OUtlook certificate for exchange server

Have SBS 2008 and various versions of Outlook from 2003 to 2013. Two days ago they started to get a certificate error message (see attached Exchange-security-error.jpg)  and was able to create a new certificate with dates from 2015 to 2020. HOwever I am now getting a new error stating that "the name on the security certificate is invalid ( attached new-error-message.JPGnew-error-message-2.JPG) . i can see that the original certificate was issued to remote.steeda.com and that the new one is issued to steeda.com. Indeed there are two DNS zones (attached DNS-settings.JPG but I do not know how to change the reference to remote.steeda.com. I havae found serveral articles related to this subject but I cannont get them to work. Here are some links that I found but cannot get to work. I have enabled the certificate with Enable-ExchangeCertificate -Thumbprint xxxxxxxxxxxxx -services "pop,imap,smtp,iis"


Any help to resolve this would and will be appreciated. Not sure why they make it so hard.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
The reason why you are getting this error message is because the certificate you renewed has a different DNS name then you are using for your virtual directories. The name in the SAN (UCC) cert needs to match the name of your virtual directories.

Once you have this configured properly the error message will not show up.

Shweta GoelCommented:

This type of issues are generally occurs when URL that you are trying to access is not listed in either the Subject or Subject Alternative Name (SAN) of the Secure Sockets Layer (SSL) certificate for the Website.

And the second reason may be Auto Discover Domain Name System (DNS) records are configured incorrectly.
David AtkinTechnical DirectorCommented:

To resolve this do the following:

Open the SBS Console
Click on the Network Tab
Click on the Connectivity Sub Tab

Run the Fix My Network wizard from the right hand side.  You will see an error relating to the certificate.  Complete the wizard to fix the error.

You're getting the second error because you've created the certificate manually and not used the correct name that Exchange uses.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

dashmanAuthor Commented:
David, thanks for the reply. I followed your instructions and let the wizard fix the error. However now Outlook is getting a different failure     new-error.jpg. it now shows the remote.steeda.com and the steeda-serversa-ca as before has new dates (2015-2017 rather than 2015-2020) but keeps popping up and when going through the install certificate it does not resolve the issue.

Thanks again for your response.
David AtkinTechnical DirectorCommented:
Hello again,

Reinstall the certificate from the following location:

\\SERVERNAME\Public\Public Downloads\certificate install package

Run the certificate installer application.

Once installed restart outlook and verify if the error is resolved.

Kind regards,

dashmanAuthor Commented:
that appears to have resolved it on the one computer I did that. Is there a way to do that for all computers at once or do I have to do each one individually?
David AtkinTechnical DirectorCommented:
If they are on the local network see if a restart or the PC installs it. The local clients normally auto accept the new cert.

The remote PCs will need it installing via the application.
dashmanAuthor Commented:
All computers are on the local network. If they auto accept it then is it just a matter of time before it gets updated?
One more question. Could I have resolved this using the console and network wizard to start with or did I have to remove and recreate a new certificate? Just wondering in case this happens to another client.
David AtkinTechnical DirectorCommented:
Yes with SBS you will want to use the console to renew expired certificates. Using the console will update everything for you.

Normally you don't have to do anything with the clients once the very had been renewed. You're having to do something now because of the cert name change.

Restart one of the clients and see if you get the error.
dashmanAuthor Commented:
thank you very much. Waiting a period of time has resolved the issue.
dashmanAuthor Commented:
Wish I had found this very easy solution during my initial internet search. It was expertly handled by the responder.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.