I am a Network Administrator for a small non-profit organization, and have been for a little less than a year. We have an exchange server, call it exchange, which is still running Exchange 2007. In addition to making several upgrades to our environment, I've been working to build a new mail server, call it mail, running 2010.
Now I have both servers, exchange and mail, running. Exchange still has 99.9% of our user mailboxes, while mail has a retired account and a couple test accounts. OWA functionality on the mail is up -- you can browse out via https:// or http:// and reach it. Unfortunately, when I open Outlook on one of the test accounts, I receive the aforementioned message:
"The name on the security certificate is invalid or does not match the name of the site."
We have a CA-signed certificate, and yes, our internal and external hostnames are different. Call it npc.org (internal) vs nonprofitcompany.org (external).
One of the first things I did was run the following powershell commands in order to set our internal URLs to be the same as the external URLs :
set-webservicesvirttualdirectory -identity "mail\ews (default web site)" -internalURL https://mail.nonprofitcompany.org/EWS/Exchange.asmx -basicauthentication:$true
set-oabvirtualdirecotry -identity "mail\oab (default web site)" -internalURL https://mail.nonprofitcompany.org/oab
set-activesyncvirtualdirectory -identity "mail\microsoft-server-activesync (default web site)" -internalurl "https://mail.nonprofitcompany.org/microsoft-server-activesync"
I've also used the Get command to verify that the urls match correctly. They do. And lastly, I went into iis and recycled msexchangeautodiscoverapppool. So theoretically, everything should be working now. But every time I pull that test account up in Outlook, it takes about 15 seconds before that Security Alert comes up.
Any ideas or suggestions? I'm willing to forward additional logs if need be.