Usman Afzal
asked on
The name of the security certificate is invalid or does not match the name of the site error?
Dear All,
Outlook 2013 Clients are getting following message after starting their outlook,
The name of the security certificate is invalid or does not match the name of the site error?
I have check my internal URL and external URL, both are fine and properly configured.
i have check DNS records its correct.
i have checked serviceBindingInformation and found correct
when opening XML file, getting following message
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response>
<Error Time="10:14:11.2991610" Id="25892145">
<ErrorCode>600</ErrorCode>
<Message>Invalid Request</Message>
<DebugData/>
</Error>
</Response>
</Autodiscover>
Please advice, is there is problem with redirection or any thing else is missing
Thanks
Outlook 2013 Clients are getting following message after starting their outlook,
The name of the security certificate is invalid or does not match the name of the site error?
I have check my internal URL and external URL, both are fine and properly configured.
i have check DNS records its correct.
i have checked serviceBindingInformation and found correct
when opening XML file, getting following message
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response>
<Error Time="10:14:11.2991610" Id="25892145">
<ErrorCode>600</ErrorCode>
<Message>Invalid Request</Message>
<DebugData/>
</Error>
</Response>
</Autodiscover>
Please advice, is there is problem with redirection or any thing else is missing
Thanks
When you open webmail URL in browser, do you get same certificate error or any warning?
ASKER
Dear Amit,
for webmail, Its working fine and its showing my local server FQDN not mail.xyz.com
In Certifacte i have ,
mail.xyz.com
autodiscover.xyz.com
webmail.xyz.com
Thanks,
for webmail, Its working fine and its showing my local server FQDN not mail.xyz.com
In Certifacte i have ,
mail.xyz.com
autodiscover.xyz.com
webmail.xyz.com
Thanks,
Use below command and check which certificate is assigned to IIS services, IIS services will be identified as "W"
Note: this command is to be ran on all CAS servers in AD site in subject.
Get-ExchangeCertificate | ft -AutoSize
Note: this command is to be ran on all CAS servers in AD site in subject.
ASKER
Here is the output and Yes its assigned correctly
[PS] C:\Windows\system32>Get-Ex changeCert ificate | ft -AutoSize
Thumbprint Services Subject
4EB2797528BD6C56C002EBF8F6 7BB4DE41D3 A7AF IP.WS.. CN=mail.grandstores.ae, OU=Domain Control Validated
A606A0E6CA29A217FD8331DC98 148B1FF9CB 60B2 ....S.. CN=GSEXCHMC1
4AC9550087E9A386C9D413C9D0 E7C75E9399 9969 ....S.. CN=GSEXCHMC1.grandstores.a e
7B88F9C41FEB51D94C39466D3E 55522E73FD 52CC ....SF. CN=Federation
Thanks,
[PS] C:\Windows\system32>Get-Ex
Thumbprint Services Subject
4EB2797528BD6C56C002EBF8F6
A606A0E6CA29A217FD8331DC98
4AC9550087E9A386C9D413C9D0
7B88F9C41FEB51D94C39466D3E
Thanks,
So what happens when you open your webmail using this URL: https://mail.grandstores.ae/owa or https://webmail.grandstores.ae/owa?
Does this give you an error or it redirects to Server name?
Also you have only one CAS server?
Does this give you an error or it redirects to Server name?
Also you have only one CAS server?
good day usman
have you reviewed this article from Microsoft yet
https://support.microsoft.com/en-us/help/2772058/-the-name-on-the-security-certificate-is-invalid-or-does-not-match-the
also verify that all your Exchange Servers are using the same URL i.e. like OWA /Autodiscover etc.
have you reviewed this article from Microsoft yet
https://support.microsoft.com/en-us/help/2772058/-the-name-on-the-security-certificate-is-invalid-or-does-not-match-the
also verify that all your Exchange Servers are using the same URL i.e. like OWA /Autodiscover etc.
ASKER
Dear Amit,
I have two Cas servers and i am using " mail,grandstores.ae" with CNAME on webmail.grandstores.ae
Owa having no issues @ all
Dear Shaun,
i tired already the same but no luck
Thanks,
I have two Cas servers and i am using " mail,grandstores.ae" with CNAME on webmail.grandstores.ae
Owa having no issues @ all
Dear Shaun,
i tired already the same but no luck
Thanks,
Are all the PCs using outlook facing same issue or specific one?
also verify your virtual directories urls used and all your exchange servers.
Get-ActiveSyncVirtualDirec tory | fl internalurl,externalurl
Get-AutoDiscoverVirtualDir ectory | fl internalurl,externalurl
Get-ECPVirtualDirectory | fl internalurl,externalurl
Get-OabVirtualDirectory | fl internalurl,externalurl
Get-WebServicesVirtualDire ctory | fl internalurl,externalurl
Get-ActiveSyncVirtualDirec
Get-AutoDiscoverVirtualDir
Get-ECPVirtualDirectory | fl internalurl,externalurl
Get-OabVirtualDirectory | fl internalurl,externalurl
Get-WebServicesVirtualDire
ASKER
Dear Shaun,
virtual directories urls are correct
InternalUrl : https://mail.grandstores.ae/Autodiscover/Autodiscover.xml
ExternalUrl : https://mail.grandstores.ae/Autodiscover/Autodiscover.xml
Thanks,
virtual directories urls are correct
InternalUrl : https://mail.grandstores.ae/Autodiscover/Autodiscover.xml
ExternalUrl : https://mail.grandstores.ae/Autodiscover/Autodiscover.xml
Thanks,
You experiencing the issue on multiple pc using outlook ?
