Exchange 2010 Certificate Error Name certificate is invalid or does not match the name of the site

Hi All,

Getting an error on startup in outlook along with a security warning that comes with it listed below, I would like to get this error to go away any ideas?

Exchange 2010 Certificate Error Name certificate is invalid or does not match the name of the site.

We use a third party cert for our Exchange server.

Thanks
LVL 1
wannabecraigAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MAS (MVE)EE Solution GuideCommented:
Please follow my article to fix this issue.

Technet   EE

If it is not fixed please let me know
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
wannabecraigAuthor Commented:
Thanks this article is really well put together, looks like it will get the job done. Will take me some time to get through it all. Will post back as soon as.
0
wannabecraigAuthor Commented:
Hi MAS Experts,

I created the following steps to resolve this issue, the error on the cert by the way is mailserverhostname.domainname.local there is a problem with the sites security certificate the name on the security certificate is invalid or does not match the name of the site.

What do you guys think of the below steps?  

-----------------------------------------------------------------------

1. DNS Changes
i. Create domainname.com forward lookup zone.
ii. Create the following A records in domainname.com zone autodiscover , mail, all pointing to mail server internally.
iii. Create the following A records in domainname.local autodiscover.domainname.local pointing to mail server internally.

2. Certificates & Services this will be done through Exchange Management Console the assignment of services
i. Verify IIS is attached to the current certificate.
ii. Consider whether to transfer IMAP, POP3 and SMTP services from the self signed certificate currently in place to the current wildcard certificate.
iii. Verify these changes by running the following commands in Exchange Shell Get-ExchangeCertificate and Get-ExchangeCertificate | fl , these are two separate commands with different types of outputs.

3. Reset OAB Virtual Directories and Autodiscover url's
i. Reset the internal autodiscover url with this command Set-ClientAccessServer -Identity Exchangeservername -AutoDiscoverServiceInternalUri https://mail.domainname.com/autodiscover/autodiscover.xml
ii. Reset the OAB internal and external url's with this command Set-OabVirtualDirectory -Identity "Exchangeservername\oab (default web site)" -InternalUrl https://mail.domainname.com/oab -ExternalUrl https://mail.domainname.com/oab
iii. Consider resetting the OAB urls through the Exchange MMC.
iv. Reset Webservices url's with this command set-WebservicesVirtualDirectory -Identity "Exchangeservername\EWS (default web site)" -InternalUrl https://mail.domainname.com/EWS/Exchange.asmx -ExternalUrl https://mail.domainname.com/EWS/Exchange.asmx
v. Run the outlook test configuration tool to verify the urls are set correctly including the OOF url.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

wannabecraigAuthor Commented:
Regarding the above error, we currently have 2 certificates active and the following setup/settings

1. Wildcard godaddy certificate *.domainamme.com - services IIS , active = true
2. Selfsigned certificate from the exchange server - services Pop3, Imap, SMTP , active = true

IS this related to the error were getting the cert setup with smtp being assigned to the self signed cert.
0
MAS (MVE)EE Solution GuideCommented:
-->i. Create domainname.com forward lookup zone.  
is it your email domain. e.g. contoso.com
-->ii. Create the following A records in domainname.com zone autodiscover , mail, all pointing to mail server internally.
When you ping mail.contoso.com it should return your internal server IP.
When you ping autodiscover.contoso.com it should return your internal server IP.
-->iii. Create the following A records in domainname.local autodiscover.domainname.local pointing to mail server internally.
No need of autodiscover.domain.local as it is not used by Exchange server.
It will use servername.domain.local from this zone.

This command will show you the certificate issuer and services enabled on that server.
Get-ExchangeCertificate | fl Issuer, isselfsigned, services, thumbprint

Open in new window




Please check this as well
http://www.windowsinfo.eu/?p=236

Please restart the server if possible.
0
wannabecraigAuthor Commented:
Thank you MAS great solution
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.