Outlook 2007 Autodiscover Certificate Error
Contents |
360 games PC games outlook 2007 security certificate cannot be verified Windows games Windows phone games Entertainment All Entertainment outlook 2010 autodiscover certificate error Movies & TV Music Business & Education Business Students & educators
Outlook Certificate Error Exchange 2010 Name Does Not Match
Developers Sale Sale Find a store Gift cards Products Software & services Windows Office Free downloads & security Internet
Outlook Security Alert The Name On The Security Certificate Is Invalid
Explorer Microsoft Edge Skype OneNote OneDrive Microsoft Health MSN Bing Microsoft Groove Microsoft Movies & TV Devices & Xbox All Microsoft devices Microsoft Surface All Windows PCs & tablets PC accessories Xbox & games Microsoft Lumia All outlook security alert certificate keeps popping up Windows phones Microsoft HoloLens For business Cloud Platform Microsoft Azure Microsoft Dynamics Windows for business Office for business Skype for business Surface for business Enterprise solutions Small business solutions Find a solutions provider Volume Licensing For developers & IT pros Develop Windows apps Microsoft Azure MSDN TechNet Visual Studio For students & educators Office for students OneNote in classroom Shop PCs & tablets perfect for students Microsoft in Education Support Sign in Cart Cart Javascript is disabled Please enable javascript and refresh the page Cookies are disabled Please enable cookies and refresh the page CV: {{ getCv() }} English (United States) Terms of use Privacy & cookies Trademarks © 2016 Microsoft
WindowsWindows 10 Windows Server 2012 Windows Server 2008 Windows Server 2003 Windows 8 Windows 7 Windows Vista Windows XP Exchange ServerExchange Server 2013 Exchange Server 2010 Exchange Server 2007 Exchange Server 2003 Outlook Unified Communications/Lync
Outlook 2013 Certificate Error
SharePoint Virtualization Cloud Systems ManagementSystem Center PowerShell & Scripting Active Directory & Group Policy outlook 2013 certificate warning disable Mobile Networking Storage TrainingOnline Training IT/Dev Connections Webcasts VIP Library Digital Magazine Archives InfoCentersIT Innovators Mobile Computing Business Now Desktop VDI outlook 2013 security alert All About Converged Architecture Advertisement Home > Security > Troubleshooting an Autodiscover Certificate Error Where experts and professionals share insights and inspirations to grow business and build careers Troubleshooting an Autodiscover Certificate Error Apr https://support.microsoft.com/en-us/kb/940726 8, 2009 by Paul RobichauxFollow20 Followers1162 Articles84 Comments EMAIL Tweet Comments 1 Advertisement One of the best things about being a Microsoft MVP is being part of the MVP community. Many extremely smart, opinionated, and experienced people belong to that community, and they present each other with a lot of great opportunities to learn things. Recently I learned a good bit about Microsoft Office Outlook 2007 and Exchange Server 2007's http://windowsitpro.com/security/troubleshooting-autodiscover-certificate-error Autodiscover service from following a conversation on an MVP mailing list that the Exchange Server product group maintains. The original problem, posed by Michael B. Smith, was a simple one: A test environment that worked fine with Outlook produced errors when tested with the Exchange Remote Connectivity Analyzer (ExRCA; I wrote about this tool back in January 2009). The error seemed straightforward on its face: ExRCA reported that the common name of the SSL certificate used for the connection didn't match the server name provided for mutual server authentication. Given how difficult it is to get Exchange certificates properly issued and installed, this error isn't uncommon, and most of the time Outlook 2007 is finicky about these kinds of name mismatches. The reason for this problem turns out to be both interesting and subtle. A quick review of certificate lingo is in order first. An X.509 certificate can have only one common name, or CN, attribute. The CN is almost always the public Fully Qualified Domain Name (FQDN) of the computer to which the certificate was issued. A single certificate can have zero or more subject alternative names, or SANs. For example, a certificate whose CN is mail.contoso.com might have SANs of public-cas, public-cas.contoso.com, and slc-cas01.northamerica.contoso.com
encounter a certificate error in Outlook 2007/2010. I have included a screenshot of the error I encountered with Outlook 2007 : When you choose the View Certificate button, it brings http://www.shudnow.net/2007/08/10/outlook-2007-certificate-error/ up another window that shows you what certificate is in error. In this case, the certificate name is "mail.shudnow.net." So the million dollar question? Why the error? Well, when we install a new certificate, there are a few tasks we want to do. Obviously, we install the certificate for a purpose. This purpose is till allow us to use Exchange certificate error services securely. So how do we enable Exchange to use these services? If you are planning to do a very simple configuration and do not care about external Autodiscover access, you do not need to use a Unified Communication Certificate. You can read more about these certificates in one of my other articles here. So let's say we have a simple autodiscover certificate error regular common certificate. A certificate with a Common Name (CN) of mail.shudnow.net We install this certificate onto our Exchange box with its' private key. In our case we were migrating so we did not have to request a certificate via IIS. We just exported it with its' private key and imported onto the new box. We then assigned this certificate to IIS. Now I went to the Exchange Management Shell and enabled Exchange services to use this certificate. In order to do this, you must run the following commands: Get-ExchangeCertificate Thumbprint Services Subject ------- ----- ----- BCF9F2C3D245E2588AB5895C37D8D914503D162E9 SIP.W CN=mail.shudnow.net.com What I did was go ahead and enable all new services to use every available service by using the following command: Enable-exchangecertificate -services IMAP, POP, UM, IIS, SMTP -Thumbprint BCF9F2C3D245E2588AB5895C37D8D914503D162E9 The next step would be to ensure the AutodiscoverInternalURI is pointed to the CAS that will be your primary CAS for Autodiscover servicing. Get-ClientAccessServer -Identity CASServer | FL AutoDiscoverServiceInternalUri : https://casnetbiosname/Autodiscover/Autodiscover.xml See the issue here? We are not using a UC certificate that contains the names, "casnetbiosname, casnetbiosname.shudnow.net, mail.shudnow.net, and autodi