Exchange OWA and ECP Certificate issue

Hi,

I am facing an issue in regards to accessing my exchange 2013 OWA and ECP. When accessing it from outside network https://webmail.mydomain.com it prompts for accepting a totally strange certificate and it says if its not the right cert click cancel when I click cancel then the OWA or ECP is opening. why is this? here is how I have my exchange IIS setup.

I have certificate bought from godaddy I have all local server FQDN and mail.mydomain.com and webmail.mydomain.com and autodiscovery as its subject lines. the cert is installed in exchange just right. I also have my IIS URL redirect to https://webmail.mydomain.com cuz I didn't want people to have to type https in the URL.

June 17th, 2015 12:24pm

 the cert is installed in exchange just right. 

Prove it :)

Provide us with the screenshot of the assigned services for your "good" certificate as well as provide us with the absence of the "bad" certificate. From all nodes, of course. 

Finally, are you using some kind of firewall in front of Exchange pool? Have you install the certificate on your FW solution?

Also, you can understand a lot from the "strange" certificate on your OWA/ECP url. For example, field Subject will tell you a lot.

  • Proposed as answer by Shamne_g 34 minutes ago
Free Windows Admin Tool Kit Click here and download it now
June 17th, 2015 12:34pm
If it only happens externally like you say, then you need to check to make sure that you are resolving webmail.mydomain.com to your actual IP.  In other words make sure external DNS is good.  If that checks out I would start checking the firewall and see if that's trying to do some sort of packet inspection where it needs to decyrpt and reencrypt the traffic. If all that checks out, there might be something wrong with the route traffic is taking to your firewall.
June 17th, 2015 1:04pm
I think You were right :) I just figured that the valid certificate had all assigned certificates but SMTP. and the invalid certificate had all so I believe there was conflict of valid and invalid cert in exchange admin center.  I enabled the SMTP on the valid cert along POP, IMAP and IIS and removed the old invalid cert.
  • Marked as answer by Riaz Ansary 11 hours 17 minutes ago
Free Windows Admin Tool Kit Click here and download it now
June 17th, 2015 2:57pm

Hi Riaz,

Thank you for your question.

In addition, we recommend to our customer that when we assign new certificate to Exchange, we should assign all services to new certificate and delete old certificate after we test it successfully. Because it will has disturbing things if the old and invalid certificate was existed.

If there are any questions regarding this issue, please be free to let me know.

Best Regard,

Jim

June 17th, 2015 11:02pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics