Security Certificate appearing each time Outlook opens

Hi,

Im getting reports from user that they are seeing a certificate error each time Outlook 2013 opens for users based in the office. The error can be cleared by user but Im looking to apply a reg fix to prevent the error from appearing.

The backend server is SBS2008 and the exchange setup has two domains setup on it.

Is there a way to supress this error?

Thanks
ScamoreIT
SycamoreITAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

StuartTechnical Architect - CloudCommented:
What name is specified in your certificate? Presuming its something like mail.domain.com you need to set your client access URL's to match
0
Seth SimmonsSr. Systems AdministratorCommented:
Is there a way to supress this error?

what is the error?  invalid date or mismatched host name?
what changed prior to this starting?
0
David Johnson, CD, MVPOwnerCommented:
with all likelihood the certificate has expired
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

SycamoreITAuthor Commented:
On the error which pops up, it state the following

The name of the security certificate is invalid or does not match the name of the site.


I can confirm the name of the server url which is stated at the top of the certificate is the same has what each user has in the outlook setting for the exchange server.

I can confirm the certificate is not out of date.

Thanks for your comments so far all.

SycamoreIT
0
David AtkinTechnical DirectorCommented:
Hello,

Can you open the SBS Console > Networking Tab> Connectivity sub Tab
From the right hand side run the 'Fix My Network Wizard'

Does it bring up any Certificate errors?  If so run through the wizard - Selecting only the certificate warning/errors and see if it resolves the problem.

If it does not, can you give us a screen shot of the error and confirm if it says anything about the Auto-Discover or Remote/mail.
0
SycamoreITAuthor Commented:
Hi,

I have carried out the process David but no certificate errors were detected.

Ive attached a copy the error my Outlook users see each time they open the client.
exchane-error.jpg
0
StuartTechnical Architect - CloudCommented:
Please follow this article written by MAS. I had the same issue and it resolved for me

I did have to reboot after these changes to get this working which is not mentioned in the article
0
SycamoreITAuthor Commented:
I was hoping for a local reg hack on the client desktop since its not happening on everyone's PC, only on some.

Is there anyway I can suppress the warning client slide? Not happy messing about on the server has this could have the potential to take out everyone connected to the server.
0
David AtkinTechnical DirectorCommented:
When you configured the server originally did you use the wizards and go through the Internet address wizard?

The name on the certificate being presented isn't correct. It should be remote.domain.com or mail.domain.com depending how you set it up.
0
StuartTechnical Architect - CloudCommented:
Can you go through the article and at least do an information gathering, using the get commands and post your results. It sounds like your URL's are configured incorrectly somewhere
0
SycamoreITAuthor Commented:
@David A, I inherited the server so Im afraid I cannot answer that one.

@Stuart, I will run through and pull the info and post but Im pretty sure it will be a dodgy url somewhere.
0
MAS (MVE)EE Solution GuideCommented:
0
SycamoreITAuthor Commented:
Ok ran the Exchange Shell command Get-clientAccessServer | fl Name,AutoDiscoverServiceInternalUri and got the following output.

https://sbs2011.companyname.local/Autodiscover/Autodiscover.xml

Ran this command Get-WebServicesVirtualDirectory | fl name,internalurl,externalurl and got the following output.

Name: EWS (Default Web Site)
InternalURL: https://sbs2011.companyname.local/EWS/Exchange.asmx
ExternalURL:
0
MAS (MVE)EE Solution GuideCommented:
You should change it to your common name  using this article for both autodiscover and EWS (both internal and external URL).
i.e.  "https://mail.companyname.com/Autodiscover/Autodiscover.xml
https://mail.companyname.com/EWS/Exchange.asmx

If you follow the article completely you will not have certificate errors.
0
SycamoreITAuthor Commented:
Hi MAS,

So what section do I follow within this document, some of the items within the document are above my technical skills so Im hoping its just one section I have to follow (and its a section I can follow).

Kind regards
SycamoreIT
0
MAS (MVE)EE Solution GuideCommented:
Get-ClientAccessServer | fl identity,autodiscoverserviceinternaluri
Get-OabVirtualDirectory |  fl Server,Name,internalurl,externalurl
Get-WebServicesVirtualDirectory | fl name,internalurl,externalurl
Please post the result of these commands
0
SycamoreITAuthor Commented:
1st command

Identity                       : SBS2011
AutoDiscoverServiceInternalUri : https://sbs2011.companyname.local/Autodiscover/Autodiscover.xml


2nd command

Server      : SBS2011
Name        : OAB (Default Web Site)
InternalUrl : http://sbs2011.companyname.local/OAB
ExternalUrl :


3rd command

Name        : EWS (Default Web Site)
InternalUrl : https://sbs2011.compnayname.local/EWS/Exchange.asmx
ExternalUrl :


Thanks
0
MAS (MVE)EE Solution GuideCommented:
1st comand
Set your autodiscover to common name.
Set-ClientAccessServer -Identity server1 -AutoDiscoverServiceInternalUri "https://mail.youremail.com/autodiscover/autodiscover.xml"

Open in new window

2nd command
Set your OAB URLs to common name. Both internal and external
Set-OabVirtualDirectory -Identity "server1\oab (default web site)" -InternalUrl https://mail.youremail.com/oab -ExternalUrl https://mail.youremail.com/oab

Open in new window

3rd command
Set your EWS URLs to common name. Both internal and external
set-WebservicesVirtualDirectory -Identity "server1\EWS (default web site)" -InternalUrl https://mail.youremail.com/EWS/Exchange.asmx  -ExternalUrl https://mail.youremail.com/EWS/Exchange.asmx

Open in new window


Replace mail.youremail.com with your common name
I hope you have split DNS configured.

All these explained in my article including internal DNS server configuration.
http://www.experts-exchange.com/articles/13676/Out-Of-office-not-working.html
0
SycamoreITAuthor Commented:
Sorry for late reply MAS, Ive been away ill. Im back now. Before I execute the above commands, is there any chance it could break connectivity to my exchange server for people on site/off site?

Thanks
SycamoreIT
0
MAS (MVE)EE Solution GuideCommented:
No
0
SycamoreITAuthor Commented:
MAS,

Ive done all three commands and my users are still getting the exact same error. See attached.

Does the exchange server services need restarting?
exchange.png
0
StuartTechnical Architect - CloudCommented:
For me a server restart was required after changing those values although it shouldn't be required
0
MAS (MVE)EE Solution GuideCommented:
Do you have a CAS Array created. If not please create one and try. It is recommended to have CAS Array even if you have only 1 CAS server. https://exchangeserverpro.com/exchange-server-2010-cas-array/
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SycamoreITAuthor Commented:
Thank you MAS. Once the array was completed, I was able to connect with Outlook not showing the certificate.

Thanks
SycamoreIT
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Outlook

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.