Link to home
Start Free TrialLog in
Avatar of box-bb-car
box-bb-carFlag for United States of America

asked on

Certificate error Outlook 2010/2013 clients

We have a client running Exchange 2010 on a Windows 2012 R2 server with Outlook 2010/2013 clients. It has a UCC certificate from Godaddy! Everything has been fine with this server for months. A week ago the clients started getting certificate errors. The name on the security certificate is invalid or doesn't match the name on the certificate. Here is where it gets weird. The server name listed at the top of the security alert is mail.domainname.com.com ( Notice the extra .com). If you view the certificate it says issued to *.com.com by RapidSSL SHA256 CA - G3. One of my coworkers and I have been over this server and client pc's backwards and forwards and can not find where this certificate is coming from. Other than doing windows updates a couple of weeks ago nothing has changed on this server. HAs anyone got any ideas? The users can click yes to continue but they are getting annoyed with that. I've checked all the DNS entries at Network Solutions and on the local DNS and everything appears fine. I've done the Microsoft Exchange Connectivity tests and everything come back fine. Help Please.
Avatar of Will Szymkowski
Will Szymkowski
Flag of Canada image

Is the certificate path in the proper certificate store? How could your certificate been modified?

Has anything changed on your virtual directories?

Will.
someone has installed a rapidssl certificate.. You say you use godaddy which certificates are issued either by godaddy or startfield
ASKER CERTIFIED SOLUTION
Avatar of M A
M A
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Are your Dns entries at network solutions ended with a period (full stop). To ensure they are fully qualified otherwise it will append .com to the entries?
And they will resolve to subdomain.domain.com.com
Avatar of box-bb-car

ASKER

The trouble cert does not appear on any client system, nor on the server when we search by thumbprint. That is the frustrating part. If we could find the certificate we would remove it, or at least have a jumping off point from which to troubleshoot. All certs in exchange are correct in the console. Will verify that we do not have any that appear at the powershell level.

The certificate path does not come into play unless you choose to install the certificate on a client machine, then it installs into a folder of 'Other' if you allow auto install. As stated, it does not appear on the server when we search by thumbprint. Normally this would be an intermediate authority cert. Am wondering if in the Windows updates it may have corrupted some of the root certs
Just checked the URL's as suggested by MAS. Sure enough the one for the internal URL for the Web Services virtual directory had an extra .com in it. Not sure why or how that happened. Will have to see if this corrects the issue completely or if something else is going on that is changing that value.
Did you reconfigure the URLs as per the article and check?

If still you have error please let us know.
Thanks for pointing us in the right direction. Still don't know what caused the url to change but it's been corrected.