Solved

Exchange 2013 Local Certificate Error

Posted on 2014-04-25
5
636 Views
Last Modified: 2014-05-04
Server Information
Microsoft Windows Server 2012 R2 Standard
Microsoft Exchange Server 2013
Local Domain sd.com
Public Domain: strdetail.com

Godaddy UCC SSL Certificate Subject Alternative Names:
mail.strdetail.com
autodiscover.strdetail.com
Services: SMTP, IMPA, POP, IIS

Virtual Directories
ECP
Internal URL: https://mail.strdetail.com/ecp
External URL: https://mail.strdetail.com/ecp

EWS
Internal URL: https://mail.strdetail.com/EWS/Exchange.asmx
External URL: https://mail.strdetail.com/EWS/Exchange.asmx

Microsoft-Server-ActiveSync
Internal URL: https://mail.strdetail.com/Microsoft-Server-ActiveSync
External URL: https://mail.strdetail.com/Microsoft-Server-ActiveSync

OAB
Internal URL: https://mail.strdetail.com/OAB
External URL: https://mail.strdetail.com/OAB

OWA
Internal URL: https://mail.strdetail.com/owa
External URL: https://mail.strdetail.com/owa

PowerShell
Internal URL: https://mail.strdetail.com/powershell
External URL: https://mail.strdetail.com/powershell

DNS SRV records have been created for both internal and external domains and are pointed to mail.strdetail.com.

Mail.strdetail.com is pointed to the server both internally and externally.

Client Information
Windows 8.1 Pro
Microsoft Outlook 2013

The issue is an error message when creating the outlook profile which says

"The name on the security certificate is invalid or does not match the name of the site."

The site works perfectly from outside the domain.  I only get the error message internally.

I have done about as much Google as I can stand on this issue.  Let me know if any other information would be useful and I will provide it.
0
Comment
Question by:CyberCorpSoftware
  • 3
  • 2
5 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40023270
You have probably missed Autodiscover.

get-clientaccesserver | select identity, AutodiscoverServiceInternalURI

That needs to be changed as well.

http://semb.ee/hostnames2013

Simon.
0
 

Author Comment

by:CyberCorpSoftware
ID: 40023397
ok, I set the AutoDiscover

[PS] C:\Windows\system32>Get-ClientAccessServer |fl identity,autodiscoverserviceinternalur
Identity                       : S-FS
AutoDiscoverServiceInternalUri : https://mail.strdetail.com/autodiscover/autodiscover.xml

Now I am getting the following error when I try to create the account in outlook

"The action cannot be completed.  The connection to Microsoft Exchange is unavailable.  Outlook must be online or connected to complete this action."

I found that in IIS I can check HTTP Redirect and point the autodiscover to
https://mail.strdetail.com/autodiscover/autodiscover.xml

This resolves the issue but creates a new one.  

"Cannot start Microsoft Outlook.  Cannot open the outlook window.  The set of folders cannot be opened.  You must connect to Microsoft Exchange with the current profile before you can synchronize your folders with your Outlook data file (.ost)."

At this point I think my issue is still  with Autodiscover.  

C:\Windows\system32>Test-OutlookWebServices -clientaccessserver mail.strdetail.com -identity mperrigon@strdetail.com -MailboxCredential (get-credential sd\mperrigon)

Returns
Source                              ServiceEndpoint                     Scenario                       Result  Latency
                                                                                                                  (MS)
------                              ---------------                     --------                       ------  -------
S-FS.sd.com     mail.strdetail.com      Autodiscover: Outlook Provider  Failure      48
S-FS.sd.com     mail.strdetail.com      Exchange Web Services                Success     176
S-FS.sd.com     mail.strdetail.com      Availability Service                        Success      44
S-FS.sd.com     mail.strdetail.com      Offline Address Book                   Success      77
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40031636
"I found that in IIS I can check HTTP Redirect and point the autodiscover to
https://mail.strdetail.com/autodiscover/autodiscover.xml"

Why are you using a HTTP redirect?
That shouldn't be required at all.

Change the URL to one that matches the SSL certificate and resolves to the Exchange server. Job done. The only reason I can think you have to do anything else is that there is something non-standard about the configuration of the server.

Simon.
0
 

Author Comment

by:CyberCorpSoftware
ID: 40032268
I did end up unchecking that HTTP Redirect.  

The only thing I can think of that would make this a non-standard configuration would be

1. I do have this running on the Global Catalog Server
2. The local domain is sd.com and not strdetail.com.local which is what I see in most examples.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 40032307
The internal domain doesn't matter as long as you have the DNS configured correctly.
That means whatever you have on the SSL certificate resolves internally and the host names match.

Running Exchange on a domain controller is not recommended and there is almost no good reason for doing so. If you use Windows 2012 or higher as your OS, then you have two virtual licences, allowing you to install two VMs on the same machine, one being a domain controller and one being the Exchange server. Having Exchange on a domain controller significantly complicates matters, particularly around recovery.

Simon.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
This article descibes how to create a connection between Excel and SAP and how to move data from Excel to SAP or the other way around.
The viewer will learn how to use the =DISCRINV command to create a discrete random variable, use this command to model a set of probabilities and outcomes in a Monte Carlo simulation, and learn how to find the standard deviation of a set of probabil…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question