Solved

Certificate errors in Exchange 2010

Posted on 2014-07-18
6
162 Views
Last Modified: 2014-08-06
We are using Exchange Server 2010 on Server 2008 R2. Recently upgraded some clients from Outlook 2003 to Outlook 2013.

Now they are getting certificate errors. It looks like Outlook is using the internal hostname of our Exchange server to connect. Our certificate only has the external hostname listed on it, and that's what I want Outlook to use to connect to the server both internally and externally.

If I go into "Connection Status" on Outlook, it shows the internal hostname in the "Server Name" field.

What are the EMS commands to check / set the various hostnames for Exchange Server so I can set them to all be the external hostname?
0
Comment
Question by:Frosty555
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40204988
this article should help with the commands

Managing Exchange 2010 External/Internal URL's via PowerShell
http://social.technet.microsoft.com/wiki/contents/articles/5163.managing-exchange-2010-externalinternal-url-s-via-powershell.aspx
0
 
LVL 19

Expert Comment

by:Adam Farage
ID: 40204997
So I am taking it you are connecting over RPC / HTTPS (Outlook Anywhere)?

If that is the case, just create a forward lookup zone (if not already in existence) for domain.com (this should exist if you are doing split DNS) and then point an A record for mail.company.com to the VIP (or IP) of the CAS (or CAS Array).

From there you can set the ExternalURL:

Get-OutlookAnywhere | Set-OutlookAnywhere -ExternalHostname https://mail.domain.com/

Open in new window

0
 
LVL 31

Author Comment

by:Frosty555
ID: 40205050
Internally, I think that Outlook is using just regular Exchange RPC for Exchange connectivity (not HTTP). Connecting over HTTP only happens on "slow networks".

The URLs that the commands that Seth linked to all look correct, they're the external hostnames. Adam - I have set the OutlookAnywhere hostname, too, and it seems to be correct.

Still, though, it tries to connect using the internal hostname of the server.

I'm happy to configure it to always use RPC over HTTP (e.g. similar to how Exchange 2013 works), but where do I configure that so that it is automatically configured that way via Autodiscover?
0
Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

 
LVL 19

Accepted Solution

by:
Adam Farage earned 500 total points
ID: 40205085
I think this might be an AutoDiscover issue. Here is a detailed post I wrote yesterday: http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_28478577.html

Basically clients internally will look at the SCP for AutoDiscover to find out where they should pull the AutoDiscover.xml. this is new for you, since Outlook 2003 does not have AutoDiscover at all.

I would first start and read this through, and then look at the SCP. Make sure the location the SCP is pointing to is listed on the certificate, and if not make sure autodiscover.company.com is listed on the SSL certificate (that is assigned to the IIS service) and then change the SCP to autodiscover.company.com/autodiscover/autodiscover.xml. If the FQDN autodiscover.company.com is listed, these errors should go away.

Its not an InternalURL or ExternalURL issue if this prompt is coming up either when or shortly after Outlook is started.. it would be autoD :)
0
 
LVL 31

Author Comment

by:Frosty555
ID: 40205086
I set the "Server" property for the EXCH and EXPR OutlookProviders to be the external hostname of the server, and recycled the msExchangeAutodiscoverAppPool Application Pool in IIS.

In Outlook, when I go through the "test autodiscover configuration" the EXPR service comes back with the correct, external hostname. For some reason the EXCH service still comes back with the internal hostname. Not sure why.

--edit--

Checked the SCP record, it is pointing at the external hostname. I think I ran into the SCP record issue at some point in the past (we did have a handful of "questionably licensed" Outlook 2007 clients that we have finally managed to get rid of).
0
 
LVL 26

Expert Comment

by:-MAS
ID: 40205763
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question