Exchange 2010 Cert issue

Hello IT friends,
I recently renewed an SSL certificate from for our webmail server (cert was for Outlook web access and exchange 2010 reside on the same server. I followed the steps at for renewing and the support fellow from thawte said everything looks good on their end for webmail. Now the problem is all of my local staff NOT using webmail, but using outlook to connect to Exchange locally, are getting error messages stating "the name on the security certificate is invalid or does not match the name of the site"

  outlook error
The part i scratched off was referring to the xxxxx.local address NOT the that i renewed the cert for. I renewed this cert 2 years back and do not recall having these issues. If there is any more info I need to send let me know. Thanks.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Miguel Angel Perez MuñozCommented:
Outlook uses same cert that OWA. I suggest you uses on this case split dns to resolve your problem. Simply creates on your internal dns public zone and creates public records with internal IP address:
Pig_TroughAuthor Commented:
This is an excellent article in which I will try the suggested items. One question though first, do you think I could set this up during business hours without making email unavailable while I am working on it?
Miguel Angel Perez MuñozCommented:
I think that yes, you can setup first DNS settings and then change CAS config.
Webinar: Cyber Crime Becomes Big Business

The rising threat of malware-as-a-service is not one to be overlooked. Malware-as-a-service is growing and easily purchased from a full-service cyber-criminal store in a “Virus Depot” fashion. Join us in our upcoming webinar as we discuss how to best defend against these attacks!

Michael MachieIT SupervisorCommented:
Here is the solution to convert from .local to FQDN for Exchange 2010. I literally just performed this process last night..

Use your own internal Exchange Server name in place of CAS1 in the below commands:

Set-ClientAccessServer -Identity CAS1 –AutodiscoverServiceInternalUri

Set-WebServicesVirtualDirectory -Identity “CAS1EWS (Default Web Site)” - InternalUrl

Set-OABVirtualDirectory -Identity “CAS1oab (Default Web Site)” –InternalUrl

Set-UMVirtualDirectory -Identity “CAS1unifiedmessaging (Default Web Site)” - InternalUrl

When done running these commands, restart IIS -OR- recycle the MSExchangeAutodiscoverAppPool

Do this off-hours as it will interrupt service briefly.
Pig_TroughAuthor Commented:
@Machienet Thank you sir. Did you need to do anything with Split DNS or PinPoint DNS as mentioned in the above article? Assume my local name for the mail server is "mail", on the lines where it says -Identity "CAS1oab" or "CAS1unifiedmessaging" will i need to type "mailoab" and "Mailunifiedmessaging" or simply just "mail". Thanks again man.
Michael MachieIT SupervisorCommented:
No, I avoided split dns like the plaque - maint. nightmare in my opinion
No PinPoint dns either.. Never even heard about that until this post actually.

yes, your are correct. Assuming the internal name is 'mail', you would type 'mailoab'.

let us know how it goes!
Pig_TroughAuthor Commented:
OK I am trying the above and i type:
Set-WebServicesVirtualDirectory -Identity “(SERVER NAME)EWS (Default Web Site)” - InternalUrl

i keep getting operation cannot be performed because it cannot find the object. How would i look up the current identity?
Michael MachieIT SupervisorCommented:
get-webservicesvirtualdirectory | FL

In the list of displayed info you will see 'Identity'. This is the identity and you may have a \between CAS servername and EWS.
[servername]\EWS (Deafult Web Site)

If that is the case you may need to use the \ in the command too.
Set-WebServicesVirtualDirectory -Identity “CAS1\EWS (Default Web Site)” - InternalUrl
Pig_TroughAuthor Commented:
It was, right after i typed that comment i found an article with the \ in it and it worked! I have not seen the Outlook error message pop up yet, so allow me the end of the day and I will close this out. Much thanks man!
Michael MachieIT SupervisorCommented:
Sweet! Looking forward to your update.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Pig_TroughAuthor Commented:
Thanks for the quick responses!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.