• Status: Solved
  • Priority: Low
  • Security: Public
  • Views: 78
  • Last Modified:

.local cert warning wont go away.

I am in desperate need of help. Here is the full story. We are upgrading from exchange 2010 to exchange 2016. There are 4 exchange 2010 servers. A, 1 primary exchange with main send and receive connectors.
B and C, 2 local exchange that have an internal replay to the primary
DR is the backup exchange

I installed a new Exchange 2016 and set the virtual directories of OWA for internal and external. The Primary exchange (A), has outlook anywhere installed. B and C have it pointing back to itself for all virtual directories. and DR exchange does the same thing.

After the install, Primary exchange A and new ex2016 did not show any problems. But site B and C were unable to connect to exchange outside of our network. Easy fix was to move them to over to the new exchange. Issue, somewhat solved.

Now comes a new problem. I installed an exchange 2016 DR server and created a DAG but I am getting these pop ups cert error
I have a split DNS on site. I looked into changing the _autodiscover SRV file to point from the old exchange DR to the new exchange DR but, I can't do that as we are not fully migrated over. When i open up outlook, it seems to want to connect to my sa-exdr-p01 via MAPI. I'm not sure why it keeps trying to auto connect to it. If I hit no on the cert, It will connect to my OWA. If I hit yes, it will still connect but instead of going to OWA MAPI, it will connect to sa-exdr-p01 mapi. Mail still flows in and out. No problem.

I'm completely lost at what i can do. I have tried to redo the wildcard cert to get it to access the .local domain but that didn't work. I haven't tried doing it without the wildcard. But I'm not sure if that would work.

I need to add another FE exchange, but I cant move on until this issue is fixed.

Tech:
Exchange 2010 on Server 2008 sp3 outlook anywhere enabled on Primary A server
Exchange 2016 on Server 2012 outlook anywhere and all virtual directorys point to OWA (except for DR exchange, only internal points to itself)
Attached is all the VD for each server.
EnvironmentBackup.txt
0
Kenny Placido
Asked:
Kenny Placido
  • 5
  • 3
1 Solution
 
viktor grantExchange ServersCommented:
Hi Kenny,

Now the mailbox that are receiving the prompt. Where are the users located in Exchange 2010 or Exchange 2016?

If you migrated a user test to Exchange 2016, do you have the error?

Cheers
Viktor
0
 
Kenny PlacidoSr System AdministratorAuthor Commented:
The prompt is only happening to users on that are on the exchange 2016, not the old exchange 2010.
0
 
viktor grantExchange ServersCommented:
HI Kenny,

And did you installed Exchange certificate in all the servers?

The Outlook providers are correctly configured since the certificate is wildcard.

Cheers
Viktor
0
On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

 
Kenny PlacidoSr System AdministratorAuthor Commented:
On the old 2010 exchanges, the certs are already installed. On the new 2016 Primary, it is installed correctly. On the 206 DR, it is also installed correctly with service for IIS and SMTP. However, the SAN is only for *.company.com, owa.company.com, autodiscover.company.com, company.com. And they are all wildcard.
0
 
viktor grantExchange ServersCommented:
Hi Kenny,

The prompt appears in Outlook domain joined or externally?

At this moment DNS are pointing to Exchange 2016 primary and Exchange 2016 DR?

Cheers
Viktor
0
 
Kenny PlacidoSr System AdministratorAuthor Commented:
So far it is only on domain joined outlook. I dont see the error on my phone or when I am at home.

The DNS was pointed to exchange 2010 primary A, but after we installed the new 2016. We moved the OWA to the new 2016 server. However, that caused in issue on site B and C. So moved OWA and autodiscover to point to out external DNS IP for OWA.

Hope that made sense.
0
 
Kenny PlacidoSr System AdministratorAuthor Commented:
Figured out the issue. It was the cname. I didnt have a .local point to a .com in the name. I did:
sa-exdr-p01.company.com to sa-exdr-p01.company.local. Solved the issue
0
 
Kenny PlacidoSr System AdministratorAuthor Commented:
I figured it out on my own
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now