Solved

owa cert error

Posted on 2014-09-30
7
373 Views
Last Modified: 2014-10-01
sbs 2011 exchange 2010

I have a self assigned cert for my server and a wild card cert for my domain

my server is named x
when I do https:/x I get
You attempted to reach x, but instead you actually reached a server identifying itself as x.mydomain.local. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of x.


If I do https://x.mydomain.local I get  404 error
0
Comment
Question by:HalCHub
  • 3
  • 3
7 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 40352600
What is the name on the certificate ?

What is the friendly name configured for the website in IIS  ?

If you are trying to use the same wildcard certificate for multiple sites you should adjust the friendly name to read *.domain.local  etc.

So the quick answers are:

1. you will never get https://x   simply because your SSL certificate has a FQDN and is configured to respond to "Anything".domain.local
2. I am not sure the config you have that might cause the second error, but I would look at changing the friendly name of the certificate to *.domain.local then trying again.

A little more information would really be helpful here though.
0
 
LVL 34

Accepted Solution

by:
Seth Simmons earned 500 total points
ID: 40352794
sounds like your cert is configured for a .com or .net (or whatever your external domain is) and your exchange server advertises itself as .local for your internal domain
if that's the case you need to change your autodiscover and external url to not use .local
might also need to configure split dns

Configure Exchange Services for the Autodiscover Service
http://technet.microsoft.com/en-us/library/bb201695%28v=exchg.141%29.aspx

Windows - Setting Up Split DNS
http://www.petenetlive.com/KB/Article/0000830.htm
0
 
LVL 1

Author Comment

by:HalCHub
ID: 40352865
ok lets start with the internal self cert
its call mydomainall and is wildcard cert. as *.mydomain.local

if I want the users to access owa using webmail.mydomain.local as opposed to x.mydomain.local I get the cert error


webmail has a dsn record which points to the same ip as x
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40352905
you should move away from using .local in your URLs since a year from now you can't use those certs for those kinds of domains (.local or anything else not public)
0
 
LVL 1

Author Comment

by:HalCHub
ID: 40352946
seth

your saying I will need to convert my domain to mydomain,local to mydomain.com ?
0
 
LVL 1

Author Comment

by:HalCHub
ID: 40352958
You attempted to reach webmail.mydomai.com, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Chrome cannot rely on for identity information, or an attacker may be trying to intercept your communications.

webmail is a valid dns record and I have registered a wildcards cert.  Is this an issue with my binding ?
The entity which issues the cert is godady.
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40354720
your saying I will need to convert my domain to mydomain,local to mydomain.com ?

no
as i stated in my first post, you change the URLs it advertises as by not using .local
that way you use the same server names both internally and externally
the actual server name (mail.company.local) doesn't change, only the URLs that exchange uses for communication with browsers and clients
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Utilizing an array to gracefully append to a list of EmailAddresses
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now