Installed New Exchange Certificate now getting Pop up Errors on all Desktops

What would be causing this and how can I fix it.

Please see attached.

Cjoego
Certificate-error.JPG
Joseph SalazarVice President - Senior IT ConsultantAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

LearnctxEngineerCommented:
It means that the name of the certificate does not match the name of the site as the error says. An example of this happening would be. Does the certificate common name match the FQDN the clients are connecting to? Are there any alternate names that need to be added to the certificate? Check the Subject Alternate Name attribute on the previous certificate and make sure you've covered off the names.

A different but real world example of this occurring would be https://www.news.com.au. They have SSL enabled but the certificate common name is pointing to their CDN address and there is no alternate names for www.news.com.au.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
nashiookaCommented:
Indeed you need a "valid" certificate, it must have the names by which it is being access on in the Subject Alternative Names (SAN) field of the certificate.  It cannot be expired or otherwise invalid either.  You must make sure it's activated for the IIS services too, simply importing it isn't enough.  After importing, which I'm assuming has already been done I would usually use a command like:

Enable-ExchangeCertificate -Thumbprint <VeryLongThumprintNumber> `
 -Services IIS,POP,IMAP,SMTP -Force

Open in new window


A typical Exchange certificate would have at least 2 names:
1) mail.company.com
2) autodiscover.company.com

Make sure to set internal & external url properties for the various virtual directories.  Just which ones to do may depend on your design.  But I would at least check EWS and OAB.

Also important to make sure the AutoDiscoverServiceInternalUri property on your CAS servers is set to match the name on the cert.  This URL is stored in AD and used by Outlook for the autodiscover process.  Make sure that property is set to match the name on the cert.  so in our example it should be:

https://mail.company.com/autodiscover/autodiscover.xml

Get-ClientAccessServer | ft Name,AutoDiscoverServiceInternalUri

Open in new window


Namespace design is actually a pretty big topic area, so I'm sure I'm not doing it justice above.  Let me know how it goes.

https://technet.microsoft.com/en-us/library/dd351198(v=exchg.141).aspx

https://technet.microsoft.com/en-us/library/bb310763(v=exchg.141).aspx
Joseph SalazarVice President - Senior IT ConsultantAuthor Commented:
I will try it out
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

MASEE Solution Guide - Technical Dept HeadCommented:
Joseph SalazarVice President - Senior IT ConsultantAuthor Commented:
I will try Yours Tonight MAS
Joseph SalazarVice President - Senior IT ConsultantAuthor Commented:
Ended up hiring an Exchange pro to fix it for me
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.