loosain
asked on
Outlook 2013 have certificate warning with sbs2011 (Exchange 2010). Selfsigned cert is used. Only domain-members have the problem
Hi,
we have a sbs2011 with Exchange 2010. As domain we have via wizard in the console used remote.realdomainname.com . If i ping remote.realdomainname.com it ping sthe ip of the local server. In DNS there is the right Entry i think. On top we entered the line "192.168.10.2 remote.realdomainname.com" in the hosts file.
We have some workstations which are members of the network-domain and some workstations are only in a workgroup.
Only the workstations which are domainmembers, throw a warning at the start of Outlook. Outlooks says that the certificate realdomainname.com is not valid.
Outlook tries to go out on the webserver a looks at this ssl-certificate instead of looking directly over lan to the exchange-server.
I tried to use proxy-settings in outlook without any success.
Any ideas ?
loosain
we have a sbs2011 with Exchange 2010. As domain we have via wizard in the console used remote.realdomainname.com . If i ping remote.realdomainname.com it ping sthe ip of the local server. In DNS there is the right Entry i think. On top we entered the line "192.168.10.2 remote.realdomainname.com"
We have some workstations which are members of the network-domain and some workstations are only in a workgroup.
Only the workstations which are domainmembers, throw a warning at the start of Outlook. Outlooks says that the certificate realdomainname.com is not valid.
Outlook tries to go out on the webserver a looks at this ssl-certificate instead of looking directly over lan to the exchange-server.
I tried to use proxy-settings in outlook without any success.
Any ideas ?
loosain
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
like I said it's probably because they are doing a lookup to autodiscover.
What does the certificate warning say exactly?
What does the certificate warning say exactly?
ASKER
It says that the certificate is not valid because of wrong domainname and validation time is over.
That´s because it is the ssl-certificate of the webserver not of the local exchange server. There is no ssl in use on webserver so there is an old provider-cert there.
I dont get the point why those computers which are domain-members look at the internet and the non-domain-members look directly to the exchange server.
If it would be a dns problem, it should have been fixed by adding remote.domain.com and autodiscover.domain.com to the hosts file.
That´s because it is the ssl-certificate of the webserver not of the local exchange server. There is no ssl in use on webserver so there is an old provider-cert there.
I dont get the point why those computers which are domain-members look at the internet and the non-domain-members look directly to the exchange server.
If it would be a dns problem, it should have been fixed by adding remote.domain.com and autodiscover.domain.com to the hosts file.
what happens when you manually configure outlook and enter the hostname of the server?
Or are you trying to use outlook anywhere?
Or are you trying to use outlook anywhere?
ASKER
Just tested - same warning by manually configuring it.
Normaly outlook finds out by itself name, server etc if the computer is domain-member. Now i just tried to enter those data manually. It worked and outlook connected but there was again this certification warning belonging to the certificate of the internet-webserver.
Normaly outlook finds out by itself name, server etc if the computer is domain-member. Now i just tried to enter those data manually. It worked and outlook connected but there was again this certification warning belonging to the certificate of the internet-webserver.
ASKER
It must have been something with active directory, because only domain-members are trying to connect over internet. The other computers cant connect to AD and then they just talk via lan to the exchange server (as i want them to)
ASKER
Found out something new:
If i start "Email Autoconfiguration" in Outlook it always shows the wrong url for inernal and external Url:
yourrealdomain.com instead of remote.yourrealdomain.com
So i (just for testing) add server-ip with yourrealdomain.com in hosts...
No warning, no error ! But now i cant surf to the website yourrealdomain.com, because it is placed on the webserver and not on the Exchange-server...
What can i do to change the information about internal urls provided to the clients via autoconfiguration ?
If i start "Email Autoconfiguration" in Outlook it always shows the wrong url for inernal and external Url:
yourrealdomain.com instead of remote.yourrealdomain.com
So i (just for testing) add server-ip with yourrealdomain.com in hosts...
No warning, no error ! But now i cant surf to the website yourrealdomain.com, because it is placed on the webserver and not on the Exchange-server...
What can i do to change the information about internal urls provided to the clients via autoconfiguration ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The clue was to make a working SSL-cert for the webserver. In DNS we let show autodiscover.domain.tld to the wrong IP. Then Outlook tries remote.domain.tld .This is hosted by the Exchange-Server and therefor there is the right cert there. Now everything works
ASKER