?
Solved

Problem with Certificate Exchange 2013 and Outlook Internal

Posted on 2014-11-18
12
Medium Priority
?
158 Views
Last Modified: 2014-11-29
Hi,

Recently I did a migration from Exchange 2003 to Exchange 2013 (via Exchange 2010). Everything works except for certificate problem with Outlook but ONLY for internal users (see attachment, it's in French sorry). Even though there's this error, Outlook connects to exchange server & everything works.

Error in EN is "The server name on the security certificate is invalid or does not match the name of the site"

We bought a Wildcard certificate (on public name of course which is *.xxxxxx.fr) & succescfully imported to the exchange server.

We have two seperate DNS zones, one internal zone in .local & other external (public) zone in .fr
In the external zone, I have two "A" records which redirects to exchange server.

autodiscover.xxxxxx.fr ->> Exchange server IP
mail.xxxxxx.fr ->> Exchange server IP (for Webmail)

In exchange server settings, OAB, ECP & OWA internal & externe URL are set to external URL

I would really appreciate your help

Thank you,
erreur-certifica2.JPG
0
Comment
Question by:Michael ELIE
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
12 Comments
 
LVL 44

Expert Comment

by:Amit
ID: 40450213
.local is no more supported.
0
 

Author Comment

by:Michael ELIE
ID: 40450238
Thank you for your reply

Can you explain me a bit more please.

Because the client had a Windows server 2003 with Exchange 2003. I did a migration from this server to 2012 R2  & Exchange 2013.

Thanks.
0
 
LVL 44

Expert Comment

by:Amit
ID: 40450257
Read this
http://exchangeserverpro.com/exchange-server-2013-ssl-certificates/

Seems you are still using self signed cert. either you buy it or use internal CA to issue new cert. Avoid using .local.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Michael ELIE
ID: 40450272
I bought a public certificate (as I mentionned on OP)

This only happens if I use Outlook internally. On outside of office, no certificate problem.

Edit - I also have self signed certificate which I do not use
0
 
LVL 44

Expert Comment

by:Amit
ID: 40450292
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40450350
you need to assign that public certificate to the exchange services
you imported it which is the first step, you then need to have the services actually use it

Enable-ExchangeCertificate
http://technet.microsoft.com/en-us/library/aa997231(v=exchg.150).aspx
0
 
LVL 2

Expert Comment

by:Jasvindar Singh
ID: 40450595
On one of the impacted machine => C:\Windows\System32\drivers\etc => Open "hosts" file as Notepad
Add below mentioned information on the new line:
autodiscover.xxxxxx.fr ->> Exchange server internal IP

And save the file. If the above step resolves the issue on the impacted machine then it seems the issue is with internal DNS or network because of which Outlook is not able to resolve Autodiscover record.

you can also try clearing Store Manager.

Run => type "control keymgr.dll"

It will launch Credential Store Manager, delete all the entries out there (It's cached entries). Deleting credential entries won't impact anything.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40451541
Another article for step-by-step on configuring Exchange 2013 URLs, certificates and split-brain DNS.
http://supertekboy.com/2014/07/08/designing-simple-namespace-exchange-2013/
0
 

Author Comment

by:Michael ELIE
ID: 40451796
Hi,

Thank you all for your answers.

@ Seth Simmons,

I did enabled my public exchange certificate for SMTP & IIS via EAC. Anyways I ran the PS Exchange command Enable-ExchangeCertificate re-enable. It did not resolved my problem....

@ Jasvindar Singh

My problem applies to all internal computers, but once they go out side, no problem with the certificate.
Anyway I will try that solution in a computer to see if the problem resolves.

@ Gareth Gudger, Amith,

I will look at the articles your've linked.

Thanks again, hopefully I will be able to resolve this problem :)
0
 

Author Comment

by:Michael ELIE
ID: 40452278
So,

I modified the hosts file to point to internal exchange server, it still shows the certificate error.

I even deleted the public zone in DNS & recreated the public zone. Problem still persists...

I can acces to webmail internally & externally without certificate error. It happens only in Outlook internally.....  

Settings are exactly same as Gareth Gudger article except for the certificate which is a Wildcard & appied to IIS & SMTP

I'm still looking Anderson Patricio's article

Any other ideas ?

Thanks
0
 

Accepted Solution

by:
Michael ELIE earned 0 total points
ID: 40463995
Problem solved by removing autodiscover.publicdomaine.fr from public DNS zone.

Thanks,
0
 

Author Closing Comment

by:Michael ELIE
ID: 40471403
Solution in my comment
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question