COIT
asked on
Outlook SSL warning / Exchange autodiscover
HI All
I am getting a strange SSL error in Outlook 2010 when using it externally only with a self signed certificate to remote.domain.co.uk with an SBS2011 as in this link and many more http://blogs.technet.com/b/danielkenyon-smith/archive/2010/05/13/the-name-on-the-certificate-is-invalid-or-does-not-match-the-name-of-the-site-part-2.aspx BUT my certificate mismatch says autodiscover.domain.co.uk instead of the example of mbx1.nwtraders.msft .
I have seen a lot of talk on the internet that you need to change the AutoDiscoverServiceInterna lUri setting from the netbois name to the name on the certificate which is remote.domain.co.uk .
Problem I have is that when I run "Get-ClientAccessServer -Identity w2k11sbs | FL" from the Exchange shell and look at AutoDiscoverServiceInterna lUri I get https://remote.domain.co.uk/Autodiscover/Autodiscover.xml which does not have the netbois name in it.
I have now drawn a blank on this Can anyone help?
Thanks
I am getting a strange SSL error in Outlook 2010 when using it externally only with a self signed certificate to remote.domain.co.uk with an SBS2011 as in this link and many more http://blogs.technet.com/b/danielkenyon-smith/archive/2010/05/13/the-name-on-the-certificate-is-invalid-or-does-not-match-the-name-of-the-site-part-2.aspx BUT my certificate mismatch says autodiscover.domain.co.uk instead of the example of mbx1.nwtraders.msft .
I have seen a lot of talk on the internet that you need to change the AutoDiscoverServiceInterna
Problem I have is that when I run "Get-ClientAccessServer -Identity w2k11sbs | FL" from the Exchange shell and look at AutoDiscoverServiceInterna
I have now drawn a blank on this Can anyone help?
Thanks
ASKER
Sorry how do I add autodiscover.domain.co.uk into the cert? It is a selfsigned certificate I'm using , would that be possible?
thanks
thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I agree with Simon
ASKER
Point taken but what I don't understand is that has worked OK for over a year and I can't think of anything that has changed with the setup.
Is this the sort of thing? http://uk.godaddy.com/ssl/ssl-certificates.aspx?ci=9039 . The middle option on the website "Multiple Domains UCC"
What would I do order it with remote.domain.co.uk and autodiscover.domain.co.uk as well? all to the same IP address?
Thanks
Paul
Is this the sort of thing? http://uk.godaddy.com/ssl/ssl-certificates.aspx?ci=9039 . The middle option on the website "Multiple Domains UCC"
What would I do order it with remote.domain.co.uk and autodiscover.domain.co.uk as well? all to the same IP address?
Thanks
Paul
Please check this
This will give you an option to add multiple SAN
They have CSR request tool and step by step installation steps
For Exchange2007
For Exchange2010
This will give you an option to add multiple SAN
They have CSR request tool and step by step installation steps
For Exchange2007
For Exchange2010
ASKER
I have used Digicert before and they are very good but I can not see my client wanting to spend that much compared to Go daddy's lower price as he has never had to get a certificate before.
remote.example.com and Autodiscover.example.com can point to the same IP address. That is fine, and the certificate you have selected it fine as well.
Setup the host names first, before you do the SSL request, then it should go through a little quicker.
As to why it has worked up to now - no idea. The self signed certificate should have been replaced as soon as the server went live.
Simon.
Setup the host names first, before you do the SSL request, then it should go through a little quicker.
As to why it has worked up to now - no idea. The self signed certificate should have been replaced as soon as the server went live.
Simon.
remote.example.com and Autodiscover.example.com can point to the same IP address. That is fine, and the certificate you have selected it fine as well.
Setup the host names first, before you do the SSL request, then it should go through a little quicker.
As to why it has worked up to now - no idea. The self signed certificate should have been replaced as soon as the server went live.
Simon.
Setup the host names first, before you do the SSL request, then it should go through a little quicker.
As to why it has worked up to now - no idea. The self signed certificate should have been replaced as soon as the server went live.
Simon.
ASKER
Simon
there is just one more question. I have setup remote.domain.co.uk and autodiscover.domain.co.uk previously at the hosting company to go to the same ip address of the sbs server and remote.domain.co.uk works perfectly to the user login but autodiscover.domain.co.uk just goes to the IIS7 welcome screen . Is that correct? as the DNS records for both are just the same " A " records on the internet
there is just one more question. I have setup remote.domain.co.uk and autodiscover.domain.co.uk previously at the hosting company to go to the same ip address of the sbs server and remote.domain.co.uk works perfectly to the user login but autodiscover.domain.co.uk just goes to the IIS7 welcome screen . Is that correct? as the DNS records for both are just the same " A " records on the internet
That is correct.
The reason remote.example.com goes to the login screen is because of the way the underlying code is written.
Autodiscover.example.com/r emote would also go to the login screen - which is all that the code does for remote.example.com
Simon.
The reason remote.example.com goes to the login screen is because of the way the underlying code is written.
Autodiscover.example.com/r
Simon.
Go with SAN certificate.
ASKER
What is the difference with a UCC verses a SAN certificate? Much difference with cost?
They are the same thing - different name.
UCC - Unified Communications Certificate
SAN - Subject Alternative Name
Tend to use UCC though, so people don't get confused with overpriced storage systems.
Simon.
UCC - Unified Communications Certificate
SAN - Subject Alternative Name
Tend to use UCC though, so people don't get confused with overpriced storage systems.
Simon.
if possible add it and create an A record autodiscover.domain.com in your DNS pointing to exchange server IP