pyotrek
asked on
Certificate error issue after migration to office 365
I have a situation where I migrated small client to Office 365 from "on site Exchange 2010", and now when the previously installed SSL certificate expired - users are prompted with Certificate error on opening of the Outlook.
the name on certificate refers to old mx record host "mail.domain.com"
I have checked the DNS records for this domain and I do not see any references to the host anymore.
I guess I could just renew the SSL certificate, but I do want to retire the old Exchange server, and do not really want to pay for unnecessary certificate.
Any ideas?
the name on certificate refers to old mx record host "mail.domain.com"
I have checked the DNS records for this domain and I do not see any references to the host anymore.
I guess I could just renew the SSL certificate, but I do want to retire the old Exchange server, and do not really want to pay for unnecessary certificate.
Any ideas?
ASKER
MAS: This is not hybrid installation.
The old Exchange is not in use anymore (but still present on the network)
The old Exchange is not in use anymore (but still present on the network)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
That error means, Exchange server does not have a valid certificate, you need to issue one via a DNS provider or some sort:
Follow this steps:
1- create an digital certificate file CRT in your exchange.
2- Make sure you have added the follows: Mail.Mydomain.com, Autodiscover.Mydomain.com
3- Buy a SAN certificate in this website "namecheap.com"
4- Issue the certificate.
5- Install it and apply it to your exchange server.
Afterwards everything should be running smooth.
Cheers,
Follow this steps:
1- create an digital certificate file CRT in your exchange.
2- Make sure you have added the follows: Mail.Mydomain.com, Autodiscover.Mydomain.com
3- Buy a SAN certificate in this website "namecheap.com"
4- Issue the certificate.
5- Install it and apply it to your exchange server.
Afterwards everything should be running smooth.
Cheers,
Please chekc URL in Vasil's comment above which will clear ur issue if you dont have any mailbox onpremise.
ASKER
Vasil Michev: As part of migration I have removed autodiscover virtual directory from "old" server, but I guess SCP is something different?! correct.
Can I just disable it - I have no plans on bringing this "old" exchange server into production.
Unfortunately there are still some "redirected shared folders" on it that will take time to migrate - so it will be alive for some time.
Can I just disable it - I have no plans on bringing this "old" exchange server into production.
Unfortunately there are still some "redirected shared folders" on it that will take time to migrate - so it will be alive for some time.
ASKER
MAS: reading through it now.
ASKER
OK - I think I got it.
Since I did not know what the SCP is - I googled it and got this:
https://cloudiffic.com/service-connection-point-scp-in/
This article shows how to get to attributes of Service Connection Point (SCP) In Exchange 2010.
In this case it the SCP attribute for serviceBindingInformation on "local" Exchange Administrative Group (the old Exchange 2010 that is about to be completely retired was showing:
https://mail.domain.com/autodiscover/autodiscover.xml
I figured that I will try to change it to see what will happen and I changed it to:
*.outlook.com
and the outlook does not bring that error anymore.
Since I did not know what the SCP is - I googled it and got this:
https://cloudiffic.com/service-connection-point-scp-in/
This article shows how to get to attributes of Service Connection Point (SCP) In Exchange 2010.
In this case it the SCP attribute for serviceBindingInformation on "local" Exchange Administrative Group (the old Exchange 2010 that is about to be completely retired was showing:
https://mail.domain.com/autodiscover/autodiscover.xml
I figured that I will try to change it to see what will happen and I changed it to:
*.outlook.com
and the outlook does not bring that error anymore.
ASKER
Thanks for quick response.
removing the value in serviceBindingInformation makes the Outlook start even faster.
removing the value in serviceBindingInformation makes the Outlook start even faster.
i.e. you need a certificate for Exchange 2010 for an error free outlook