LAN domain name, Internet domain, SSL Cert. and Exchange Server 2007
Currently, the local domain does not match Internet domain. Domain controller [abc.com] & domain host is [domain.abc.com] where my internet domain is [xyz.com]. Domain server is running with Windows server 2003 Standard Edition (SP2). Moreover, it is working as DNS server. We have decided to add exchange server (2007) and implementation were done successfully. Host name of exchange server [email.abc.com] on LAN, where it is on the Internet [email.xyz.com].
SSL Certificate has been installed and the provider do not allow us to add our LAN domain names [abc.com, domain.abc.com, email.abc.com] as multi domain, because some of these LAN domains are matching Internet domain names which are owned by someone else.
Currently, we are facing problems with authentication with Exchange Server especially when we use MS Outlook; Security Alert on startup "The name on the security certificate is invalid or does not match the name of the site.” Sometime OWA is coming out of operation due missing certificate “Event ID: 12014” and to solve it we have to re-apply the certificate.
Questions:
1. How we can solve Outlook Security Alert issue?
2. How we solve "Event ID: 12014"?
3. Do the rename of "domain server" will solve the issue without affect Exchange operation?
I am looking for your recommendation and gaudiness
Thank you
Related link: Rename Domain name without affact of Exchange Server 2007: http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/1808341c-0353-4105-8342-9020af7534c3#1808341c-0353-4105-8342-9020af7534c3
March 17th, 2010 10:30am
Change the ExternalUrl property of OWA virtual directory, so that it matches your Internet domain xyz.com
Free Windows Admin Tool Kit Click here and download it now
March 17th, 2010 11:22am
Hi,How we can solve Outlook Security Alert issue?>> This is due to the mismatch in the certificate name installed on IIS and the URL Name configured on ExternalUrl property of OWA virtual directory.I belive you have got the default self signed certificate (email.abc.com) configured on your Exchange Server. As your Internet domain is different then the internal therefore you need to get the External Domain Certificate and register on the Exchange Server.If you only want to have OWA then you can get single domain certificate otherwise if you want to use other services like autodiscover then you have to go for SAN certificate.How we solve "Event ID: 12014"?>> Once you register the External Domain Certificate you have to bind that certificate with all the services on the Exchange Server.http://support.microsoft.com/kb/555855Sanjay
March 17th, 2010 4:25pm
Try this. When using SSL Certs use the FQDN as SAN (subject alternative name) and leave your external domain name as the common name.Example. If your exchange 2007 server is named email07. Your domain name is abc.com and your external domain name is xyz.comHave your cert set up like this. email.xyz.com (this is the external)Then set up SAN like thisautodiscover.abc.comemail07.abc.comemail07abc.comxyz.comConfigure OWA for the internal address and external address.Internal address should be https://email07.abc.com/owaExternal https://email.xyz.com/owa
Free Windows Admin Tool Kit Click here and download it now
March 17th, 2010 6:34pm
Hi Alhashim
This link will give you good overview and how setup with screenshot about setting up exchange server 2007 to external domain (internet domain).
even you can browse the serversolutions.com can get ride of your issue I recon
http://www.servolutions.com/support/config_exchange_2007.htm
Good luckWith best regards siddu sajjan : Disclaimer: This posting is provided "as is" with no warranties, and confers no rights.
March 18th, 2010 6:27am
Hi Sanjay_Gupta ,
I understand that the other name of SAN certificate is Unified Communications certificates (UCC). If I am right. Why the certificate provider avoid to add my local domain as friendly name due to similliarty of our local domain with Internet domain the owned by someone?
Free Windows Admin Tool Kit Click here and download it now
March 20th, 2010 8:16am
Hi tenny26,
Currently, the third party certificate is generatedas you mentioned, however the third party did not allow us to add our local domain name [email.abc.com] because it match an Internet domain owned by others?!
March 20th, 2010 8:23am
Hi Sanjay,
I have set External Url, but I am still getting same result
set-owavirtualdirectory "email\owa (Default Web site)" -externalurl:https://email.xyz.com/owa
Free Windows Admin Tool Kit Click here and download it now
March 20th, 2010 9:28am
Have you tried other Public CA. Either that or rename the server.
May 13th, 2010 9:04pm
Do you have split DNS? This is easily solved if so. If not we could also just provision an internal zone (e.g. .local addresses) for Exchange to work around this.
Domain rename isn't an option here.Active Directory, 4th Edition - www.briandesmond.com/ad4/
Free Windows Admin Tool Kit Click here and download it now
May 14th, 2010 2:31am