Certificate problem
Hi All, I am getting the message " The name on the security certificate is invalid, or does not match the name of the site" when Outlook 2010 users log in.
We recently switched off two redundant 2007 servers that were left switched on purely to service public folders for the last remaining 2k3 users.
When I run the Get-clientAccessServer cmd, these two 2k7 servers, as well as the current CAS servers are listed. I think my problem is that Outlook clients are trying to get their certificates from one of the servers that have been switched off.
How do I set them to obtain from the current servers?
September 21st, 2011 10:09pm
It's possible your internalurl points to the servername of one of your 2007 servers. You need to verify if this is the case. Do you have a SAN cert that includes multiple subject names, autodiscover.domain.com, mail.domain.com, server1.internaldomain.com
etc?
Security warning when you start Outlook 2007 and then connect to a mailbox that is hosted on a server that is running Exchange Server 2007 or Exchange Server 2010: "The name of the security certificate is invalid or does not match the name of the site"
http://support.microsoft.com/kb/940726James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
September 21st, 2011 10:18pm
Thanks James. It seems that the internal URL is OK. Of course when I run commands such as get-webservicesvirtualdirectory, I get 2x IIS connection/ RPC errors for the switched off servers before a listing of the two good servers that show the correct
Internal URL.Scotty
September 21st, 2011 11:20pm
Hello,
The most possible cause should be described in the following article:
http://support.microsoft.com/kb/940726
In order to understand the issue more deeply on your server, please also collect the following information for my further research.
[Please provide a screenshot of the certificate warning in Outlook]
[Collect AutoConfiguration Status in problematic Outlook]
========================================
1. While Outlook is running, click the CTRL key and then right-click the Outlook icon in the system tray and then select “Test Email Autoconfiguration”.
2. Confirm that your email address is in the address field, uncheck “Use Guessmart” and “secure Guessmart
authentication” boxes. Then click the “Test” button.
3. Once it runs, please send me a screen shot of the
Log and Results tab..
[Certificate configuration information]
=============================
On CAS server, open
“Exchange Management Shell”
and type the cmdlet:
Get-ExchangeCertificate |fl >c:\certlog.txt
Get-autodiscovervirtualdirectory | fl >c:\auto.txt
Get-clientaccessserver | fl >c:\cas.txt
You can reach me at:
v-simwu@microsoft.com
Thanks,
Simon
Free Windows Admin Tool Kit Click here and download it now
September 23rd, 2011 2:53am
The problem was that I was failing to complete the request at the certsrv page of the CA. All good now. Thanks for your assistance Simon and James.Scotty
September 25th, 2011 5:36pm