Solved

Exchange 2016 certificate issues

Posted on 2016-10-10
4
46 Views
Last Modified: 2016-10-11
Before, we had an exchange server with 2 NICs: 1 internal LAN, 1 external WAN.
The LAN was linked to our active directory domain server. It used an internal IP and hostname (mydomain.corp)
We have changed our network. We now use 1 interface, WAN only. (yes, it is secured, hosted).

However, since then, we keep getting SSL certificate errors when starting outlook.
We have an external hostname: https://remote.myfqdn.com/ , which runs a Geotrust EV certificate.
I have that as IIS binding.

The complaint however is about the exchange.mydomain.corp interface. (private).
This is a local hostname, and is locally used (used inside the domain).
Before, I could bind it to 2 seperate interfaces: One to my 10.0.0.0/8 interface LAN, and the other to the WAN.
Now, that is not possible.

How can I stop this annoying error?
0
Comment
Question by:redworks
  • 2
  • 2
4 Comments
 
LVL 40

Expert Comment

by:Adam Brown
ID: 41837667
Most likely you just need to reconfigure your Active Directory Autodiscover SCP settings. http://wp.me/pUCB5-7X has more info.
0
 

Author Comment

by:redworks
ID: 41838899
Thanks for your response. I have already tried all of those, using powershell. Interesting article though. Same thing, but different approach.
0
 
LVL 40

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 41838904
Okay. If you hold CTRL and right click the Outlook window in the notifications area (By the windows clock in the lower right), it will show an option to test Autoconfiguration in the context menu. Run that test to get an idea of what exactly is failing.
0
 

Author Comment

by:redworks
ID: 41838982
Great advise :)
It seems I forgot one of the many, many URLs.

The Internal HTTP MAPI URL was still going to mydomain.corp.
Fixed that, restarted services. Did not work. Rebooted server, worked!
0

Featured Post

Backup Solution for AWS

Read about how CloudBerry Backup fully integrates your backups with Amazon S3 and Amazon Glacier to provide military-grade encryption and dramatically cut storage costs on any platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question