Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 584
  • Last Modified:

Exchange 2013 invalid certificate

Hi Guys
I just installed an Exchange 2013 and I install an 3 party certificate that point to mail.extdomain.com and I create a zone on DNS called extdoamin.com the I create an A record on that zone called mail.extdomain.com pointing to the internal IP of the Exchange server and an autodiscover.extdomain.com pointing to the IP of the Exchange server.
For some reason when I start to configure Outlook 2013 on the clients PC's I get he certificate error bellow.
Any idea why?

cert
0
infedonetwork
Asked:
infedonetwork
  • 5
  • 5
1 Solution
 
becraigCommented:
You can run the following commands to get the External Urls:
Get-ActiveSyncVirtualDirectory   | ft server,*lur* -AutoSize
Get-AutodiscoverVirtualDirectory | ft server,*lur* -AutoSize
Get-ClientAccessServer           | ft name,  *lur* -AutoSize
Get-EcpVirtualDirectory          | ft server,*lur* -AutoSize
Get-OabVirtualDirectory          | ft server,*lur* -AutoSize
Get-OwaVirtualDirectory          | ft server,*lur* -AutoSize
Get-WebServicesVirtualDirectory  | ft server,*lur* –AutoSize

Then change your internal urls to match the external urls:

Set-ClientAccessServer -Identity HostName -AutodiscoverServiceInternalUri https://mail.yourdomain.com/autodiscover/autodiscover.xml 

Set-WebServicesVirtualDirectory -Identity "HostName\EWS (Default Web Site)" -InternalUrl https://mail.yourdomain.com/ews/exchange.asmx 

Set-OABVirtualDirectory -Identity "HostName\oab (Default Web Site)" -InternalUrl https://mail.yourdomain.com/oab
0
 
infedonetworkAuthor Commented:
Can I do this from the ECP?
I already set all the externals URL from ECP under virtual directory.
I can try to do it but lust time I did it from there it mess-up.
0
 
becraigCommented:
Do you not have the exchange cmdlets available ?

That would make it much easier for you, you can validate the command here before you run, however the first command I gave you would give you the EXACT urls under both Internal and External - the first command makes no changes it only gives you the detailed info on current configuration.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
infedonetworkAuthor Commented:
Those are the results for the commands you give me.
I was wondering if the autodiscover "exchange" I should change it to "mail.domain.com"?
Also do I have to change all those internal URL to match the external or just the autodiscover one and the OWA?
Can that be done from ECP virtual directory?

exchange
0
 
infedonetworkAuthor Commented:
If you look at the certificate error on top right it say autodiscover.domain.ca
That's when I create the A record for Autodiscover on DNS.
If I delete that record and leave on DNS only mail.domain.com then I 'm getting on the certificate the exchange name instead of the autodiscover.doamain.ca
0
 
becraigCommented:
No you do not need to change to mail.xx.com

you are using a .ca domain just have the domain reflect what the EXT url currently says.
Hostname - being the name of the server

Commands:
Set-ClientAccessServer -Identity HostName -AutodiscoverServiceInternalUri https://mail.xx.ca/autodiscover/autodiscover.xml 

Set-WebServicesVirtualDirectory -Identity "HostName\EWS (Default Web Site)" -InternalUrl https://mail.xx.ca/ews/exchange.asmx

Set-OABVirtualDirectory -Identity "HostName\oab (Default Web Site)" -InternalUrl https://mail.xx.ca/oab

Validate the urls against your actual domain names
0
 
infedonetworkAuthor Commented:
I did all that and 2 out of 5 outlook profiles was not giving me the certificate error.
So I delete from DNS the autodiscover.domain.ca and left only mail.domain.com and now I did 3 profiles and no more cert error.
I will let you know how that goes once I'm done with everything.
Also I was wondering if I did something wrong on the deployment or this is something that needs to be done every time after Exchange is installed. I have the felling that I did something wrong with the 3th party certificate when I did the cert request.
I'm just assuming.
0
 
becraigCommented:
I was just the mapping of the names to the certificates.

Now that is resolved I think you should be ok.
0
 
infedonetworkAuthor Commented:
So this is something that I can do to make sure it does not happen next time or I have to do this every exchange I deploy?
0
 
becraigCommented:
Once you deploy with the internal and External URLs matching then you will not run into this issue.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now