Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Exchange 2013 - Certificate Errors

Posted on 2016-09-30
9
Medium Priority
?
73 Views
Last Modified: 2016-10-03
I have server 2012 R2 installed with Hyper-V; one VM "2012 R2" with essential experience as the DC; one VM with Exchange 2013.
Mail is working well with OWA and Outlook.  But I have two issues:

On outlook, after connecting, we get a certificate error "The name on the security certificate is invalid or does not match the name of the site" on all clients (except one).
    What do I need to check, verify etc. ?

I cannot get "Anywhere Access" to complete on the DC server.  I am trying to use the SSL certificate issued for the Exchange which it accepts.
    Should the intermediate certificate be installed on this server ?
    Is it correct to use this SSL certificate on the DC server ?
0
Comment
Question by:Eur0star1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
9 Comments
 
LVL 27

Expert Comment

by:MAS
ID: 41823868
Hi,
Please check my article
https://www.experts-exchange.com/articles/13676/Out-Of-office-not-working.html

Please let me know if it doesnt help.
0
 
LVL 32

Expert Comment

by:Scott C
ID: 41824133
Use this to look at the specifics on your certificates.

Get-ExchangeCertificate | fl

Did you get your cert from a CA like Godaddy?

Make sure it hasn't expired.
0
 

Author Comment

by:Eur0star1
ID: 41824850
Spent some time this morning cross checking all settings using -MAS-'s article as guidance.

Current situation:  The SSL certificate is from Godaddy and has over 18 months to run.  It is assigned to services IMAP, POP, SMTP and IIS and the hosts   remote.   autodiscover.    mail.   and  servername.   are assigned.

We get certificate errors on all  'Outlook 2013'  clients  but,  the  'Outlook 2016'  client works correctly.

We also get a certificate error on using the ECP interface.

Hope the  'Outlook 2016'  gives you a clue !

Regards
Brian
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 27

Expert Comment

by:MAS
ID: 41824951
Please post the error.
0
 

Author Comment

by:Eur0star1
ID: 41825304
It's the Certificate Security Warning

"The name of the security certificate is invalid or does not match the name of the site"

displayed about 2 minutes after opening Outlook
0
 
LVL 27

Expert Comment

by:MAS
ID: 41825340
Please post the output of these commands
Get-clientAccessServer | fl Name,AutoDiscoverServiceInternalUri

Open in new window

Get-ExchangeCertificate | fl Issuer,CertificateDomains,services

Open in new window

0
 

Author Comment

by:Eur0star1
ID: 41825947
Sorry about delay;  long weekend !

As requested:

Get-clientAccessServer
Name                                                : SIKORSKY
AutoDiscoverServiceInternalUri   : https://mail.reprotec-ltd.co.uk/autodiscover/autodiscover.xml

Get-ExchangeCertificate
Issuer                        : CN=Go Daddy Secure Certificate Authority - G2,
                                     OU=http://certs.godaddy.com/repository/,
                                     O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US
CertificateDomains : {remote.reprotec-ltd.co.uk,  www.remote.reprotec-ltd.co.uk,
                                      mail.reprotec-ltd.co.uk, sikorsky.reprotec-ltd.co.uk,
                                      autodiscover.reprotec-ltd.co.uk}
Services                     : IMAP, POP, IIS, SMTP

Issuer                         : CN=sikorsky.reprotec-ltd.co.uk
CertificateDomains : {sikorsky.reprotec-ltd.co.uk, autodiscover.reprotec-ltd.co.uk,
                                      remote.reprotec-ltd.co.uk,  mail.reprotec-ltd.co.uk}
Services                     : IMAP, POP, SMTP

Issuer                         : CN=sikorsky.reprotec.local
CertificateDomains : {sikorsky.reprotec.local}
Services                     : SMTP

Issuer                        : CN=sikorsky.reprotec.local
CertificateDomains : {sikorsky.reprotec.local}
Services                     : None

Issuer                        : CN=Microsoft Exchange Server Auth Certificate
CertificateDomains : {}
Services                     : SMTP

Issuer                         : CN=Sikorsky
CertificateDomains : {Sikorsky, Sikorsky.REPROTEC.local}
Services                     : IIS, SMTP

Issuer                         : CN=WMSvc-SIKORSKY
CertificateDomains : {WMSvc-SIKORSKY}
Services                     : None

Regards
Brian
0
 
LVL 27

Accepted Solution

by:
MAS earned 2000 total points
ID: 41826190
Your config seems fine.
Please try to create a new outlook profile and let me know.

Thanks
MAS
0
 

Author Closing Comment

by:Eur0star1
ID: 41826321
After checking various settings -MAS- the long standing issue was resolved after rebuilding the profiles.

Thanks

Brian
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question