Exchange 2010 “Name on Certificate does not match site” error from Outlook 2007 clients
Posted on 2015-01-13
We had one 2007 exchange server on a virtual 2003 box. We have upgraded to Exchange 2010 and now have two 2008 R2 virtual servers (one with the mailbox role and the other with CAS & Hub roles). We are planning to implement an edge-server later. All the mailboxes have been moved to the 2010 box along with firewall routing, DNS pointers and a new SSL certificate (not self signed). We have 42 mailboxes.
On our user’s machines (all users are using Outlook 2007) we are having the Security Alert window pop up with the “The name on the security certificate is invalid or does not match the name of the site” message. It shows the name it is looking for as ServerName.Domain.Local. I was going to add the .Local name to the certificate (as I did when we had this problem with our exchange 2007 upgrade) but .local is going away as far as CA certs are concerned and would just postpone the problem. Not to mention making my 2 year certificate only good for 11 months.
I also have a self-signed cert that lists server.domain.local and I assigned to imap and pop and we still get the error box.
I have gone through all the options in the EMC that I could find and changed all incidences of .local to .com, which we have matching DNS entries for and still no joy. If we click on YES outlook runs normally but will re-display the error one more time. I do not want users to get used to clicking YES on these errors for obvious reasons. With the .local URLs going away, surely there should be is a fix for this?