ASKER
PC having outlook 2013 Only or 2016.
Note :- Most of my client machine having outlook 2007 and 2010
Note :- Most of my client machine having outlook 2007 and 2010
Are PC using 2013 or 2016 in domain or using work group?
If they are in work group then you may need to install root chain certificate because your certificate is signed by internal CA as per given results of Certificate command.
If they are in work group then you may need to install root chain certificate because your certificate is signed by internal CA as per given results of Certificate command.
ASKER
All systems are in Domain :)
Can you provide screenshot of error shows in outlook, click on view certificate and provide screenshot of General and Certificate Path?
I doubt if this machine has root certificate chain installed.
I doubt if this machine has root certificate chain installed.
hi usman , can you verify that your SAN names match that of your URL's specified in exchange
also check the following
https://blogs.technet.microsoft.com/danielkenyon-smith/2010/05/13/the-name-on-the-security-certificate-is-invalid-or-does-not-match-the-name-of-the-site-part-2/
run : get-ClientAccessServer |fl
verify if you are using the mail.grand in the Autodiscover url .
https://blogs.technet.microsoft.com/danielkenyon-smith/2010/05/13/the-name-on-the-security-certificate-is-invalid-or-does-not-match-the-name-of-the-site-part-2/
run : get-ClientAccessServer |fl
verify if you are using the mail.grand in the Autodiscover url .
ASKER
Dear shaun,
AutoDiscoverServiceClassNa me : ms-Exchange-AutoDiscover-S ervice
AutoDiscoverServiceInterna lUri : https://mail.grandstores.ae/Autodiscover/Autodiscover.xml
Its correct
AutoDiscoverServiceClassNa
AutoDiscoverServiceInterna
Its correct
Please run below command and see what it gives you:
Get-OutlookProvider | ft -autosize
Ideally EXPR must match with Certificate Principal Name.
So if this is diff. you need to set it as :
Set-OutlookProvider EXPR -CertPrincipalName msstd:mail.grandstores.ae
Get-OutlookProvider | ft -autosize
Ideally EXPR must match with Certificate Principal Name.
So if this is diff. you need to set it as :
Set-OutlookProvider EXPR -CertPrincipalName msstd:mail.grandstores.ae
can you use the following to test your certificates .
https://gallery.technet.microsoft.com/Exchange-2010-2013-2016-a6156d87
https://gallery.technet.microsoft.com/Exchange-2010-2013-2016-a6156d87
ASKER
Dear Amit,
Its correct
Name Server CertPrincipalName TTL
---- ------ ----------------- ---
EXCH msstd:mail.grandstores.ae 1
EXPR msstd:mail.grandstores.ae 1
Its correct
Name Server CertPrincipalName TTL
---- ------ ----------------- ---
EXCH msstd:mail.grandstores.ae 1
EXPR msstd:mail.grandstores.ae 1
ASKER
Dear Shaun,
not able to open the link,
not able to open the link,
Find attached script:
Test-ExchangeCertificate.ps1.txt
Test-ExchangeCertificate.ps1.txt
Check the URLs for all of your Virtual Directories to make sure they are all pointing to something that matches the certificate's CN or SAN FQDN. If you're using Exchange 2013 with the latest updates or Exchange 2016, also make sure to check and change the values for the mapi virtual directory (get-mapivirtualdirectory / set-mapivirtualdirectory). I generally recommend that all URLs (internal and external) be set to the same value, since it reduces confusion and issues with autodiscover.
ASKER
Dear Ada,
Thanks for your replay,
configration on Mapi virual Drives are correct, Internal or extarnal url;s are correct
Dear Amit,
Script is not working ( dont know why) even i have tried the following like
https://gallery.technet.microsoft.com/office/Exchange-2010-2013-2016-a6156d87
Thanks,
Thanks for your replay,
configration on Mapi virual Drives are correct, Internal or extarnal url;s are correct
Dear Amit,
Script is not working ( dont know why) even i have tried the following like
https://gallery.technet.microsoft.com/office/Exchange-2010-2013-2016-a6156d87
Thanks,
Any error while running script?
can you provide the error you are getting for the script , right click the .ps1 file and unlock then run in EMS
ASKER
It's just disappointing.. Means noting happening..
End up without any information
Guys, what if I add one SAN in certificate?
