Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Problem with Certificate Exchange 2013 and Outlook Internal

Posted on 2014-11-18
12
Medium Priority
?
180 Views
Last Modified: 2014-11-29
Hi,

Recently I did a migration from Exchange 2003 to Exchange 2013 (via Exchange 2010). Everything works except for certificate problem with Outlook but ONLY for internal users (see attachment, it's in French sorry). Even though there's this error, Outlook connects to exchange server & everything works.

Error in EN is "The server name on the security certificate is invalid or does not match the name of the site"

We bought a Wildcard certificate (on public name of course which is *.xxxxxx.fr) & succescfully imported to the exchange server.

We have two seperate DNS zones, one internal zone in .local & other external (public) zone in .fr
In the external zone, I have two "A" records which redirects to exchange server.

autodiscover.xxxxxx.fr ->> Exchange server IP
mail.xxxxxx.fr ->> Exchange server IP (for Webmail)

In exchange server settings, OAB, ECP & OWA internal & externe URL are set to external URL

I would really appreciate your help

Thank you,
erreur-certifica2.JPG
0
Comment
Question by:Michael ELIE
12 Comments
 
LVL 45

Expert Comment

by:Amit
ID: 40450213
.local is no more supported.
0
 

Author Comment

by:Michael ELIE
ID: 40450238
Thank you for your reply

Can you explain me a bit more please.

Because the client had a Windows server 2003 with Exchange 2003. I did a migration from this server to 2012 R2  & Exchange 2013.

Thanks.
0
 
LVL 45

Expert Comment

by:Amit
ID: 40450257
Read this
http://exchangeserverpro.com/exchange-server-2013-ssl-certificates/

Seems you are still using self signed cert. either you buy it or use internal CA to issue new cert. Avoid using .local.
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 

Author Comment

by:Michael ELIE
ID: 40450272
I bought a public certificate (as I mentionned on OP)

This only happens if I use Outlook internally. On outside of office, no certificate problem.

Edit - I also have self signed certificate which I do not use
0
 
LVL 45

Expert Comment

by:Amit
ID: 40450292
0
 
LVL 36

Expert Comment

by:Seth Simmons
ID: 40450350
you need to assign that public certificate to the exchange services
you imported it which is the first step, you then need to have the services actually use it

Enable-ExchangeCertificate
http://technet.microsoft.com/en-us/library/aa997231(v=exchg.150).aspx
0
 
LVL 2

Expert Comment

by:Jasvindar Singh
ID: 40450595
On one of the impacted machine => C:\Windows\System32\drivers\etc => Open "hosts" file as Notepad
Add below mentioned information on the new line:
autodiscover.xxxxxx.fr ->> Exchange server internal IP

And save the file. If the above step resolves the issue on the impacted machine then it seems the issue is with internal DNS or network because of which Outlook is not able to resolve Autodiscover record.

you can also try clearing Store Manager.

Run => type "control keymgr.dll"

It will launch Credential Store Manager, delete all the entries out there (It's cached entries). Deleting credential entries won't impact anything.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40451541
Another article for step-by-step on configuring Exchange 2013 URLs, certificates and split-brain DNS.
http://supertekboy.com/2014/07/08/designing-simple-namespace-exchange-2013/
0
 

Author Comment

by:Michael ELIE
ID: 40451796
Hi,

Thank you all for your answers.

@ Seth Simmons,

I did enabled my public exchange certificate for SMTP & IIS via EAC. Anyways I ran the PS Exchange command Enable-ExchangeCertificate re-enable. It did not resolved my problem....

@ Jasvindar Singh

My problem applies to all internal computers, but once they go out side, no problem with the certificate.
Anyway I will try that solution in a computer to see if the problem resolves.

@ Gareth Gudger, Amith,

I will look at the articles your've linked.

Thanks again, hopefully I will be able to resolve this problem :)
0
 

Author Comment

by:Michael ELIE
ID: 40452278
So,

I modified the hosts file to point to internal exchange server, it still shows the certificate error.

I even deleted the public zone in DNS & recreated the public zone. Problem still persists...

I can acces to webmail internally & externally without certificate error. It happens only in Outlook internally.....  

Settings are exactly same as Gareth Gudger article except for the certificate which is a Wildcard & appied to IIS & SMTP

I'm still looking Anderson Patricio's article

Any other ideas ?

Thanks
0
 

Accepted Solution

by:
Michael ELIE earned 0 total points
ID: 40463995
Problem solved by removing autodiscover.publicdomaine.fr from public DNS zone.

Thanks,
0
 

Author Closing Comment

by:Michael ELIE
ID: 40471403
Solution in my comment
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to effectively resolve the number one email related issue received by helpdesks.
There are literally thousands of Exchange recovery applications out there. So how do you end up picking one that’s ideal for your business & purpose? By carefully scouting the product’s features, the benefits it offers you, & reading ample reviews f…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Suggested Courses
Course of the Month14 days, 18 hours left to enroll

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question