Exchange 2010 Certificate Error Name certificate is invalid or does not match the name of the site

We are getting errors when opening outlook stating the name on the security certificate is invalid or does not match the name of the site.
I have followed the articles supplied by MAS from other users with same issues, however mine still exist.
jwest3507Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bas2754Commented:
My guess is you have an external domain called mail.mycompany.com and the server name is something like exchange.mycompany.local.

If that is the case you need to make many changes to fix it so that you use the same name internally and externally on the mail server and the certificate for the mail server.  

A good Powershell script to set everything for you is here:

http://msunified.net/2010/05/07/script-for-configuring-exchange-2010-internal-and-external-urls/

Then you just need to be sure you have a certificate assisgned to Exchange with the name(s) you use for each of the URLs.
0
jwest3507Author Commented:
All names have been changed to the correct URL, however the issue still occurs.
0
DeepinInfrastructure Engineer Commented:
The tool below will make sure you've not missed any settings
https://www.digicert.com/internal-domain-name-tool.htm


Sound like your certificate has the incorrect SAN's
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

jwest3507Author Commented:
It appears that there is remnants of our old 2007 exchange server. The server was dx'd and from what I can tell it still has hooks in 2010 install. Is there a way to manually remove it?
0
DeepinInfrastructure Engineer Commented:
Link below should help you, but have a system state backup and full backup before attempting it

http://blog.dargel.at/2012/02/23/remove-legacy-exchange-server-using-adsi/
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jwest3507Author Commented:
Ok so it appears that I still am having issues with this. We have random users getting this error popping up, everything is setup correct using the tools  you guys requested, however we still have issues. Does Exchange need to be restarted?
0
jwest3507Author Commented:
Here is the security alert.
Security-alert.JPG
0
bas2754Commented:
The Exchange clients are still using your internal host name for connection to the Exchange Server.  With the script posted above did you run through both the Internal and External routines?  You need to do both of them.

What are the results of the following commands (run from Exchange Powershell):

get-AutodiscoverVirtualDirectory
get-ClientAccessServer
get-webservicesvirtualdirectory
get-oabvirtualdirectory
get-owavirtualdirectory
get-ecpvirtualdirectory
get-ActiveSyncVirtualDirectory

More info found here:

http://social.technet.microsoft.com/wiki/contents/articles/5163.managing-exchange-2010-externalinternal-url-s-via-powershell.aspx

The results of the above should reflect the name on the certificate you are using.
0
jwest3507Author Commented:
CAS is Exch2010srv
ECp is Exch2010srv

Everything else is correct.
0
DeepinInfrastructure Engineer Commented:
You need to recreate your SSL certificate with your External link and autodiscover only in the SSL Cert

Eg:
remote.yourdomain.com
autodiscover.yourdomain.com

Remove all internal names from the SSL certificate
0
jwest3507Author Commented:
no internal names on our SSL cert and those names are already in our SSL Cert.
0
DeepinInfrastructure Engineer Commented:
Have you assigned IIS to the new certificate ?
0
jwest3507Author Commented:
Yes, the cert was about to expire so we renewed it and added it to Exchange and the intermediate cert to IIS
0
bas2754Commented:
You could try to recreate the Profile on a computer just to see if this corrects the problem.  We had one client that no matter what we did it did not go away until we did that.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.