Kenny Placido
asked on
.local cert warning wont go away.
I am in desperate need of help. Here is the full story. We are upgrading from exchange 2010 to exchange 2016. There are 4 exchange 2010 servers. A, 1 primary exchange with main send and receive connectors.
B and C, 2 local exchange that have an internal replay to the primary
DR is the backup exchange
I installed a new Exchange 2016 and set the virtual directories of OWA for internal and external. The Primary exchange (A), has outlook anywhere installed. B and C have it pointing back to itself for all virtual directories. and DR exchange does the same thing.
After the install, Primary exchange A and new ex2016 did not show any problems. But site B and C were unable to connect to exchange outside of our network. Easy fix was to move them to over to the new exchange. Issue, somewhat solved.
Now comes a new problem. I installed an exchange 2016 DR server and created a DAG but I am getting these pop ups
I have a split DNS on site. I looked into changing the _autodiscover SRV file to point from the old exchange DR to the new exchange DR but, I can't do that as we are not fully migrated over. When i open up outlook, it seems to want to connect to my sa-exdr-p01 via MAPI. I'm not sure why it keeps trying to auto connect to it. If I hit no on the cert, It will connect to my OWA. If I hit yes, it will still connect but instead of going to OWA MAPI, it will connect to sa-exdr-p01 mapi. Mail still flows in and out. No problem.
I'm completely lost at what i can do. I have tried to redo the wildcard cert to get it to access the .local domain but that didn't work. I haven't tried doing it without the wildcard. But I'm not sure if that would work.
I need to add another FE exchange, but I cant move on until this issue is fixed.
Tech:
Exchange 2010 on Server 2008 sp3 outlook anywhere enabled on Primary A server
Exchange 2016 on Server 2012 outlook anywhere and all virtual directorys point to OWA (except for DR exchange, only internal points to itself)
Attached is all the VD for each server.
EnvironmentBackup.txt
B and C, 2 local exchange that have an internal replay to the primary
DR is the backup exchange
I installed a new Exchange 2016 and set the virtual directories of OWA for internal and external. The Primary exchange (A), has outlook anywhere installed. B and C have it pointing back to itself for all virtual directories. and DR exchange does the same thing.
After the install, Primary exchange A and new ex2016 did not show any problems. But site B and C were unable to connect to exchange outside of our network. Easy fix was to move them to over to the new exchange. Issue, somewhat solved.
Now comes a new problem. I installed an exchange 2016 DR server and created a DAG but I am getting these pop ups
I have a split DNS on site. I looked into changing the _autodiscover SRV file to point from the old exchange DR to the new exchange DR but, I can't do that as we are not fully migrated over. When i open up outlook, it seems to want to connect to my sa-exdr-p01 via MAPI. I'm not sure why it keeps trying to auto connect to it. If I hit no on the cert, It will connect to my OWA. If I hit yes, it will still connect but instead of going to OWA MAPI, it will connect to sa-exdr-p01 mapi. Mail still flows in and out. No problem.
I'm completely lost at what i can do. I have tried to redo the wildcard cert to get it to access the .local domain but that didn't work. I haven't tried doing it without the wildcard. But I'm not sure if that would work.
I need to add another FE exchange, but I cant move on until this issue is fixed.
Tech:
Exchange 2010 on Server 2008 sp3 outlook anywhere enabled on Primary A server
Exchange 2016 on Server 2012 outlook anywhere and all virtual directorys point to OWA (except for DR exchange, only internal points to itself)
Attached is all the VD for each server.
EnvironmentBackup.txt
ASKER
The prompt is only happening to users on that are on the exchange 2016, not the old exchange 2010.
HI Kenny,
And did you installed Exchange certificate in all the servers?
The Outlook providers are correctly configured since the certificate is wildcard.
Cheers
Viktor
And did you installed Exchange certificate in all the servers?
The Outlook providers are correctly configured since the certificate is wildcard.
Cheers
Viktor
ASKER
On the old 2010 exchanges, the certs are already installed. On the new 2016 Primary, it is installed correctly. On the 206 DR, it is also installed correctly with service for IIS and SMTP. However, the SAN is only for *.company.com, owa.company.com, autodiscover.company.com, company.com. And they are all wildcard.
Hi Kenny,
The prompt appears in Outlook domain joined or externally?
At this moment DNS are pointing to Exchange 2016 primary and Exchange 2016 DR?
Cheers
Viktor
The prompt appears in Outlook domain joined or externally?
At this moment DNS are pointing to Exchange 2016 primary and Exchange 2016 DR?
Cheers
Viktor
ASKER
So far it is only on domain joined outlook. I dont see the error on my phone or when I am at home.
The DNS was pointed to exchange 2010 primary A, but after we installed the new 2016. We moved the OWA to the new 2016 server. However, that caused in issue on site B and C. So moved OWA and autodiscover to point to out external DNS IP for OWA.
Hope that made sense.
The DNS was pointed to exchange 2010 primary A, but after we installed the new 2016. We moved the OWA to the new 2016 server. However, that caused in issue on site B and C. So moved OWA and autodiscover to point to out external DNS IP for OWA.
Hope that made sense.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I figured it out on my own
Now the mailbox that are receiving the prompt. Where are the users located in Exchange 2010 or Exchange 2016?
If you migrated a user test to Exchange 2016, do you have the error?
Cheers
Viktor