Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

SSL Cert Popup during Exchange Migration

Posted on 2016-09-19
7
70 Views
Last Modified: 2016-09-26
We are migrating a customer currently using exchange on a server that acts as their DC and houses AD.  We are migrating them to a hosted exchange system provided by us.  The problem is when we configure the new profiles in outlook with the new mailboxes, we get an autodiscover certificate popup that appears to come from the old server.  
"The name on the security certificate is invalid or does not match the name of the site."
The issued to and by state the old server name.

The certificate popup includes a .local SAN


Is there a way to alleviate this or turn of the cert within the eac on the old server to stop it from happening?
0
Comment
Question by:johnpatbullock
  • 4
  • 3
7 Comments
 
LVL 16

Accepted Solution

by:
Ivan earned 500 total points
ID: 41805539
Hello,

since the client has Exchange in-house, as soon as you configure Outlook, it is going to pull autodiscover information via SCP (from AD), and that is going to point to old exchange.

You can check autodiscover configuration via:
Get-ClientAccessService | Select AutodiscoverServiceInternalUri
or
Get-ClientAccessServer | Select AutodiscoverServiceInternalUri

It is going to be something like https://OLDservername.domain.com/autodiscover/autodiscover.xml

You could disable it via:
(For Exchange 2016)
[PS] C:\> Set-ClientAccessService -Identity “OLDservername” -AutoDiscoverServiceInternalUri $NULL
or
(For Exchange 2010-2013)
[PS] C:\> Set-ClientAccessServer -Identity “OLDservername” -AutoDiscoverServiceInternalUri $NULL

OLDservername is NetBIOS, not FQDN.

Did you reconfigure DNS so that autodiscover.domain.name is pointing to new Exchange?
Hosted Exchange is what version? Are you manually creating profiles or is autodiscover doing this for you?

PS: Is this happening both for internal and external clients?

Regards,
Ivan.
1
 

Author Comment

by:johnpatbullock
ID: 41805550
I tried to disable the autodiscover service earlier by using that command you gave me and it didnt appear to do anything.  I did this on the old in house server.

However I did just find an autodiscover entry in the internal dns on the old server.  Could that be doing it?
0
 
LVL 16

Assisted Solution

by:Ivan
Ivan earned 500 total points
ID: 41805558
Hi,

if autodiscover servis is disabled (this will be queried first), then if you have DNS record for autodiscover it will be queried after. So, yes, that is going to point your clients to old server.

If you run command below, it should return empty value. That will be sign that service is disabled, and that DNS record is pointing clients to old server.
Get-ClientAccessService | Select AutodiscoverServiceInternalUri
 or
 Get-ClientAccessServer | Select AutodiscoverServiceInternalUri

Regards,
Ivan.
1
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:johnpatbullock
ID: 41805620
it gave me a

AutoDiscoverServiceInternalUri
_________________________________
0
 
LVL 16

Assisted Solution

by:Ivan
Ivan earned 500 total points
ID: 41805627
Yes, that means it is disabled.
Reconfigure DNS to point to your new Exchange.

If you remove it, then Outlook 2016 will not be able to connect, as it is using autodiscover.
0
 

Author Comment

by:johnpatbullock
ID: 41816095
Thank you for the help Ivan, It did end up being the internal DNS on the old server that was the issue.  Changed the autodiscover values in there and the problem went away!  

Thanks!
0
 
LVL 16

Expert Comment

by:Ivan
ID: 41816207
You are welcome :)
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
Read this checklist to learn more about the 15 things you should never include in an email signature.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question