Certificate Error With Outlook 2007 Clients To Exchange 2007 Server
Contents |
Availability Migration You are here: Home / Outlook 2007 clients display certificate mismatch error after mailbox migrationOutlook 2007 clients display certificate mismatch error after outlook client certificate error exchange 2010 mailbox migration February 27, 2009 by Paul Cunningham 8 Comments
Outlook 2007 Certificate Error Exchange 2013
When an Outlook 2007 user has their mailbox migrated from Exchange 2003 to Exchange 2007 they may security certificate error outlook 2007 start seeing a certificate mismatch error appear when launching Outlook. This problem will occur if the following conditions are true: the internal DNS namespace does not match autodiscover certificate error outlook 2007 the external DNS namespace (eg domain.local for internal and domain.com.au for external) a third party SSL certificate matching the external namespace has been applied to the IIS instance on the Client Access Server (eg cas.domain.com.au) The certificate mismatch occurs because the Autodiscover Service and/or Availability Service use the FQDN of the Exchange 2007 host in
Outlook 2007 Security Certificate Cannot Be Verified
their URL (eg https://server.domain.local/AutoDiscover/AutoDiscover.xml) but the IIS instance has an SSL certificate that does not match that name. To resolve this issue you can change the URL of the Autodiscover and Availablity services to match the name on the certificate, which you can do with the following shell commands. [PS] C:\>Set-ClientAccessServer -Identity cas.domain.local -AutoDiscoverServiceInternalUri https://cas.domain.com.au/Autodiscover/Autodiscover.xml [PS] C:\>Set-WebServicesVirtualDirectory -Identity "EWS (Default Web Site)" -InternalUrl https://cas.domain.com.au/EWS/Exchange.asmx -ExternalUrl https://cas.domain.com.au/EWS/Exchange.asmx As long as your internal clients are resolving the external name cas.domain.com.au directly to your Client Access Server this should resolve the certificate mismatch error. Uncategorized AutoDiscover, Availability Service, EMSm Outlook 2007, Exchange 2007About Paul CunninghamPaul is a Microsoft MVP for Office Servers and Services, specializing in Exchange Server and Office 365, and is the publisher of Exchange Server Pro. He lives in Brisbane, Australia, and works as a consultant, writer and trainer. Find Paul on Twitter, LinkedIn, or Facebook. Comments Steven Goh says June 29, 2010 at 6:10 pm This article works. I like thi
| My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out Certificate error: Outlook 2007 & Exchange 2007 Users viewing this topic: none Logged in as: Guest Tree Style the name on the security certificate is invalid or does not match the name of the site outlook 2010 Printable Version All Forums >> [Microsoft Exchange 2007] >> General >> Certificate error: Outlook 2007 outlook 2007 ssl certificate error & Exchange 2007 Page: [1] Login Message << Older Topic Newer Topic >> Certificate error: Outlook 2007 & Exchange 2007 - 10.Jan.2008 2:01:28
The Name On The Security Certificate Is Invalid Exchange 2010 Internal
PM flapjack Posts: 79 Joined: 20.Aug.2005 From: Colorado Springs, Co Status: offline When I connect to my Exchange 2007 server via Outlook 2007 from within the network, I get a certificate error. This is because http://exchangeserverpro.com/outlook-2007-clients-display-certificate-mismatch-error-after-mailbox-migration/ of the way I have my DNS set up, but it shouldn't even be happening, as I'm inside the network. Basically, the certificate is for domain.net, and the internal network name is obviously not that. I do have that domain added in DNS, and it resolves internally and externally (which works great for EVERYTHING besides Outlook 2007). The mail server has two domain suffixes. The default network (which doesn't match the certificate), and the external network http://forums.msexchange.org/m_1800461983/tm.htm address domain.net. If you nslookup/ping mail.domain.net or mail.internal both resolve correctly. The issue lies with setting up Outlook, but I don't understand why it's happening in the first place. Since I'm internal to the network, I should just be able to type "mail" for the mail server. However, when I go back to check the account properties (after I've