David Whyte
asked on
Security Certificate appearing each time Outlook opens
Hi,
Im getting reports from user that they are seeing a certificate error each time Outlook 2013 opens for users based in the office. The error can be cleared by user but Im looking to apply a reg fix to prevent the error from appearing.
The backend server is SBS2008 and the exchange setup has two domains setup on it.
Is there a way to supress this error?
Thanks
ScamoreIT
Im getting reports from user that they are seeing a certificate error each time Outlook 2013 opens for users based in the office. The error can be cleared by user but Im looking to apply a reg fix to prevent the error from appearing.
The backend server is SBS2008 and the exchange setup has two domains setup on it.
Is there a way to supress this error?
Thanks
ScamoreIT
What name is specified in your certificate? Presuming its something like mail.domain.com you need to set your client access URL's to match
Is there a way to supress this error?
what is the error? invalid date or mismatched host name?
what changed prior to this starting?
with all likelihood the certificate has expired
ASKER
On the error which pops up, it state the following
The name of the security certificate is invalid or does not match the name of the site.
I can confirm the name of the server url which is stated at the top of the certificate is the same has what each user has in the outlook setting for the exchange server.
I can confirm the certificate is not out of date.
Thanks for your comments so far all.
SycamoreIT
The name of the security certificate is invalid or does not match the name of the site.
I can confirm the name of the server url which is stated at the top of the certificate is the same has what each user has in the outlook setting for the exchange server.
I can confirm the certificate is not out of date.
Thanks for your comments so far all.
SycamoreIT
Hello,
Can you open the SBS Console > Networking Tab> Connectivity sub Tab
From the right hand side run the 'Fix My Network Wizard'
Does it bring up any Certificate errors? If so run through the wizard - Selecting only the certificate warning/errors and see if it resolves the problem.
If it does not, can you give us a screen shot of the error and confirm if it says anything about the Auto-Discover or Remote/mail.
Can you open the SBS Console > Networking Tab> Connectivity sub Tab
From the right hand side run the 'Fix My Network Wizard'
Does it bring up any Certificate errors? If so run through the wizard - Selecting only the certificate warning/errors and see if it resolves the problem.
If it does not, can you give us a screen shot of the error and confirm if it says anything about the Auto-Discover or Remote/mail.
ASKER
Hi,
I have carried out the process David but no certificate errors were detected.
Ive attached a copy the error my Outlook users see each time they open the client.
exchane-error.jpg
I have carried out the process David but no certificate errors were detected.
Ive attached a copy the error my Outlook users see each time they open the client.
exchane-error.jpg
Please follow this article written by MAS. I had the same issue and it resolved for me
I did have to reboot after these changes to get this working which is not mentioned in the article
I did have to reboot after these changes to get this working which is not mentioned in the article
ASKER
I was hoping for a local reg hack on the client desktop since its not happening on everyone's PC, only on some.
Is there anyway I can suppress the warning client slide? Not happy messing about on the server has this could have the potential to take out everyone connected to the server.
Is there anyway I can suppress the warning client slide? Not happy messing about on the server has this could have the potential to take out everyone connected to the server.
When you configured the server originally did you use the wizards and go through the Internet address wizard?
The name on the certificate being presented isn't correct. It should be remote.domain.com or mail.domain.com depending how you set it up.
The name on the certificate being presented isn't correct. It should be remote.domain.com or mail.domain.com depending how you set it up.
Can you go through the article and at least do an information gathering, using the get commands and post your results. It sounds like your URL's are configured incorrectly somewhere
ASKER
@David A, I inherited the server so Im afraid I cannot answer that one.
@Stuart, I will run through and pull the info and post but Im pretty sure it will be a dodgy url somewhere.
@Stuart, I will run through and pull the info and post but Im pretty sure it will be a dodgy url somewhere.
Please check this article it may help
https://www.experts-exchange.com/articles/13676/Out-Of-office-not-working.html
https://www.experts-exchange.com/articles/13676/Out-Of-office-not-working.html
ASKER
Ok ran the Exchange Shell command Get-clientAccessServer | fl Name,AutoDiscoverServiceIn ternalUri and got the following output.
https://sbs2011.companyname.local/Autodiscover/Autodiscover.xml
Ran this command Get-WebServicesVirtualDire ctory | fl name,internalurl,externalu rl and got the following output.
