Solved

Getting certificate error on my local network when connecting to exchange

Posted on 2014-10-08
12
304 Views
Last Modified: 2014-10-08
Exchange 2013

I can connect to a mailbox via outlook perfectly from outside the network, but within the local network I get this error below. It's not using the godaddy certificate or address. It's using the local server address as you can see.cert-error.jpg
0
Comment
Question by:cnl83
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +4
12 Comments
 
LVL 5

Expert Comment

by:JasonDuncanworks
ID: 40368872
1. What version of Outlook are you using?
2. Does this happen to everyone?
3. Is this new / did it ever work?
4. Are you joined to the domain?
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40368876
Is this not a question you already have open? As I said in your password question, the cause of the password prompt is because of a URL/SSL issue. The two are related and you are already working that problem. This only complicates issues and will add confusion.
0
 

Author Comment

by:cnl83
ID: 40368941
That was isolated to just Outlook 2007. This is all clients now.
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 35

Accepted Solution

by:
Seth Simmons earned 500 total points
ID: 40368967
you should not be using .local to connect internally; use your external (.com, .net or whatever it is) to connect internally
might need to configure split dns

Windows - Setting Up Split DNS
http://www.petenetlive.com/KB/Article/0000830.htm
0
 
LVL 25

Expert Comment

by:-MAS
ID: 40368975
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40368976
Unfortunately the nature of EE (or any forum) is that experts are not sitting on your network and don't know the details of your implementation. As I stated in that thread, we reached a point where I believe you really need to call in a paid consultant to fix your issues. The reason I gave that advice at that time wasn't laziness, but was because there was a tipping point where a forum was no longer a good way to resolve your issue.

 I hate to say it, but by following some of the (blatantly bad) advice that was given to you after I dropped off that question, you've actually created this new error. They are not unrelated. The other drawback of a forum is that if you don't have some prerequisite knowledge, it is very difficult to filter "good" advice from "bad" advice. And since you aren't paying anyone, you have no warranty or recourse.

So I will again suggest that you should contact a local consultant in your area that you trust or find a reputable company that offers paid remote support and has a good reputation. I fear that if you continue to try to solve these problems through EE, you will only further create issues and may get yourself into a state you cannot get out of.

Ultimately, of course, that choice is yours.
0
 
LVL 19

Expert Comment

by:R--R
ID: 40368983
Please check in IIS default web site binded to proper SSL certificate. Go to EAC and click on server and go to certificate and check whether the correct certificate has IIS, SMTP, IMAP and POP3 services are assigned.
Verify certificate have SAN entries eg mail.domain.com and autodiscover.domain.com. Make sure DNS host A record mail.domain.com is pointed to the exchange 2013 in internal DNS. If the DNS hots A record is not present then create a record.
run get-clientaccessserver | fl and check if autodiscoverurl is pointed to mail.domain.com
Go to server and virtualdirectories and make sure all the virtual directories are configured with external and internal entries as mail.domain.com
0
 
LVL 5

Expert Comment

by:JasonDuncanworks
ID: 40368985
I had to do this for a client, it sets exchange to use external name for internal. Change the name to your domain
Set-AutodiscoverVirtualDirectory -Identity * -internalurl “https://mail.qcstorage.net/autodiscover/autodiscover.xml”
Set-ClientAccessServer -Identity * -AutodiscoverServiceInternalUri “https://mail.qcstorage.net/autodiscover/autodiscover.xml”
Set-webservicesvirtualdirectory -Identity * -internalurl “https://mail.qcstorage.net/EWS/Exchange.asmx”
Set-oabvirtualdirectory -Identity * -internalurl “https://mail.qcstorage.net/oab”
Set-owavirtualdirectory -Identity * -internalurl “https://mail.qcstorage.net/owa”
Set-ecpvirtualdirectory -Identity * -internalurl “https://mail.qcstorage.net/ecp”
Set-ActiveSyncVirtualDirectory -Identity * -InternalUrl "https://mail.qcstorage.net/Microsoft-Server-ActiveSync"

Open IIS Manager by clicking Start, then enter inetmgr.
Expand the server and expand Application Pools, then right-click on MSExchangeAutodiscoverAppPool, and select Recycle.
0
 

Author Comment

by:cnl83
ID: 40369517
http://supertekboy.com/2014/07/08/designing-simple-namespace-exchange-2013/

Going through each step in this link resolved my issue.
0
 

Author Comment

by:cnl83
ID: 40369646
I've requested that this question be closed as follows:

Accepted answer: 0 points for cnl83's comment #a40369517

for the following reason:

It's what another Expert Exchanger provided to me to resolve my error. Though it did block my access to my own web site.
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40369647
I told you in the beginning not to be using .local and you may need to configure split dns.
Jason elaborated more on what I stated which both amounts to the solution.
you stated "It's what another Expert Exchanger provided to me to resolve my error." though selected your own comment as the solution.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40369853
Hey CNL83,

Just wanted to post here as well. Make sure you add an A record of "WWW" in your newly created split-brain DNS zone on your internal DNS server. Then point that to the public IP of your hosting provider for your website.

That will fix that issue.

-Gareth
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question