exchange 2010

Hi guys ,

I have issue with my exchange server , I jsut renew my certificate and everything works fine just have some issue with internally users outlook the get this message every 5 minutes in their outlook.

please see attachment error.exchange
LVL 1
Moti Mashiah.NET DeveloperAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Adam FarageEnterprise ArchCommented:
What names are on the certificate, and what is the AutoDiscoverServiceInternalUri set to?

Run the following and post it here:

Get-ClientAccessServer | ServerName, AutoDiscoverServiceInternalUri

What most likely is going on is that the AutoDiscover SCP is set to the server name instead of autodiscover.company.com which should be on the certificate. Do the following:

- Make sure the SSL certificate has autodiscover.company.com listed as a subject alternative name
- Change the AutoDiscoverServiceInternalUri to autodiscover.company.com
Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://autodiscover.company.com/autodiscover/autodiscover.xml

Open in new window

- Within internal DNS set an A record to point autodiscover.company.com to either a load balancer that is load balancing the CAS Array / CAS or to a single CAS if you only have one CAS.
0
Moti Mashiah.NET DeveloperAuthor Commented:
Hi ,

I typed the command you suggested
 Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://autodiscover.company.com/autodiscover/autodiscover.xml

Open in new window


and still when I type Get-ClientAccessServer I'm getting my server name

[PS] C:\Windows\system32>Get-ClientAccessServer

Name
----
SRV-MX-01

Open in new window

0
Moti Mashiah.NET DeveloperAuthor Commented:
this is my SAN certificate info:

Common name: mail.althompson.com
SANs: mail.althompson.com, www.mail.althompson.com, mail2.althompson.com, autodiscover.althompson.com, legacy.althompson.com, mail3.althompson.com, althompson.com, www.mail.althompson.com
Valid from November 2, 2014 to November 4, 2015
Serial Number: 2b66609d0af392
Signature Algorithm: sha1WithRSAEncryption
Issuer: Go Daddy Secure Certification Authority
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

Moti Mashiah.NET DeveloperAuthor Commented:
where can i see the autodescover service actually when can I change the autodescovery serveice?
0
Adam FarageEnterprise ArchCommented:
Internal clients use the AutoDiscoverServiceInternalUri (which is really an Active Directory service connection point). You can view it by doing the following:

Get-ClientAccessServer | Select Name, AutoDiscoverServiceInternaluri
0
Moti Mashiah.NET DeveloperAuthor Commented:
k , now i see that i point to the right place:

 Identity                       : SRV-MX-01
AutoDiscoverServiceInternalUri : https://mail.althompson.com/Autodiscover/Autodiscover.xml

I did all the steps and still same issue - do i need to restart iis of some services after this change?
0
Moti Mashiah.NET DeveloperAuthor Commented:
Please , Help :) ...thanks ,
0
Adam FarageEnterprise ArchCommented:
You shouldn't have to restart IIS since this is held within Active Directory. DNS is pointing to the Exchange server right? Did you all AD to replicate?

Can you check your other CAS services to make sure the InternalURL are correct?
0
Moti Mashiah.NET DeveloperAuthor Commented:
Actually I didn't do any internal DNS I point directly to the external IP as I do from external -
mail.althompson.com
0
Moti Mashiah.NET DeveloperAuthor Commented:
do you think I should do it like create another zone althompson.com and create mail.althompson.com and direct it to the internal exchange server?

It was working in the way I did before like when I directed to the external IP.

does it metter?
0
Adam FarageEnterprise ArchCommented:
There should be a forward lookup zone for althompson.com internally with an A record for mail and autodiscover pointing to the CAS endpoint (either a single CAS or a VIP of a load balancer)
0
Moti Mashiah.NET DeveloperAuthor Commented:
I have it all working well from external just for my outlook it doesnt work even do when i change to -

https://mail.althompson.com/Autodiscover/Autodiscover.xml
0
Adam FarageEnterprise ArchCommented:
it should be autodiscover.althompson.com/autodiscover/autodiscover.xml.
0
Moti Mashiah.NET DeveloperAuthor Commented:
This DNS above point to my server. I did the change and still internal outlook have this issue and getting this error certificate.
0
Moti Mashiah.NET DeveloperAuthor Commented:
OH k let me check. Thank you soo much for your help.
0
Adam FarageEnterprise ArchCommented:
No problem. Let me know how it goes. If I don't respond then I am probably on my way home.
0
Moti Mashiah.NET DeveloperAuthor Commented:
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Moti Mashiah.NET DeveloperAuthor Commented:
I really get confuse...Don't know what to do. people here call me every 5 minutes LOL...

please, let me know when you can help.

Thanks ,
0
Moti Mashiah.NET DeveloperAuthor Commented:
Hi I would like to ask if it could be an issue if I don't have the hierarchic in order

like my cert look like that:

Common name: mail.althompson.com
SANs: mail.althompson.com, www.mail.althompson.com, mail2.althompson.com, autodiscover.althompson.com, legacy.althompson.com, mail3.althompson.com, althompson.com, www.mail.althompson.com
Valid from November 2, 2014 to November 4, 2015
Serial Number: 2b66609d0af392
Signature Algorithm: sha1WithRSAEncryption
Issuer: Go Daddy Secure Certification Authority
0
Moti Mashiah.NET DeveloperAuthor Commented:
K solved thx for all your help.
0
Adam FarageEnterprise ArchCommented:
How did you solve it?! :)
0
Moti Mashiah.NET DeveloperAuthor Commented:
Your autodiscover solution plus I went to the directories autodiscover and ews in IIS and change the ssl configuration to ignore.

Another things - I also created new DNS zone and make the auto-discover and Mail as internal record which was much better because I had some issue to resolved the external ip of the DNSs  kinda of wired.
I will still investigating what the issue with my DNS.
Thanks for your great help
0
Moti Mashiah.NET DeveloperAuthor Commented:
thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.