finished), Outlook has automatically appended the internal DNS address. When I open Outlook, I get the certificate error message. I've even tried typing "mail.domain.net" as the server address, but checking properties afterwards just shows Outlook to have corrected it to mail.internal-address. The Outlook 2007 client is running on a Vista machine, if that helps. The mail server is running Win2k3-64. Under System Properties > Computer Name, I've tried clicking "Change", then "More" and changing the primary DNS suffix of the server to domain.net, but that just made it just about inaccessible from the world. It would still receive mail, but you couldn't get to it... even from OWA. Any ideas on how to fix this? RPC over HTTPS works fine, obviously, as the PC external to the network and the certificate matches. Why is Outlook even looking for a certificate inside the network? Can't I disable that? Maybe it's some function of Vista?? Post #: 1 Featured Links* RE: Certificate error: Outlook 2007 & Exch
encounter a certificate error in Outlook 2007/2010. I have included a screenshot of the error I encountered with Outlook 2007 : When you choose the View Certificate button, it brings up another window that shows you what certificate is http://www.shudnow.net/2007/08/10/outlook-2007-certificate-error/ in error. In this case, the certificate name is "mail.shudnow.net." So the million dollar question? Why the error? Well, when we install a new certificate, there are a few tasks we want to do. Obviously, http://kb.stonegroup.co.uk/index.php?View=entry&EntryID=208 we install the certificate for a purpose. This purpose is till allow us to use Exchange services securely. So how do we enable Exchange to use these services? If you are planning to do a certificate error very simple configuration and do not care about external Autodiscover access, you do not need to use a Unified Communication Certificate. You can read more about these certificates in one of my other articles here. So let's say we have a simple regular common certificate. A certificate with a Common Name (CN) of mail.shudnow.net We install this certificate onto our Exchange box with its' private key. In our case we certificate error exchange were migrating so we did not have to request a certificate via IIS. We just exported it with its' private key and imported onto the new box. We then assigned this certificate to IIS. Now I went to the Exchange Management Shell and enabled Exchange services to use this certificate. In order to do this, you must run the following commands: Get-ExchangeCertificate Thumbprint Services Subject ------- ----- ----- BCF9F2C3D245E2588AB5895C37D8D914503D162E9 SIP.W CN=mail.shudnow.net.com What I did was go ahead and enable all new services to use every available service by using the following command: Enable-exchangecertificate -services IMAP, POP, UM, IIS, SMTP -Thumbprint BCF9F2C3D245E2588AB5895C37D8D914503D162E9 The next step would be to ensure the AutodiscoverInternalURI is pointed to the CAS that will be your primary CAS for Autodiscover servicing. Get-ClientAccessServer -Identity CASServer | FL AutoDiscoverServiceInternalUri : https://casnetbiosname/Autodiscover/Autodiscover.xml See the issue here? We are not using a UC certificate that contains the names, "casnetbiosname, casnetbiosname.shudnow.net, mail.shudnow.net, and autodiscover.shudnow.net" Since the Autodiscover directory in IIS will be requring SSL encryption, the url specified in the AutoDiscoverServiceInternalURI must match what is specified in your certificate. You must also ensure there is a DNS record that allows mail.shudnow.net to resolve to your CAS. We should re-configure the AutoDiscoverServiceInternalURI by using the following command: Set-ClientAccessServer -Identity CASServer -AutoDiscoverServiceInternalUri https://mail.shudnow
/ Page not found Hmm, the page you're looking for can't be found. Did you try searching? Enter a keyword(s) in the search field above. Or, try one of the links below. Categories Corporate & Social Responsibility Help for Home Users (1) Managed Services (1) Stone Branded Products Third Party Products (2) Windows 10 (12) Stone Computers Ltd Granite One Hundred Acton Gate Stafford Staffordshire ST18 9AA © Stone Group 2016 Terms & Conditions | Privacy Policy | Cookies Policy