give me.
I was wondering if the autodiscover "exchange" I should change it to "mail.domain.com"?
Also do I have to change all those internal URL to match the external or just the autodiscover one and the OWA?
Can that be done from ECP virtual directory?

exchange
0
 
infedonetworkAuthor Commented:
If you look at the certificate error on top right it say autodiscover.domain.ca
That's when I create the A record for Autodiscover on DNS.
If I delete that record and leave on DNS only mail.domain.com then I 'm getting on the certificate the exchange name instead of the autodiscover.doamain.ca
0
 
becraigCommented:
No you do not need to change to mail.xx.com

you are using a .ca domain just have the domain reflect what the EXT url currently says.
Hostname - being the name of the server

Commands:
Set-ClientAccessServer -Identity HostName -AutodiscoverServiceInternalUri https://mail.xx.ca/autodiscover/autodiscover.xml 

Set-WebServicesVirtualDirectory -Identity "HostName\EWS (Default Web Site)" -InternalUrl https://mail.xx.ca/ews/exchange.asmx

Set-OABVirtualDirectory -Identity "HostName\oab (Default Web Site)" -InternalUrl https://mail.xx.ca/oab

Validate the urls against your actual domain names
0
 
infedonetworkAuthor Commented:
I did all that and 2 out of 5 outlook profiles was not giving me the certificate error.
So I delete from DNS the autodiscover.domain.ca and left only mail.domain.com and now I did 3 profiles and no more cert error.
I will let you know how that goes once I'm done with everything.
Also I was wondering if I did something wrong on the deployment or this is something that needs to be done every time after Exchange is installed. I have the felling that I did something wrong with the 3th party certificate when I did the cert request.
I'm just assuming.
0
 
becraigCommented:
I was just the mapping of the names to the certificates.

Now that is resolved I think you should be ok.
0
 
infedonetworkAuthor Commented:
So this is something that I can do to make sure it does not happen next time or I have to do this every exchange I deploy?
0
 
becraigCommented:
Once you deploy with the internal and External URLs matching then you will not run into this issue.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now