Hello,

I am working on a migration to Exchange 2013 and my Outlook clients are receiving a certificate prompt to accept a certificate because the "Name on the security certificate is invalid or does not match the name of the site".  See the image below.

I entirely agree with the message because it appears that Outlook is trying to connect to the FQDN of the server but is receiving our Thwate certificate for the DNS name that we have configured for Outlook Anywhere (webmail.domain.com).  This is the correct certificate that I expect the clients to receive.  If clients press Yes everything works as expected but they should not be seeing this message.

So, why is Outlook trying to connect to servername.domain.com which results in a Name Mismatch with the certificate?

Any thoughts would be greatly appreciated.  Thanks, Matt

Hello,

If the common name on the replacement certificate does not match the FQDN of the URL that is stored in the following objects: the spc object for autodiscover service, the internalurl of EWS, the internalurl of oab service and internalurl of UM web service, the issue will occur.

In order to solve your issue, please refer to the following kb. (Note: It refers to exchange 2007, but I consider it also applies to exchange 2013)

http://support.microsoft.com/kb/981954

Additional article for your reference.

SSL Certificates for Exchange Server 2013

http://exchangeserverpro.com/exchange-server-2013-ssl-certificates/

If you have any feedback on our support, please click here

Hello,

Is there any update?

If you have any feedback on our support, please click here

Hello Cara,

I discovered that the AutodiscoverServiceInternalUri was not set on the servers.  I set that to the correct URL and I have not heard of anyone haveing the issue but I am giving it until the end of this week before I Mark As Answer.

Thank you for following up.  That is really appreciated.

~Matt

Hello,

I'm glad to hear that.

If you have any feedback on our support, please click here