Certificate issues after removing internal names from Exchange 2010 certificates...
Hello all,
here's my setup:
servera
netbios name: servera
fqdn: servera.domain.local
serverb
netbios name: serverb
fqdn: serverb.domain.local
the two servers are setup in a casarray called mail.domain.com
my external hostname is mail.domain.com
This evening I updated the certificates on my exchange 2010 boxes. The updated certs no longer contain netbios names or the internal dns fqdn for each server. I've changed the ecp, owa, ews, oab, and AutodiscoverServiceInterna
Thanks in advance for your help.
here's my setup:
servera
netbios name: servera
fqdn: servera.domain.local
serverb
netbios name: serverb
fqdn: serverb.domain.local
the two servers are setup in a casarray called mail.domain.com
my external hostname is mail.domain.com
This evening I updated the certificates on my exchange 2010 boxes. The updated certs no longer contain netbios names or the internal dns fqdn for each server. I've changed the ecp, owa, ews, oab, and AutodiscoverServiceInterna
Thanks in advance for your help.
ASKER
My certificate has the following SANs:
DNS Name=domain.com
DNS Name=mail.domain.com
DNS Name=mail2.domain.com
DNS Name=owa.domain.com
DNS Name=autodiscover.domain.c
DNS Name=legacy.domain.com
DNS Name=domain.com
DNS Name=mail.domain.com
DNS Name=mail2.domain.com
DNS Name=owa.domain.com
DNS Name=autodiscover.domain.c
DNS Name=legacy.domain.com
Hi,
The Autodiscover internal URL should me the internal URL not the external hostname means fully qualified domain name. Refer the below link
https://technet.microsoft.com/en-us/library/bb125157(v=exchg.160).aspx
http://blogs.technet.com/b/danielkenyon-smith/archive/2010/05/13/the-name-on-the-certificate-is-invalid-or-does-not-match-the-name-of-the-site-part-2.aspx
Thanks
Manikandan
The Autodiscover internal URL should me the internal URL not the external hostname means fully qualified domain name. Refer the below link
https://technet.microsoft.com/en-us/library/bb125157(v=exchg.160).aspx
http://blogs.technet.com/b/danielkenyon-smith/archive/2010/05/13/the-name-on-the-certificate-is-invalid-or-does-not-match-the-name-of-the-site-part-2.aspx
Thanks
Manikandan
Since your certificate only contains 'external' fqdn's, please check that the autodiscover internal url is autodiscover.domain.com (external DNS name). After that, make a new Forward DNS zone named 'autodiscover.domain.com' (external DNS name) and in that zone, add two A records, leave the name blank and add only the ip numbers of your cas servers. Note that you have to make one A record per server.
Hope this helps!
Hope this helps!
ASKER
Manikandan Narayanswamy,
I used that article for guidance in changing ecp, owa, ews, oab, and AutodiscoverServiceInterna
Set-ClientAccessServer -Identity "servera" –AutodiscoverServiceIntern
Set-WebServicesVirtualDire
Set-OABVirtualDirectory -Identity “servera\OAB (Default Web Site)” -InternalURL https://mx.republictitle.com/OAB
Enable-OutlookAnywhere -Server server -ExternalHostname “mx.republictitle.com” -ClientAuthenticationMetho
Set-ActiveSyncVirtualDirec
Set-ClientAccessServer -Identity "serverb" –AutodiscoverServiceIntern
Set-WebServicesVirtualDire
Set-OABVirtualDirectory -Identity “serverb\OAB (Default Web Site)” -InternalURL https://mx.republictitle.com/OAB
Enable-OutlookAnywhere -Server serverb -ExternalHostname “mx.republictitle.com” -ClientAuthenticationMetho
Set-ActiveSyncVirtualDirec
Did I misunderstand the article? If those commands aren't correct, what should they have been?
I used that article for guidance in changing ecp, owa, ews, oab, and AutodiscoverServiceInterna
Set-ClientAccessServer -Identity "servera" –AutodiscoverServiceIntern
Set-WebServicesVirtualDire
Set-OABVirtualDirectory -Identity “servera\OAB (Default Web Site)” -InternalURL https://mx.republictitle.com/OAB
Enable-OutlookAnywhere -Server server -ExternalHostname “mx.republictitle.com” -ClientAuthenticationMetho
Set-ActiveSyncVirtualDirec
Set-ClientAccessServer -Identity "serverb" –AutodiscoverServiceIntern
Set-WebServicesVirtualDire
Set-OABVirtualDirectory -Identity “serverb\OAB (Default Web Site)” -InternalURL https://mx.republictitle.com/OAB
Enable-OutlookAnywhere -Server serverb -ExternalHostname “mx.republictitle.com” -ClientAuthenticationMetho
Set-ActiveSyncVirtualDirec
Did I misunderstand the article? If those commands aren't correct, what should they have been?
ASKER
EvilKnievel,
I just applied your suggestion and have seen no change after flushing dns cache.
Any other suggestions?
I just applied your suggestion and have seen no change after flushing dns cache.
Any other suggestions?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Holy cow Scott!
I just tried that on my two test accounts that were having issues and that seems to have resolved the error.
I'm gonna leave this open for a few hours today (for me get a larger sample of users), and if this fixes them I'll be marking your answer as the solution.
Thanks.
I just tried that on my two test accounts that were having issues and that seems to have resolved the error.
I'm gonna leave this open for a few hours today (for me get a larger sample of users), and if this fixes them I'll be marking your answer as the solution.
Thanks.
I thought it might. From what you wrote, it looked like you have everything set up correctly.
I ran into this myself a few weeks ago. I checked and re-checked the cert and all of my settings. Then I set up a brand new client and everything worked.
That told me things were set up right and it was a client-side issue.
Glad things are looking like they are working.
I ran into this myself a few weeks ago. I checked and re-checked the cert and all of my settings. Then I set up a brand new client and everything worked.
That told me things were set up right and it was a client-side issue.
Glad things are looking like they are working.
Touching base to see how things are going.
ASKER
We're closed today for Columbus Day so I don't have any thing to report.
If we don't have any repeat users with this issue tomorrow I will mark this as answered.
Thanks for following up.
If we don't have any repeat users with this issue tomorrow I will mark this as answered.
Thanks for following up.
ASKER
No repeat customers after 2 business days. This is the fix for us.
Thanks Scottcha!
Thanks Scottcha!
What about Outlook anywhere is the name of the Oulook anywhere is present on the certificate. Refer the below link please
https://technet.microsoft.com/en-us/library/dd351057(v=exchg.141).aspx
Thanks
Manikandan