Added 2 2016 Exchange Servers - Certificate Warning.

Charlie Fraser
Charlie Fraser used Ask the Experts™
on
I have 1 on Prem Exchange 2013 servers and I'm trying to migrate to Exchange 2016. I moved my mailbox to one of the new servers and now I get a certificate warning only when I connect to exchange using Outlook connected to the corporate network. All of the internal uri's are pointing to the internet fqdn. The SAN cert is complaining that the local exchange server isn't in the SAN cert which it isn't. This works no problem for the Exchange 2013 server. Is there another setting I'm missing? Thanks in advance.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Charlie FraserSystems Engineer

Author

Commented:
I changed the outlookanywhere setting for the new server where my mailbox is on and I still get the certificate error.
AmitIT Architect
Distinguished Expert 2017

Commented:
You need to apply certificate on your new Exchange 2016 server as well. You can export from your Exchange 2013 server and import on your Exchange 2016, assign the services, what you have assigned in Exchange 2013. And you should be good to go.
Charlie FraserSystems Engineer

Author

Commented:
I installed the SSL cert from the 2013 server before I did anything else. My problem is that when I connect with Outlook on the corporate network it's telling me that the AD fqdn of the server ie: Exchangeserver2.ADdomain.inetdomain.com  The SAN cert has mail.inetdomain.com, autodiscover.inetdomain.com. and inetdomain.com. Again, this certificate is working fine with the 2013 server it's just when I connect via outlook on the corporate network.
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Edward van BiljonMessaging and Collaboration Technical Lead (Exchange MVP & MCT)

Commented:
Did you check the bindings in IIS to ensure the new certificate is used?
Charlie FraserSystems Engineer

Author

Commented:
Yes the default site is using the SAN cert "mail.mydomain.com".
Systems Engineer
Commented:
It took a while, but I figured it out. I ended up having to make sure all the virtual directories were set to the external FQDN which is listed in the SAN cert. I think changing the url for the EWS virtual directory is what fixed it. I had to restart my computer to clear the cache before the issue stopped occurring. The Test Email Auto Configuration tool was very helpful in resolving the issue. I also had the option of re-issuing my SAN Cert to add the FQDN's of the 2 new Exchange servers, but I wanted to avoid doing that if I could.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial