Problem with Certificate Exchange 2013 and Outlook Internal

Hi,

Recently I did a migration from Exchange 2003 to Exchange 2013 (via Exchange 2010). Everything works except for certificate problem with Outlook but ONLY for internal users (see attachment, it's in French sorry). Even though there's this error, Outlook connects to exchange server & everything works.

Error in EN is "The server name on the security certificate is invalid or does not match the name of the site"

We bought a Wildcard certificate (on public name of course which is *.xxxxxx.fr) & succescfully imported to the exchange server.

We have two seperate DNS zones, one internal zone in .local & other external (public) zone in .fr
In the external zone, I have two "A" records which redirects to exchange server.

autodiscover.xxxxxx.fr ->> Exchange server IP
mail.xxxxxx.fr ->> Exchange server IP (for Webmail)

In exchange server settings, OAB, ECP & OWA internal & externe URL are set to external URL

I would really appreciate your help

Thank you,
erreur-certifica2.JPG
Michael ELIEAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AmitIT ArchitectCommented:
.local is no more supported.
0
Michael ELIEAuthor Commented:
Thank you for your reply

Can you explain me a bit more please.

Because the client had a Windows server 2003 with Exchange 2003. I did a migration from this server to 2012 R2  & Exchange 2013.

Thanks.
0
AmitIT ArchitectCommented:
Read this
http://exchangeserverpro.com/exchange-server-2013-ssl-certificates/

Seems you are still using self signed cert. either you buy it or use internal CA to issue new cert. Avoid using .local.
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Michael ELIEAuthor Commented:
I bought a public certificate (as I mentionned on OP)

This only happens if I use Outlook internally. On outside of office, no certificate problem.

Edit - I also have self signed certificate which I do not use
0
Seth SimmonsSr. Systems AdministratorCommented:
you need to assign that public certificate to the exchange services
you imported it which is the first step, you then need to have the services actually use it

Enable-ExchangeCertificate
http://technet.microsoft.com/en-us/library/aa997231(v=exchg.150).aspx
0
Jasvindar SinghOffice 365 AdministratorCommented:
On one of the impacted machine => C:\Windows\System32\drivers\etc => Open "hosts" file as Notepad
Add below mentioned information on the new line:
autodiscover.xxxxxx.fr ->> Exchange server internal IP

And save the file. If the above step resolves the issue on the impacted machine then it seems the issue is with internal DNS or network because of which Outlook is not able to resolve Autodiscover record.

you can also try clearing Store Manager.

Run => type "control keymgr.dll"

It will launch Credential Store Manager, delete all the entries out there (It's cached entries). Deleting credential entries won't impact anything.
0
Gareth GudgerSolution ArchitectCommented:
Another article for step-by-step on configuring Exchange 2013 URLs, certificates and split-brain DNS.
http://supertekboy.com/2014/07/08/designing-simple-namespace-exchange-2013/
0
Michael ELIEAuthor Commented:
Hi,

Thank you all for your answers.

@ Seth Simmons,

I did enabled my public exchange certificate for SMTP & IIS via EAC. Anyways I ran the PS Exchange command Enable-ExchangeCertificate re-enable. It did not resolved my problem....

@ Jasvindar Singh

My problem applies to all internal computers, but once they go out side, no problem with the certificate.
Anyway I will try that solution in a computer to see if the problem resolves.

@ Gareth Gudger, Amith,

I will look at the articles your've linked.

Thanks again, hopefully I will be able to resolve this problem :)
0
Michael ELIEAuthor Commented:
So,

I modified the hosts file to point to internal exchange server, it still shows the certificate error.

I even deleted the public zone in DNS & recreated the public zone. Problem still persists...

I can acces to webmail internally & externally without certificate error. It happens only in Outlook internally.....  

Settings are exactly same as Gareth Gudger article except for the certificate which is a Wildcard & appied to IIS & SMTP

I'm still looking Anderson Patricio's article

Any other ideas ?

Thanks
0
Michael ELIEAuthor Commented:
Problem solved by removing autodiscover.publicdomaine.fr from public DNS zone.

Thanks,
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Michael ELIEAuthor Commented:
Solution in my comment
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.