Solved

exchange 2010

Posted on 2014-11-03
23
63 Views
Last Modified: 2014-11-08
Hi guys ,

I have issue with my exchange server , I jsut renew my certificate and everything works fine just have some issue with internally users outlook the get this message every 5 minutes in their outlook.

please see attachment error.exchange
0
Comment
Question by:Moti Mashiah
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 16
  • 7
23 Comments
 
LVL 19

Assisted Solution

by:Adam Farage
Adam Farage earned 500 total points
ID: 40419802
What names are on the certificate, and what is the AutoDiscoverServiceInternalUri set to?

Run the following and post it here:

Get-ClientAccessServer | ServerName, AutoDiscoverServiceInternalUri

What most likely is going on is that the AutoDiscover SCP is set to the server name instead of autodiscover.company.com which should be on the certificate. Do the following:

- Make sure the SSL certificate has autodiscover.company.com listed as a subject alternative name
- Change the AutoDiscoverServiceInternalUri to autodiscover.company.com
Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://autodiscover.company.com/autodiscover/autodiscover.xml

Open in new window

- Within internal DNS set an A record to point autodiscover.company.com to either a load balancer that is load balancing the CAS Array / CAS or to a single CAS if you only have one CAS.
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420118
Hi ,

I typed the command you suggested
 Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://autodiscover.company.com/autodiscover/autodiscover.xml

Open in new window


and still when I type Get-ClientAccessServer I'm getting my server name

[PS] C:\Windows\system32>Get-ClientAccessServer

Name
----
SRV-MX-01

Open in new window

0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420124
this is my SAN certificate info:

Common name: mail.althompson.com
SANs: mail.althompson.com, www.mail.althompson.com, mail2.althompson.com, autodiscover.althompson.com, legacy.althompson.com, mail3.althompson.com, althompson.com, www.mail.althompson.com
Valid from November 2, 2014 to November 4, 2015
Serial Number: 2b66609d0af392
Signature Algorithm: sha1WithRSAEncryption
Issuer: Go Daddy Secure Certification Authority
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420132
where can i see the autodescover service actually when can I change the autodescovery serveice?
0
 
LVL 19

Assisted Solution

by:Adam Farage
Adam Farage earned 500 total points
ID: 40420145
Internal clients use the AutoDiscoverServiceInternalUri (which is really an Active Directory service connection point). You can view it by doing the following:

Get-ClientAccessServer | Select Name, AutoDiscoverServiceInternaluri
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420153
k , now i see that i point to the right place:

 Identity                       : SRV-MX-01
AutoDiscoverServiceInternalUri : https://mail.althompson.com/Autodiscover/Autodiscover.xml

I did all the steps and still same issue - do i need to restart iis of some services after this change?
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420173
Please , Help :) ...thanks ,
0
 
LVL 19

Expert Comment

by:Adam Farage
ID: 40420175
You shouldn't have to restart IIS since this is held within Active Directory. DNS is pointing to the Exchange server right? Did you all AD to replicate?

Can you check your other CAS services to make sure the InternalURL are correct?
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420188
Actually I didn't do any internal DNS I point directly to the external IP as I do from external -
mail.althompson.com
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420199
do you think I should do it like create another zone althompson.com and create mail.althompson.com and direct it to the internal exchange server?

It was working in the way I did before like when I directed to the external IP.

does it metter?
0
 
LVL 19

Assisted Solution

by:Adam Farage
Adam Farage earned 500 total points
ID: 40420208
There should be a forward lookup zone for althompson.com internally with an A record for mail and autodiscover pointing to the CAS endpoint (either a single CAS or a VIP of a load balancer)
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420217
I have it all working well from external just for my outlook it doesnt work even do when i change to -

https://mail.althompson.com/Autodiscover/Autodiscover.xml
0
 
LVL 19

Expert Comment

by:Adam Farage
ID: 40420219
it should be autodiscover.althompson.com/autodiscover/autodiscover.xml.
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420223
This DNS above point to my server. I did the change and still internal outlook have this issue and getting this error certificate.
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420226
OH k let me check. Thank you soo much for your help.
0
 
LVL 19

Expert Comment

by:Adam Farage
ID: 40420229
No problem. Let me know how it goes. If I don't respond then I am probably on my way home.
0
 
LVL 1

Accepted Solution

by:
Moti Mashiah earned 0 total points
ID: 40420231
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420246
I really get confuse...Don't know what to do. people here call me every 5 minutes LOL...

please, let me know when you can help.

Thanks ,
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420348
Hi I would like to ask if it could be an issue if I don't have the hierarchic in order

like my cert look like that:

Common name: mail.althompson.com
SANs: mail.althompson.com, www.mail.althompson.com, mail2.althompson.com, autodiscover.althompson.com, legacy.althompson.com, mail3.althompson.com, althompson.com, www.mail.althompson.com
Valid from November 2, 2014 to November 4, 2015
Serial Number: 2b66609d0af392
Signature Algorithm: sha1WithRSAEncryption
Issuer: Go Daddy Secure Certification Authority
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420422
K solved thx for all your help.
0
 
LVL 19

Expert Comment

by:Adam Farage
ID: 40420662
How did you solve it?! :)
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 40420710
Your autodiscover solution plus I went to the directories autodiscover and ews in IIS and change the ssl configuration to ignore.

Another things - I also created new DNS zone and make the auto-discover and Mail as internal record which was much better because I had some issue to resolved the external ip of the DNSs  kinda of wired.
I will still investigating what the issue with my DNS.
Thanks for your great help
0
 
LVL 1

Author Closing Comment

by:Moti Mashiah
ID: 40430076
thanks
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question