Solved

owa cert error

Posted on 2014-09-30
7
368 Views
Last Modified: 2014-10-01
sbs 2011 exchange 2010

I have a self assigned cert for my server and a wild card cert for my domain

my server is named x
when I do https:/x I get
You attempted to reach x, but instead you actually reached a server identifying itself as x.mydomain.local. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of x.


If I do https://x.mydomain.local I get  404 error
0
Comment
Question by:HalCHub
  • 3
  • 3
7 Comments
 
LVL 28

Expert Comment

by:becraig
ID: 40352600
What is the name on the certificate ?

What is the friendly name configured for the website in IIS  ?

If you are trying to use the same wildcard certificate for multiple sites you should adjust the friendly name to read *.domain.local  etc.

So the quick answers are:

1. you will never get https://x   simply because your SSL certificate has a FQDN and is configured to respond to "Anything".domain.local
2. I am not sure the config you have that might cause the second error, but I would look at changing the friendly name of the certificate to *.domain.local then trying again.

A little more information would really be helpful here though.
0
 
LVL 34

Accepted Solution

by:
Seth Simmons earned 500 total points
ID: 40352794
sounds like your cert is configured for a .com or .net (or whatever your external domain is) and your exchange server advertises itself as .local for your internal domain
if that's the case you need to change your autodiscover and external url to not use .local
might also need to configure split dns

Configure Exchange Services for the Autodiscover Service
http://technet.microsoft.com/en-us/library/bb201695%28v=exchg.141%29.aspx

Windows - Setting Up Split DNS
http://www.petenetlive.com/KB/Article/0000830.htm
0
 
LVL 1

Author Comment

by:HalCHub
ID: 40352865
ok lets start with the internal self cert
its call mydomainall and is wildcard cert. as *.mydomain.local

if I want the users to access owa using webmail.mydomain.local as opposed to x.mydomain.local I get the cert error


webmail has a dsn record which points to the same ip as x
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40352905
you should move away from using .local in your URLs since a year from now you can't use those certs for those kinds of domains (.local or anything else not public)
0
 
LVL 1

Author Comment

by:HalCHub
ID: 40352946
seth

your saying I will need to convert my domain to mydomain,local to mydomain.com ?
0
 
LVL 1

Author Comment

by:HalCHub
ID: 40352958
You attempted to reach webmail.mydomai.com, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Chrome cannot rely on for identity information, or an attacker may be trying to intercept your communications.

webmail is a valid dns record and I have registered a wildcards cert.  Is this an issue with my binding ?
The entity which issues the cert is godady.
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40354720
your saying I will need to convert my domain to mydomain,local to mydomain.com ?

no
as i stated in my first post, you change the URLs it advertises as by not using .local
that way you use the same server names both internally and externally
the actual server name (mail.company.local) doesn't change, only the URLs that exchange uses for communication with browsers and clients
0

Featured Post

How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now