Outlook Cert error

We have a ex 2003 and 2010 in coexistence mode, 2010 has a public cert installed mail.domain.co.uk. This is assigned to all servers and services and the virtual directories are set to this.

We have an issue where when users open outlook they get a certificate error due to a name mismatch. This is because outlook is connecting to servername.domain.local and that obviously is not included on the cert. A Cas array exists Cassite1.domain.co.uk. This affects all 2003 and 201 users
LVL 8
StuartTechnical Architect - CloudAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MASEE Solution Guide - Technical Dept HeadCommented:
Please check my article. It may help to fix your issue. if not fixed please let me know
http://www.experts-exchange.com/articles/13676/Out-Of-office-not-working.html

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
StuartTechnical Architect - CloudAuthor Commented:
Hi following this article resolved the first cert warning for servername.domain.local but now I get one for autodiscover.domain.co.uk it looks like it is using a different cert www.domain.co.uk! Not sure where it is getting this from!
MASEE Solution Guide - Technical Dept HeadCommented:
If you follow my article autodsicover certificate error also will get solved.
Ensure you have autodiscover.emaildomain.com in your certificate.
Anyway can you post a screenshot?
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

StuartTechnical Architect - CloudAuthor Commented:
MASEE Solution Guide - Technical Dept HeadCommented:
It seems you enabled IIS services on wrong certificate.
Do you have A record autodiscover.emaildomain.com points to Exchange server VIP?
Ensure IIS enabled on the right crtificate on both the servers.
StuartTechnical Architect - CloudAuthor Commented:
IIS services are only enabled on the mail. Cert the other cert in exchange (self signed one) just has SMTP (unable to remove this)

The certificate in the warning is a www. cert I'm not sure when this is coming from.. :'(
StuartTechnical Architect - CloudAuthor Commented:
Ok i ran through the assigning certificates to services again, selected IIS and others. Deleted my outlook profile and when through the autodiscover process. I am now getting the warning for servername.domain.local again. I presume the autodiscover is fixed as i didn't have to manually specify mailbox settings.

The internal server names do not have to be on the certificate do they?
StuartTechnical Architect - CloudAuthor Commented:
A little more info - I ran a test email autoconfiguration and the following appear to have url's with servername instead of mail.

Availability Service
Unified message service url
OOF url

Not sure if this helps
mfgsilvaCommented:
Recreate your SSL cert and add your additional server name as a SAN
https://www.digicert.com/subject-alternative-name.htm
StuartTechnical Architect - CloudAuthor Commented:
Why do I need to put my internal exchange server names in my cert? This shouldn't be needed..
mfgsilvaCommented:
The name mismatch is a result. Your internal name is not included.
You could get around by changing or adding an additional  A record on you internal DNS.
MASEE Solution Guide - Technical Dept HeadCommented:
Internal names cannot be added in certificate in the near future. Already most of the CAs already stopped adding internal names.
StuartTechnical Architect - CloudAuthor Commented:
It's not something I want to do either :p, so why is outlook connecting to the server name and not the mail alias that I have configured everywhere and that is present in my cert? I'm lost
MASEE Solution Guide - Technical Dept HeadCommented:
Do you have CAS array configured?
if not please configure CAS array. It is recommended to configure CAS Array even if you have only one CAS server
http://exchangeserverpro.com/exchange-server-2010-cas-array/

Even if  you dont have a CAS array configured you should not have certificate problem.
Only thing is you should configure all the URLs as per my article
http://www.experts-exchange.com/articles/13676/Out-Of-office-not-working.html
StuartTechnical Architect - CloudAuthor Commented:
Yep two configured one per site. I was just doing some dag failover testing for my documentation and hey presto no more errors in outlook!. I think you hit the nail on the head with your first link where I had autodiscover URI's incorrectly set. It seems a reboot was required :))))
StuartTechnical Architect - CloudAuthor Commented:
Reboot was also required but spot on!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.