Avatar of Michael ELIE
Michael ELIE
 asked on

Problem with Certificate Exchange 2013 and Outlook Internal

Hi,

Recently I did a migration from Exchange 2003 to Exchange 2013 (via Exchange 2010). Everything works except for certificate problem with Outlook but ONLY for internal users (see attachment, it's in French sorry). Even though there's this error, Outlook connects to exchange server & everything works.

Error in EN is "The server name on the security certificate is invalid or does not match the name of the site"

We bought a Wildcard certificate (on public name of course which is *.xxxxxx.fr) & succescfully imported to the exchange server.

We have two seperate DNS zones, one internal zone in .local & other external (public) zone in .fr
In the external zone, I have two "A" records which redirects to exchange server.

autodiscover.xxxxxx.fr ->> Exchange server IP
mail.xxxxxx.fr ->> Exchange server IP (for Webmail)

In exchange server settings, OAB, ECP & OWA internal & externe URL are set to external URL

I would really appreciate your help

Thank you,
erreur-certifica2.JPG
Exchange

Avatar of undefined
Last Comment
Michael ELIE

8/22/2022 - Mon
Amit

.local is no more supported.
Michael ELIE

ASKER
Thank you for your reply

Can you explain me a bit more please.

Because the client had a Windows server 2003 with Exchange 2003. I did a migration from this server to 2012 R2  & Exchange 2013.

Thanks.
Amit

Read this
http://exchangeserverpro.com/exchange-server-2013-ssl-certificates/

Seems you are still using self signed cert. either you buy it or use internal CA to issue new cert. Avoid using .local.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
Michael ELIE

ASKER
I bought a public certificate (as I mentionned on OP)

This only happens if I use Outlook internally. On outside of office, no certificate problem.

Edit - I also have self signed certificate which I do not use
Amit

Seth Simmons

you need to assign that public certificate to the exchange services
you imported it which is the first step, you then need to have the services actually use it

Enable-ExchangeCertificate
http://technet.microsoft.com/en-us/library/aa997231(v=exchg.150).aspx
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Jasvindar Singh

On one of the impacted machine => C:\Windows\System32\drivers\etc => Open "hosts" file as Notepad
Add below mentioned information on the new line:
autodiscover.xxxxxx.fr ->> Exchange server internal IP

And save the file. If the above step resolves the issue on the impacted machine then it seems the issue is with internal DNS or network because of which Outlook is not able to resolve Autodiscover record.

you can also try clearing Store Manager.

Run => type "control keymgr.dll"

It will launch Credential Store Manager, delete all the entries out there (It's cached entries). Deleting credential entries won't impact anything.
Gareth Gudger

Another article for step-by-step on configuring Exchange 2013 URLs, certificates and split-brain DNS.
http://supertekboy.com/2014/07/08/designing-simple-namespace-exchange-2013/
Michael ELIE

ASKER
Hi,

Thank you all for your answers.

@ Seth Simmons,

I did enabled my public exchange certificate for SMTP & IIS via EAC. Anyways I ran the PS Exchange command Enable-ExchangeCertificate re-enable. It did not resolved my problem....

@ Jasvindar Singh

My problem applies to all internal computers, but once they go out side, no problem with the certificate.
Anyway I will try that solution in a computer to see if the problem resolves.

@ Gareth Gudger, Amith,

I will look at the articles your've linked.

Thanks again, hopefully I will be able to resolve this problem :)
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
Michael ELIE

ASKER
So,

I modified the hosts file to point to internal exchange server, it still shows the certificate error.

I even deleted the public zone in DNS & recreated the public zone. Problem still persists...

I can acces to webmail internally & externally without certificate error. It happens only in Outlook internally.....  

Settings are exactly same as Gareth Gudger article except for the certificate which is a Wildcard & appied to IIS & SMTP

I'm still looking Anderson Patricio's article

Any other ideas ?

Thanks
ASKER CERTIFIED SOLUTION
Michael ELIE

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Michael ELIE

ASKER
Solution in my comment