Name: EWS (Default Web Site)
InternalURL: https://sbs2011.companyname.local/EWS/Exchange.asmx
ExternalURL:
https://sbs2011.companyname.local/Autodiscover/Autodiscover.xml
Ran this command Get-WebServicesVirtualDire
Name: EWS (Default Web Site)
InternalURL: https://sbs2011.companyname.local/EWS/Exchange.asmx
ExternalURL:
You should change it to your common name using this article for both autodiscover and EWS (both internal and external URL).
i.e. "https://mail.companyname.com/Autodiscover/Autodiscover.xml
https://mail.companyname.com/EWS/Exchange.asmx
If you follow the article completely you will not have certificate errors.
i.e. "https://mail.companyname.com/Autodiscover/Autodiscover.xml
https://mail.companyname.com/EWS/Exchange.asmx
If you follow the article completely you will not have certificate errors.
ASKER
Hi MAS,
So what section do I follow within this document, some of the items within the document are above my technical skills so Im hoping its just one section I have to follow (and its a section I can follow).
Kind regards
SycamoreIT
So what section do I follow within this document, some of the items within the document are above my technical skills so Im hoping its just one section I have to follow (and its a section I can follow).
Kind regards
SycamoreIT
Get-ClientAccessServer | fl identity,autodiscoverservi ceinternal uri
Get-OabVirtualDirectory | fl Server,Name,internalurl,ex ternalurl
Get-WebServicesVirtualDire ctory | fl name,internalurl,externalu rl
Please post the result of these commands
Get-OabVirtualDirectory | fl Server,Name,internalurl,ex
Get-WebServicesVirtualDire
Please post the result of these commands
ASKER
1st command
Identity : SBS2011
AutoDiscoverServiceInterna lUri : https://sbs2011.companyname.local/Autodiscover/Autodiscover.xml
2nd command
Server : SBS2011
Name : OAB (Default Web Site)
InternalUrl : http://sbs2011.companyname.local/OAB
ExternalUrl :
3rd command
Name : EWS (Default Web Site)
InternalUrl : https://sbs2011.compnayname.local/EWS/Exchange.asmx
ExternalUrl :
Thanks
Identity : SBS2011
AutoDiscoverServiceInterna
2nd command
Server : SBS2011
Name : OAB (Default Web Site)
InternalUrl : http://sbs2011.companyname.local/OAB
ExternalUrl :
3rd command
Name : EWS (Default Web Site)
InternalUrl : https://sbs2011.compnayname.local/EWS/Exchange.asmx
ExternalUrl :
Thanks
1st comand
Set your autodiscover to common name.
Set your OAB URLs to common name. Both internal and external
Set your EWS URLs to common name. Both internal and external
Replace mail.youremail.com with your common name
I hope you have split DNS configured.
All these explained in my article including internal DNS server configuration.
https://www.experts-exchange.com/articles/13676/Out-Of-office-not-working.html
Set your autodiscover to common name.
Set-ClientAccessServer -Identity server1 -AutoDiscoverServiceInternalUri "https://mail.youremail.com/autodiscover/autodiscover.xml"
2nd commandSet your OAB URLs to common name. Both internal and external
Set-OabVirtualDirectory -Identity "server1\oab (default web site)" -InternalUrl https://mail.youremail.com/oab -ExternalUrl https://mail.youremail.com/oab
3rd commandSet your EWS URLs to common name. Both internal and external
set-WebservicesVirtualDirectory -Identity "server1\EWS (default web site)" -InternalUrl https://mail.youremail.com/EWS/Exchange.asmx -ExternalUrl https://mail.youremail.com/EWS/Exchange.asmx
Replace mail.youremail.com with your common name
I hope you have split DNS configured.
All these explained in my article including internal DNS server configuration.
https://www.experts-exchange.com/articles/13676/Out-Of-office-not-working.html
ASKER
Sorry for late reply MAS, Ive been away ill. Im back now. Before I execute the above commands, is there any chance it could break connectivity to my exchange server for people on site/off site?
Thanks
SycamoreIT
Thanks
SycamoreIT
No
ASKER
MAS,
Ive done all three commands and my users are still getting the exact same error. See attached.
Does the exchange server services need restarting?
exchange.png
Ive done all three commands and my users are still getting the exact same error. See attached.
Does the exchange server services need restarting?
exchange.png
For me a server restart was required after changing those values although it shouldn't be required
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you MAS. Once the array was completed, I was able to connect with Outlook not showing the certificate.
Thanks
SycamoreIT
Thanks
SycamoreIT