Exchange 2010 Cert issue

Hello IT friends,
I recently renewed an SSL certificate from thawte.com for our webmail server (cert was for webmail.domainname.com). Outlook web access and exchange 2010 reside on the same server. I followed the steps at thawte.com for renewing and the support fellow from thawte said everything looks good on their end for webmail. Now the problem is all of my local staff NOT using webmail, but using outlook to connect to Exchange locally, are getting error messages stating "the name on the security certificate is invalid or does not match the name of the site"

  outlook error
The part i scratched off was referring to the xxxxx.local address NOT the webmail.domainname.org that i renewed the cert for. I renewed this cert 2 years back and do not recall having these issues. If there is any more info I need to send let me know. Thanks.
Pig_TroughAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Miguel Angel Perez MuñozCommented:
Outlook uses same cert that OWA. I suggest you uses on this case split dns to resolve your problem. Simply creates on your internal dns public zone and creates public records with internal IP address: http://www.msexchange.org/articles-tutorials/exchange-server-2010/mobility-client-access/using-pinpoint-dns-zones-exchange-2010.html
0
Pig_TroughAuthor Commented:
This is an excellent article in which I will try the suggested items. One question though first, do you think I could set this up during business hours without making email unavailable while I am working on it?
0
Miguel Angel Perez MuñozCommented:
I think that yes, you can setup first DNS settings and then change CAS config.
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

Michael MachieFull-time technical multi-taskerCommented:
Here is the solution to convert from .local to FQDN for Exchange 2010. I literally just performed this process last night..

Use your own internal Exchange Server name in place of CAS1 in the below commands:

Set-ClientAccessServer -Identity CAS1 –AutodiscoverServiceInternalUri https://webmail.mycompany.com/autodiscover/autodiscover.xml

Set-WebServicesVirtualDirectory -Identity “CAS1EWS (Default Web Site)” - InternalUrl https://webmail.mycompany.com/ews/exchange.asmx

Set-OABVirtualDirectory -Identity “CAS1oab (Default Web Site)” –InternalUrl https://webmail.mycompany.com/oab

Set-UMVirtualDirectory -Identity “CAS1unifiedmessaging (Default Web Site)” - InternalUrl https://webmail.mycompany.com/unifiedmessaging/service.asmx

When done running these commands, restart IIS -OR- recycle the MSExchangeAutodiscoverAppPool

Do this off-hours as it will interrupt service briefly.
0
Pig_TroughAuthor Commented:
@Machienet Thank you sir. Did you need to do anything with Split DNS or PinPoint DNS as mentioned in the above article? Assume my local name for the mail server is "mail", on the lines where it says -Identity "CAS1oab" or "CAS1unifiedmessaging" will i need to type "mailoab" and "Mailunifiedmessaging" or simply just "mail". Thanks again man.
0
Michael MachieFull-time technical multi-taskerCommented:
No, I avoided split dns like the plaque - maint. nightmare in my opinion
No PinPoint dns either.. Never even heard about that until this post actually.

yes, your are correct. Assuming the internal name is 'mail', you would type 'mailoab'.

let us know how it goes!
0
Pig_TroughAuthor Commented:
OK I am trying the above and i type:
Set-WebServicesVirtualDirectory -Identity “(SERVER NAME)EWS (Default Web Site)” - InternalUrl https://webmail.mycompany.com/ews/exchange.asmx

i keep getting operation cannot be performed because it cannot find the object. How would i look up the current identity?
0
Michael MachieFull-time technical multi-taskerCommented:
get-webservicesvirtualdirectory | FL

In the list of displayed info you will see 'Identity'. This is the identity and you may have a \between CAS servername and EWS.
[servername]\EWS (Deafult Web Site)

If that is the case you may need to use the \ in the command too.
Set-WebServicesVirtualDirectory -Identity “CAS1\EWS (Default Web Site)” - InternalUrl https://webmail.mycompany.com/ews/exchange.asmx
0
Pig_TroughAuthor Commented:
It was, right after i typed that comment i found an article with the \ in it and it worked! I have not seen the Outlook error message pop up yet, so allow me the end of the day and I will close this out. Much thanks man!
0
Michael MachieFull-time technical multi-taskerCommented:
Sweet! Looking forward to your update.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Pig_TroughAuthor Commented:
Thanks for the quick responses!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.