Exchange 2007 certificate weirdness
I'm not sure where to start with this because I'm not positive what might be relevant. First, I am very new to Exchange & when I say that, I mean I've only been working with this for about 3 months & never prior to March. In light of that, it would be greatly appreciated if any explanations are stated in such a way that a completely computer illiterate would understand. Our configuration is Exchange 2007, Hub transport only, installed on Server 2008, not SBS, not Web Server, just plain old Server 2008 (which I also have very little experience with). I've gone through the installation & mailbox set up for our company of 6 employees who all work from home. I had some help configuring it to work & during that process was told that we would need an SSL certificate for it to work properly. Next, we bought an SSL cert. from a CA & have installed it. At this time, I've installed the 'intermediate certificates' twice & am still being told by the CA that they have not been installed. (I only mention this because I'm not sure it will be relevant or not.) In spite of what the CA says, we've been able to connect our users to the Exchange server. We DID NOT choose to set up the Autodiscover service because it was so simple to connect manually. By that, I mean that the certificate we purchased was not set up for autodiscover.mydomain.com or whatever. Since we are/were in the testing phase of Exchange, I had only set up 3-4 users when we started to receive the, evidently common, 'security certificate invalid or does not match the name of the site' error. As with everyone else, if we choose to proceed, it plugs right along into Exchange & we send/receive without incident. So, in my long list of questions is, how does a certificate to autodiscover.mydomain.com get spontaneously created by Exchange? Secondly, what do I have to do to get Exchange to recognize that we are not using this erroneous certificate & get it to recognize the certificate that was previously purchased & installed? Or, if we create a dns record to have autodiscover.mydomain.com point to our server, will we be able to start using the Autodiscover service? I'm sorry to say that I'm completely lost about what to do with this & any help is greatly appreciated. And, remember, please explain it to me like I'm a 5 yr. old.
July 23rd, 2009 1:59am

Your post is marked as comment. Please hit "change type" and select question.Sorry, cant explain this to a 5 yr old. there is too much detail in your question(s)!You said that You have only have the hub transport server installed. Do you mean just on that box, or you dont have any CAS or mailbox servers elsewhere? I dont think its a supported scenario to only deploy the HT role. if you only want an SMTP engine you should use the one that comes in windows server.As for the other questions:-"how does a certificate to autodiscover.mydomain.com get spontaneously created by Exchange">>>Part of the installation creates a self-signed certificate. This allows exchange to use secure smtp by default even if the customer doesnt purchase a 3rd party cert-"Secondly, what do I have to do to get Exchange to recognize that we are not using this erroneous certificate & get it to recognize the certificate that was previously purchased & installed?">>>We could explore this in more detail, but youve already worried me because you are describing cert installation with the certificate management mmc. for exchange 2007 you need to use the certificate powershell commands. Here is a really fast article on how to *normally* install exchange: http://mike-crowley.spaces.live.com/blog/cns!C23CB95E1200929!178.entry for more background info read here:http://technet.microsoft.com/en-us/library/bb851505.aspx-"if we create a dns record to have autodiscover.mydomain.com point to our server, will we be able to start using the Autodiscover service? ">>> Yes. the service is running as we type already. making the dns record just allows outlook clients to find it. its one of the 4 autodiscover service connection points (SCP) Mike Crowley A+, Network+, Security+, MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging Administrator
Free Windows Admin Tool Kit Click here and download it now
July 25th, 2009 12:54am

Sorry, I miscommunicated our configuration. That particular server is also our CAS & mailbox server. I have not had a chance to read your attached article but hope to do that later today. I think, however, that you have solved my problem by answering my last question about creating a dns record to point to our server & the self-signed certificate. Thanks for your help. It's greatly appreciated.
July 28th, 2009 12:33am

Ok glad to help either way. If this does in fact solve your issue, please mark the forum as "answered". Mike Crowley A+, Network+, Security+, MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging Administrator
Free Windows Admin Tool Kit Click here and download it now
July 30th, 2009 1:40am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics