Exchange 2013 Local Certificate Error

Posted on 2014-04-25
Medium Priority
Last Modified: 2014-05-04
Server Information
Microsoft Windows Server 2012 R2 Standard
Microsoft Exchange Server 2013
Local Domain sd.com
Public Domain: strdetail.com

Godaddy UCC SSL Certificate Subject Alternative Names:
Services: SMTP, IMPA, POP, IIS

Virtual Directories
Internal URL: https://mail.strdetail.com/ecp
External URL: https://mail.strdetail.com/ecp

Internal URL: https://mail.strdetail.com/EWS/Exchange.asmx
External URL: https://mail.strdetail.com/EWS/Exchange.asmx

Internal URL: https://mail.strdetail.com/Microsoft-Server-ActiveSync
External URL: https://mail.strdetail.com/Microsoft-Server-ActiveSync

Internal URL: https://mail.strdetail.com/OAB
External URL: https://mail.strdetail.com/OAB

Internal URL: https://mail.strdetail.com/owa
External URL: https://mail.strdetail.com/owa

Internal URL: https://mail.strdetail.com/powershell
External URL: https://mail.strdetail.com/powershell

DNS SRV records have been created for both internal and external domains and are pointed to mail.strdetail.com.

Mail.strdetail.com is pointed to the server both internally and externally.

Client Information
Windows 8.1 Pro
Microsoft Outlook 2013

The issue is an error message when creating the outlook profile which says

"The name on the security certificate is invalid or does not match the name of the site."

The site works perfectly from outside the domain.  I only get the error message internally.

I have done about as much Google as I can stand on this issue.  Let me know if any other information would be useful and I will provide it.
Question by:CyberCorpSoftware
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40023270
You have probably missed Autodiscover.

get-clientaccesserver | select identity, AutodiscoverServiceInternalURI

That needs to be changed as well.



Author Comment

ID: 40023397
ok, I set the AutoDiscover

[PS] C:\Windows\system32>Get-ClientAccessServer |fl identity,autodiscoverserviceinternalur
Identity                       : S-FS
AutoDiscoverServiceInternalUri : https://mail.strdetail.com/autodiscover/autodiscover.xml

Now I am getting the following error when I try to create the account in outlook

"The action cannot be completed.  The connection to Microsoft Exchange is unavailable.  Outlook must be online or connected to complete this action."

I found that in IIS I can check HTTP Redirect and point the autodiscover to

This resolves the issue but creates a new one.  

"Cannot start Microsoft Outlook.  Cannot open the outlook window.  The set of folders cannot be opened.  You must connect to Microsoft Exchange with the current profile before you can synchronize your folders with your Outlook data file (.ost)."

At this point I think my issue is still  with Autodiscover.  

C:\Windows\system32>Test-OutlookWebServices -clientaccessserver mail.strdetail.com -identity mperrigon@strdetail.com -MailboxCredential (get-credential sd\mperrigon)

Source                              ServiceEndpoint                     Scenario                       Result  Latency
------                              ---------------                     --------                       ------  -------
S-FS.sd.com     mail.strdetail.com      Autodiscover: Outlook Provider  Failure      48
S-FS.sd.com     mail.strdetail.com      Exchange Web Services                Success     176
S-FS.sd.com     mail.strdetail.com      Availability Service                        Success      44
S-FS.sd.com     mail.strdetail.com      Offline Address Book                   Success      77
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40031636
"I found that in IIS I can check HTTP Redirect and point the autodiscover to

Why are you using a HTTP redirect?
That shouldn't be required at all.

Change the URL to one that matches the SSL certificate and resolves to the Exchange server. Job done. The only reason I can think you have to do anything else is that there is something non-standard about the configuration of the server.


Author Comment

ID: 40032268
I did end up unchecking that HTTP Redirect.  

The only thing I can think of that would make this a non-standard configuration would be

1. I do have this running on the Global Catalog Server
2. The local domain is sd.com and not strdetail.com.local which is what I see in most examples.
LVL 63

Accepted Solution

Simon Butler (Sembee) earned 1000 total points
ID: 40032307
The internal domain doesn't matter as long as you have the DNS configured correctly.
That means whatever you have on the SSL certificate resolves internally and the host names match.

Running Exchange on a domain controller is not recommended and there is almost no good reason for doing so. If you use Windows 2012 or higher as your OS, then you have two virtual licences, allowing you to install two VMs on the same machine, one being a domain controller and one being the Exchange server. Having Exchange on a domain controller significantly complicates matters, particularly around recovery.


Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
The viewer will learn how to create two correlated normally distributed random variables in Excel, use a normal distribution to simulate the return on different levels of investment in each of the two funds over a period of ten years, and, create a …
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question