Exchange 2010 Certificate Error Name certificate is invalid or does not match the name of the site

We are getting errors when opening outlook stating the name on the security certificate is invalid or does not match the name of the site.
I have followed the articles supplied by MAS from other users with same issues, however mine still exist.
jwest3507Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bas2754Commented:
My guess is you have an external domain called mail.mycompany.com and the server name is something like exchange.mycompany.local.

If that is the case you need to make many changes to fix it so that you use the same name internally and externally on the mail server and the certificate for the mail server.  

A good Powershell script to set everything for you is here:

http://msunified.net/2010/05/07/script-for-configuring-exchange-2010-internal-and-external-urls/

Then you just need to be sure you have a certificate assisgned to Exchange with the name(s) you use for each of the URLs.
jwest3507Author Commented:
All names have been changed to the correct URL, however the issue still occurs.
DeepinInfrastructure Engineer Commented:
The tool below will make sure you've not missed any settings
https://www.digicert.com/internal-domain-name-tool.htm


Sound like your certificate has the incorrect SAN's
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

jwest3507Author Commented:
It appears that there is remnants of our old 2007 exchange server. The server was dx'd and from what I can tell it still has hooks in 2010 install. Is there a way to manually remove it?
DeepinInfrastructure Engineer Commented:
Link below should help you, but have a system state backup and full backup before attempting it

http://blog.dargel.at/2012/02/23/remove-legacy-exchange-server-using-adsi/

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jwest3507Author Commented:
Ok so it appears that I still am having issues with this. We have random users getting this error popping up, everything is setup correct using the tools  you guys requested, however we still have issues. Does Exchange need to be restarted?
jwest3507Author Commented:
Here is the security alert.
Security-alert.JPG
bas2754Commented:
The Exchange clients are still using your internal host name for connection to the Exchange Server.  With the script posted above did you run through both the Internal and External routines?  You need to do both of them.

What are the results of the following commands (run from Exchange Powershell):

get-AutodiscoverVirtualDirectory
get-ClientAccessServer
get-webservicesvirtualdirectory
get-oabvirtualdirectory
get-owavirtualdirectory
get-ecpvirtualdirectory
get-ActiveSyncVirtualDirectory

More info found here:

http://social.technet.microsoft.com/wiki/contents/articles/5163.managing-exchange-2010-externalinternal-url-s-via-powershell.aspx

The results of the above should reflect the name on the certificate you are using.
jwest3507Author Commented:
CAS is Exch2010srv
ECp is Exch2010srv

Everything else is correct.
DeepinInfrastructure Engineer Commented:
You need to recreate your SSL certificate with your External link and autodiscover only in the SSL Cert

Eg:
remote.yourdomain.com
autodiscover.yourdomain.com

Remove all internal names from the SSL certificate
jwest3507Author Commented:
no internal names on our SSL cert and those names are already in our SSL Cert.
DeepinInfrastructure Engineer Commented:
Have you assigned IIS to the new certificate ?
jwest3507Author Commented:
Yes, the cert was about to expire so we renewed it and added it to Exchange and the intermediate cert to IIS
bas2754Commented:
You could try to recreate the Profile on a computer just to see if this corrects the problem.  We had one client that no matter what we did it did not go away until we did that.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.