Solved

Exchange 2013 Local Certificate Error

Posted on 2014-04-25
5
691 Views
Last Modified: 2014-05-04
Server Information
Microsoft Windows Server 2012 R2 Standard
Microsoft Exchange Server 2013
Local Domain sd.com
Public Domain: strdetail.com

Godaddy UCC SSL Certificate Subject Alternative Names:
mail.strdetail.com
autodiscover.strdetail.com
Services: SMTP, IMPA, POP, IIS

Virtual Directories
ECP
Internal URL: https://mail.strdetail.com/ecp
External URL: https://mail.strdetail.com/ecp

EWS
Internal URL: https://mail.strdetail.com/EWS/Exchange.asmx
External URL: https://mail.strdetail.com/EWS/Exchange.asmx

Microsoft-Server-ActiveSync
Internal URL: https://mail.strdetail.com/Microsoft-Server-ActiveSync
External URL: https://mail.strdetail.com/Microsoft-Server-ActiveSync

OAB
Internal URL: https://mail.strdetail.com/OAB
External URL: https://mail.strdetail.com/OAB

OWA
Internal URL: https://mail.strdetail.com/owa
External URL: https://mail.strdetail.com/owa

PowerShell
Internal URL: https://mail.strdetail.com/powershell
External URL: https://mail.strdetail.com/powershell

DNS SRV records have been created for both internal and external domains and are pointed to mail.strdetail.com.

Mail.strdetail.com is pointed to the server both internally and externally.

Client Information
Windows 8.1 Pro
Microsoft Outlook 2013

The issue is an error message when creating the outlook profile which says

"The name on the security certificate is invalid or does not match the name of the site."

The site works perfectly from outside the domain.  I only get the error message internally.

I have done about as much Google as I can stand on this issue.  Let me know if any other information would be useful and I will provide it.
0
Comment
Question by:CyberCorpSoftware
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40023270
You have probably missed Autodiscover.

get-clientaccesserver | select identity, AutodiscoverServiceInternalURI

That needs to be changed as well.

http://semb.ee/hostnames2013

Simon.
0
 

Author Comment

by:CyberCorpSoftware
ID: 40023397
ok, I set the AutoDiscover

[PS] C:\Windows\system32>Get-ClientAccessServer |fl identity,autodiscoverserviceinternalur
Identity                       : S-FS
AutoDiscoverServiceInternalUri : https://mail.strdetail.com/autodiscover/autodiscover.xml

Now I am getting the following error when I try to create the account in outlook

"The action cannot be completed.  The connection to Microsoft Exchange is unavailable.  Outlook must be online or connected to complete this action."

I found that in IIS I can check HTTP Redirect and point the autodiscover to
https://mail.strdetail.com/autodiscover/autodiscover.xml

This resolves the issue but creates a new one.  

"Cannot start Microsoft Outlook.  Cannot open the outlook window.  The set of folders cannot be opened.  You must connect to Microsoft Exchange with the current profile before you can synchronize your folders with your Outlook data file (.ost)."

At this point I think my issue is still  with Autodiscover.  

C:\Windows\system32>Test-OutlookWebServices -clientaccessserver mail.strdetail.com -identity mperrigon@strdetail.com -MailboxCredential (get-credential sd\mperrigon)

Returns
Source                              ServiceEndpoint                     Scenario                       Result  Latency
                                                                                                                  (MS)
------                              ---------------                     --------                       ------  -------
S-FS.sd.com     mail.strdetail.com      Autodiscover: Outlook Provider  Failure      48
S-FS.sd.com     mail.strdetail.com      Exchange Web Services                Success     176
S-FS.sd.com     mail.strdetail.com      Availability Service                        Success      44
S-FS.sd.com     mail.strdetail.com      Offline Address Book                   Success      77
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40031636
"I found that in IIS I can check HTTP Redirect and point the autodiscover to
https://mail.strdetail.com/autodiscover/autodiscover.xml"

Why are you using a HTTP redirect?
That shouldn't be required at all.

Change the URL to one that matches the SSL certificate and resolves to the Exchange server. Job done. The only reason I can think you have to do anything else is that there is something non-standard about the configuration of the server.

Simon.
0
 

Author Comment

by:CyberCorpSoftware
ID: 40032268
I did end up unchecking that HTTP Redirect.  

The only thing I can think of that would make this a non-standard configuration would be

1. I do have this running on the Global Catalog Server
2. The local domain is sd.com and not strdetail.com.local which is what I see in most examples.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 40032307
The internal domain doesn't matter as long as you have the DNS configured correctly.
That means whatever you have on the SSL certificate resolves internally and the host names match.

Running Exchange on a domain controller is not recommended and there is almost no good reason for doing so. If you use Windows 2012 or higher as your OS, then you have two virtual licences, allowing you to install two VMs on the same machine, one being a domain controller and one being the Exchange server. Having Exchange on a domain controller significantly complicates matters, particularly around recovery.

Simon.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to get Spreadsheet Compare 2016 working with the 64 bit version of Office 2016
This article describes how to import an Outlook PST file to Office 365 using a third party product to avoid Microsoft's Azure command line tool, saving you time.
The viewer will learn how to use the =DISCRINV command to create a discrete random variable, use this command to model a set of probabilities and outcomes in a Monte Carlo simulation, and learn how to find the standard deviation of a set of probabil…
This video discusses moving either the default database or any database to a new volume.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question