Solved

Exchange 2010 new ssl cert not including *.local server name

Posted on 2014-08-01
2
234 Views
Last Modified: 2014-08-01
Since new ssl cert requirements are not allowing the servers local names to be included I have run into a few issues.  I have followed the posts that go through the Exchange Shell and make the following changes for the .local changes:

Set-ClientAccessServer -Identity “server-name” –AutodiscoverServiceInternalUri https://”mx-record name”/autodiscover/autodiscover.xml

Set-WebServicesVirtualDirectory -Identity ““server-name”\EWS (Default Web Site)”-InternalUrl https://”mx-record name”/ews/exchange.asmx

Set-OABVirtualDirectory -Identity ““server-name”\oab (Default Web Site)”-InternalUrl https://”mx-record name”/oab
1.      
2.      Open IIS Manager.
3.      Expand the local computer, and then expand Application Pools.
4.      Right-click MSExchangeAutodiscoverAppPool, and then click Recycle.


Since then the clients are getting multiple errors in Outlook.  First is a cert error that initially points to their mx-record name and then they get one that is coming from their firewall...  The next issue is that they can no longer activate the Out of Office assistant from outlook either.  They are getting the server is unavailable..  That started after I completed the above changes...  OOF works from OWA..
0
Comment
Question by:infospecs
2 Comments
 
LVL 34

Accepted Solution

by:
Seth Simmons earned 500 total points
ID: 40234444
are you using split dns?

Windows - Setting Up Split DNS
http://www.petenetlive.com/KB/Article/0000830.htm

in other words, do you have a local dns zone for your external domain pointing to your internal servers so that they can resolve as .com instead of .local internally as to match the certificate and configured exchange URLs?
0
 

Author Closing Comment

by:infospecs
ID: 40234649
That looks like it fixed it....  Thank You...  I should have thought about that..
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

"Migrate" an SMTP relay receive connector to a new server using info from an old server.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now