End up without any information
Guys, what if I add one SAN in certificate?
hi Usman, i kno wi have asked before , please provide out put from below commands
Get-EcpVirtualDirectory |ft InternalUrl,ExternalUrl
Get-OwaVirtualDirectory |ft InternalUrl,ExternalUrl
Get-WebServicesVirtualDire ctory |ft InternalUrl,ExternalUrl
Get-ActiveSyncVirtualDirec tory |ft InternalUrl,ExternalUrl
Get-OabVirtualDirectory |ft InternalUrl,ExternalUrl
Get-ClientAccessServer |ft InternalUrl,ExternalUrl
Get-EcpVirtualDirectory |ft InternalUrl,ExternalUrl
Get-OwaVirtualDirectory |ft InternalUrl,ExternalUrl
Get-WebServicesVirtualDire
Get-ActiveSyncVirtualDirec
Get-OabVirtualDirectory |ft InternalUrl,ExternalUrl
Get-ClientAccessServer |ft InternalUrl,ExternalUrl
ASKER
Outlook Anywhere
- Internal: mail.grandstores.ae
- External: mail.grandstores.ae
Outlook Web App
- Internal: https://mail.grandstores.ae/owa
- External: https://mail.grandstores.ae/owa
Exchange Control Panel
- Internal: https://mail.grandstores.ae/ecp
- External: https://mail.grandstores.ae/ecp
Offline Address Book
- Internal: https://mail.grandstores.ae/OAB
- External: https://mail.grandstores.ae/OAB
Exchange Web Services
- Internal: https://mail.grandstores.ae/ews/Exchange.asmx
- External: https://mail.grandstores.ae/ews/exchange.asmx
MAPI
- Internal: https://mail.grandstores.ae/mapi
- External: https://mail.grandstores.ae/mapi
ActiveSync
- Internal: https://mail.grandstores.ae/Microsoft-Server-ActiveSync
- External: https://mail.grandstores.ae/Microsoft-Server-ActiveSync
Autodiscover
- Internal SCP: https://mail.grandstores.ae/autodiscover/autodiscover.xml
- Internal: mail.grandstores.ae
- External: mail.grandstores.ae
Outlook Web App
- Internal: https://mail.grandstores.ae/owa
- External: https://mail.grandstores.ae/owa
Exchange Control Panel
- Internal: https://mail.grandstores.ae/ecp
- External: https://mail.grandstores.ae/ecp
Offline Address Book
- Internal: https://mail.grandstores.ae/OAB
- External: https://mail.grandstores.ae/OAB
Exchange Web Services
- Internal: https://mail.grandstores.ae/ews/Exchange.asmx
- External: https://mail.grandstores.ae/ews/exchange.asmx
MAPI
- Internal: https://mail.grandstores.ae/mapi
- External: https://mail.grandstores.ae/mapi
ActiveSync
- Internal: https://mail.grandstores.ae/Microsoft-Server-ActiveSync
- External: https://mail.grandstores.ae/Microsoft-Server-ActiveSync
Autodiscover
- Internal SCP: https://mail.grandstores.ae/autodiscover/autodiscover.xml
ASKER
any luck '?
ASKER
ipts2013\Get-CASHealth.ps1 -master>Ge t-ServerCo mponentSta te -Identity <Sever>
Component State
--------- -----
ServerWideOffline Active
HubTransport Active
FrontendTransport Active
Monitoring Active
RecoveryActionsEnabled Active
AutoDiscoverProxy Active
ActiveSyncProxy Active
EcpProxy Active
EwsProxy Active
ImapProxy Inactive
OabProxy Active
OwaProxy Active
PopProxy Inactive
PushNotificationsProxy Active
RpsProxy Active
RwsProxy Active
RpcProxy Active
UMCallRouter Active
XropProxy Active
HttpProxyAvailabilityGroup Active
ForwardSyncDaemon Inactive
ProvisioningRps Inactive
MapiProxy Active
EdgeTransport Active
HighAvailability Active
SharedCache Active
Might be IMAPI Proxy is not active ?
Component State
--------- -----
ServerWideOffline Active
HubTransport Active
FrontendTransport Active
Monitoring Active
RecoveryActionsEnabled Active
AutoDiscoverProxy Active
ActiveSyncProxy Active
EcpProxy Active
EwsProxy Active
ImapProxy Inactive
OabProxy Active
OwaProxy Active
PopProxy Inactive
PushNotificationsProxy Active
RpsProxy Active
RwsProxy Active
RpcProxy Active
UMCallRouter Active
XropProxy Active
HttpProxyAvailabilityGroup
ForwardSyncDaemon Inactive
ProvisioningRps Inactive
MapiProxy Active
EdgeTransport Active
HighAvailability Active
SharedCache Active
Might be IMAPI Proxy is not active ?
can you post from the machine having the issue a screenshot of the test email autoconfiguration
can you manually install the exchange certificate in the root certificate authority of the faulty machine
ASKER
Still the same :(
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Dear All,
The Problem has been Solved.
Problem was with Certificate, my certificate was revoked by Go Daddy (for some reasons)
after installing proper certificate, it work fine
The Problem has been Solved.
Problem was with Certificate, my certificate was revoked by Go Daddy (for some reasons)
after installing proper certificate, it work fine