Solved

Problem with Certificate Exchange 2013 and Outlook Internal

Posted on 2014-11-18
12
137 Views
Last Modified: 2014-11-29
Hi,

Recently I did a migration from Exchange 2003 to Exchange 2013 (via Exchange 2010). Everything works except for certificate problem with Outlook but ONLY for internal users (see attachment, it's in French sorry). Even though there's this error, Outlook connects to exchange server & everything works.

Error in EN is "The server name on the security certificate is invalid or does not match the name of the site"

We bought a Wildcard certificate (on public name of course which is *.xxxxxx.fr) & succescfully imported to the exchange server.

We have two seperate DNS zones, one internal zone in .local & other external (public) zone in .fr
In the external zone, I have two "A" records which redirects to exchange server.

autodiscover.xxxxxx.fr ->> Exchange server IP
mail.xxxxxx.fr ->> Exchange server IP (for Webmail)

In exchange server settings, OAB, ECP & OWA internal & externe URL are set to external URL

I would really appreciate your help

Thank you,
erreur-certifica2.JPG
0
Comment
Question by:Michael ELIE
12 Comments
 
LVL 41

Expert Comment

by:Amit
ID: 40450213
.local is no more supported.
0
 

Author Comment

by:Michael ELIE
ID: 40450238
Thank you for your reply

Can you explain me a bit more please.

Because the client had a Windows server 2003 with Exchange 2003. I did a migration from this server to 2012 R2  & Exchange 2013.

Thanks.
0
 
LVL 41

Expert Comment

by:Amit
ID: 40450257
Read this
http://exchangeserverpro.com/exchange-server-2013-ssl-certificates/

Seems you are still using self signed cert. either you buy it or use internal CA to issue new cert. Avoid using .local.
0
 

Author Comment

by:Michael ELIE
ID: 40450272
I bought a public certificate (as I mentionned on OP)

This only happens if I use Outlook internally. On outside of office, no certificate problem.

Edit - I also have self signed certificate which I do not use
0
 
LVL 41

Expert Comment

by:Amit
ID: 40450292
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40450350
you need to assign that public certificate to the exchange services
you imported it which is the first step, you then need to have the services actually use it

Enable-ExchangeCertificate
http://technet.microsoft.com/en-us/library/aa997231(v=exchg.150).aspx
0
Do email signature updates give you a headache?

Do you feel like all of your time is spent managing email signatures? Too busy to visit every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 
LVL 2

Expert Comment

by:Jasvindar Singh
ID: 40450595
On one of the impacted machine => C:\Windows\System32\drivers\etc => Open "hosts" file as Notepad
Add below mentioned information on the new line:
autodiscover.xxxxxx.fr ->> Exchange server internal IP

And save the file. If the above step resolves the issue on the impacted machine then it seems the issue is with internal DNS or network because of which Outlook is not able to resolve Autodiscover record.

you can also try clearing Store Manager.

Run => type "control keymgr.dll"

It will launch Credential Store Manager, delete all the entries out there (It's cached entries). Deleting credential entries won't impact anything.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40451541
Another article for step-by-step on configuring Exchange 2013 URLs, certificates and split-brain DNS.
http://supertekboy.com/2014/07/08/designing-simple-namespace-exchange-2013/
0
 

Author Comment

by:Michael ELIE
ID: 40451796
Hi,

Thank you all for your answers.

@ Seth Simmons,

I did enabled my public exchange certificate for SMTP & IIS via EAC. Anyways I ran the PS Exchange command Enable-ExchangeCertificate re-enable. It did not resolved my problem....

@ Jasvindar Singh

My problem applies to all internal computers, but once they go out side, no problem with the certificate.
Anyway I will try that solution in a computer to see if the problem resolves.

@ Gareth Gudger, Amith,

I will look at the articles your've linked.

Thanks again, hopefully I will be able to resolve this problem :)
0
 

Author Comment

by:Michael ELIE
ID: 40452278
So,

I modified the hosts file to point to internal exchange server, it still shows the certificate error.

I even deleted the public zone in DNS & recreated the public zone. Problem still persists...

I can acces to webmail internally & externally without certificate error. It happens only in Outlook internally.....  

Settings are exactly same as Gareth Gudger article except for the certificate which is a Wildcard & appied to IIS & SMTP

I'm still looking Anderson Patricio's article

Any other ideas ?

Thanks
0
 

Accepted Solution

by:
Michael ELIE earned 0 total points
ID: 40463995
Problem solved by removing autodiscover.publicdomaine.fr from public DNS zone.

Thanks,
0
 

Author Closing Comment

by:Michael ELIE
ID: 40471403
Solution in my comment
0

Featured Post

Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now