security alert opening outlook
I have an exchange server 2007 running on widows server 2008 split on two separate servers.
Server one: exchange management tools and client access server
Server two: exchange management tools, mailbox server and hub transport
I have IIS7 installed on both servers (the mailbox and hub would not install without it) and the client access has it for OWA. I have installed a SSL certificate for the outside access OWA, and I have also placed the common name on the external URL on the CAS server properties/ Outlook Anywhere I also have NTLM for authentication method.
That seems to work fine from the outside, inside when I launch outlook 2007 to connect to the exchange server on my network, I get this security alert. I have even installed the cert, however I get this every time I open outlook.
**************************************** Security Alert **** Information you exchange with this site ** cannot be viewed or changed by others ** However, there is a problem with the ** site's security certificate.** ** The Security Certificate is from a trusted ** authority ** ** The security certifiace date is valad ** ** The name on the security certificate is ** invalid or does not match the name of the ** site. ** ** Do you want to proceed?** ** Yes No View Certificate ***************************************I get this prompt at least three times. the odd thing is I am migrating to this server from a exchange 2003 (same forest and domain) and some users on the old 2003 server also get this error and outlook is configured to connect to the 2003 server not 2007. soon I will move everybody to the 2007 server and retire the 2003 server, I just dont want to here every complain about getting prompted everytime they open outlook.I dont have a mulitple entry cert to add the local site name to the cert.any ideas as how to avoid this security alert on the local domain?Thanks,How can prevent this from happening on my internal network?
November 5th, 2009 12:00am
http://support.microsoft.com/kb/940726Security warning when you start Outlook 2007 and then connect to a mailbox that is hosted on a server that is running Exchange Server 2007 or Exchange Server 2010: "The name of the security certificate is invalid or does not match the name of the site"
Free Windows Admin Tool Kit Click here and download it now
November 5th, 2009 12:04am
Andy,I must be doing something incorrectly, I keep getting an error everytime I attempt the following according to kb940726PS C:\Windows\System32> Set-ClientAccessServer-AutodiscoverServiceInternalUri https://mail.ce.wisconsin.edu/autodiscover/autodiscover.xmlThe term 'Set-ClientAccessServer-AutodiscoverServiceInternalUri' is not recognized as a cmdlet, function, operable program, or script file. Verify the term and try again.At line:1 char:54any ideas?
November 5th, 2009 4:57pm
Make sure you are using the Exchange Powershell, not the generic Windows Powershell
Free Windows Admin Tool Kit Click here and download it now
November 5th, 2009 5:06pm
oops, my mistake, I had a shortcut and it was in fact the windows power shell.
November 5th, 2009 5:31pm
What exactly should be entered in place of
CAS_Server_Name
"CAS_Server_Name</var>\EWS (Default Web Site)"
"CAS_Server_name\oab (Default Web Site)"
"CAS_Server_Name\unifiedmessaging (Default Web Site)"
Thank you.
Free Windows Admin Tool Kit Click here and download it now
February 28th, 2010 10:26pm
The name of the Client Access Server.
February 28th, 2010 10:54pm
sorry no help for admin begginer :-) .Probably a simple question but I'm getting lumps on my head from banging it against my desk. How can I get this name ? Same name as server name ? Example pls..Thank you
Free Windows Admin Tool Kit Click here and download it now
February 28th, 2010 11:19pm
I have a similar problem with the security certificate, except only two users out of 600 are getting the prompt when they open outlook '07. Before I make a change I would like to know if it would adversely affect everyone else or is there something I may be able to do to the clients that are affected?
Thanks
Tony
This is what we did and it seemed to work
Created a new user profile and then copied over the old and it worked. No more Cert pop-up
March 2nd, 2010 9:34pm