Solved

SBS Certificate name mismatch Exchange Server 2010

Posted on 2015-01-22
13
119 Views
Last Modified: 2015-01-27
Hi,

I have just taken over a clients SBS 2011 server which was setup to use mail.domain.com as the primary format, they were having a lot of issues so many changes had to be made to put the server back to a typical SBS server deployment. All is now working on the standard remote.domain.com domain and a new SSL certificate has been purchased and applied.

All seems to be working well except when clients are accessing outlook it is showing a certificate warning for the old host name mail.domain.com and running the fix my network wizard does not seem to correct the old address with the new one of remote.domain.com.

Can someone tell me what commands I need to run to set it all back to the standard SBS deployment of remote.domain.com?
0
Comment
Question by:Tahir2008
  • 8
  • 4
13 Comments
 
LVL 24

Accepted Solution

by:
-MAS earned 500 total points
ID: 40565485
can you please post the error?
At the same time please check my article.
It may help
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40565540
Did you install the certificate through the SBS Console or did you do it manually through the Exchange Management Shell/Console? SBS is very wizard driven so it's always recommended to use the SBS Console when possible.

To add the SSL certificate using the Add a trusted certificate wizard in the SBS Console:
- In the SBS Console, click on Network
- Click on the Connectivity tab
- Click Add a trusted certificate on the right pane underneath Connectivity Tasks
- Click Next at the Before you begin window
- Select I want to replace existing certificate with a new one option then click Next
- Select I want to use a certificate that is already installed on the server then click Next
- Select the new SSL certificate from the list then click Next
- The wizard should then configure the SSL certificate in all the appropriate areas on your server

See this link for further information: https://technet.microsoft.com/en-us/library/cc546059.aspx
0
 
LVL 1

Author Comment

by:Tahir2008
ID: 40566114
The host name was changed using the SBS console and the SSL certificate was also installed using the SBS console. I think the previous IT guy may have made manual changes to the system rather than using the wizards hence why the domain being used was mail.domain.com instead of the standard SBS hostname of remote.domain.com.

The error that is presented is a certificate mismatch notice similar to this:
http://blogs.technet.com/blogfiles/sbs/WindowsLiveWriter/TroubleshootingCertificateMismatchWarnin_DEDC/clip_image004_thumb.jpg

But instead the hostname it is showing is the old address mail.domain.com not the new one which should be remote.domain.com with the correct SSL certificate which has been installed also for remote.domain.com

So all I need to know is what commands need to be entered to restore the settings to use remote.domain.com
0
 
LVL 24

Expert Comment

by:-MAS
ID: 40568868
The above error is autodiscover error. Check the URL settings on Exchange by the below command.
Get-clientAccessServer | fl Name,AutoDiscoverServiceInternalUri

Open in new window

Please set the autodiscover using the below command (which is copied from my article above)
Set-ClientAccessServer -Identity server1 -AutoDiscoverServiceInternalUri "https://commonname.domain.com/autodiscover/autodiscover.xml"

Open in new window

Ensure you can resolve your common name internally (Which is explained in my article)
0
 
LVL 1

Author Comment

by:Tahir2008
ID: 40569089
Hi,

That seems to have resolved the issue with the Outlook certificate mismatch, thanks so much for that, but there are a few other directories which still point to the old location of mail.domain.com instead of the new remote.domain.com:

- WebServicesVirtualDirectory
  EWS
 ews
OAB

Do you know the commands to check and reset these to the new remote.domain.com address format as well please? I would like to ensure all of the areas which may have been assigned mail.domain.com are changed so that if that host record is deleted nothing is affected?

Thanks.
0
 
LVL 1

Author Comment

by:Tahir2008
ID: 40569096
Thanks MAS, found the info in the article and have used the following commands to reset from mail.domain.com to the SBS default of remote.domain.com

Set-ClientAccessServer -Identity SERVERNAME -AutoDiscoverServiceInternalUri "https://remote.domain.com/autodiscover/autodiscover.xml"

Set-OabVirtualDirectory -Identity "SERVERNAME\oab (default web site)" -InternalUrl https://remote.domain.com/oab -ExternalUrl https://remote.domain.com/oab

set-WebservicesVirtualDirectory -Identity "SERVERNAME\EWS (default web site)" -InternalUrl https://remote.domain.com/EWS/Exchange.asmx  -ExternalUrl https://remote.domain.com/ews/Exchange.asmx

Will just wait to see if the issue has now been resolved and will get back to you shortly.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 1

Author Comment

by:Tahir2008
ID: 40569100
Seems my clients Outlook is still showing mail.domain.com certificate error, when running the test configuration all looks well but then selecting the log option shows:

Guessmart IMAP mail.domain.com
Guessmart IMAP imap.domain.com
Guessmart POP mail.domain.com
Guessmart POP pop.domain.com

Is it possible to change the mail.domain.com also for these to remote.domain.com or add this as an entry?
0
 
LVL 1

Author Comment

by:Tahir2008
ID: 40569114
I have rebooted the server and I think for now that seems to have stopped the certificate mismatch from occurring so I will go ahead and close this case as resolved and check back if the issue is still unresolved. Thanks for the help MAS.
0
 
LVL 1

Author Comment

by:Tahir2008
ID: 40569116
Spot on advice and link back to article which allowed me to fix the remaining issues.
0
 
LVL 24

Expert Comment

by:-MAS
ID: 40569138
Hi Tahir,
Thanks for the points.
You are supposed to accept the first comment as answer as it will  award my article.  All these command I copied from my article.
if you dont mind please do it.
0
 
LVL 1

Author Comment

by:Tahir2008
ID: 40569149
Not sure how to change the accepted answer.
0
 
LVL 24

Expert Comment

by:-MAS
ID: 40569213
click "Request attention" and request to open the question for you.
Admin will open the question for you.
0
 
LVL 1

Author Closing Comment

by:Tahir2008
ID: 40572667
Perfect response and fixed the issue as expected.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

This guide is intended for migrating Windows 2003 Standard with Exchange 2003 to Windows Small Business Server 2008. You will need the following: Exchange Best Practice Analyzer: http://www.microsoft.com/downloads/details.aspx?FamilyID=DBAB201F-…
I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now