Outlook Anywhere Autodiscover Certificate Error
Contents |
(עברית)المملكة العربية السعودية (العربية)ไทย (ไทย)대한민국 (한국어)中华人民共和国 (中文)台灣 (中文)日本 (日本語) HomeOnline20132010Other VersionsLibraryForumsGalleryEHLO Blog Ask a question Quick access Forums home Browse forums users FAQ Search related threads Remove From My Forums Answered by: Outlook Anywhere for autodiscover cert error Previous Versions of Exchange > Exchange Server 2010 Question 0 Sign autodiscover certificate error exchange 2013 in to vote Hi There, I'd implemented outlook anywhere(Exchange 2010) for users with 3rd
Autodiscover Certificate Error Exchange 2010
Party SSL certificate(single cert, no wild card) ,for example, mail.123.com . Mail flow is working fine, but when open outlook outlook certificate error exchange 2010 name does not match 2010, it will prompt out certificate error about autodiscover.123.com, i understand there, to get rid of this error message, users have to buy wild card certificate instead of single, is there any way exchange 2013 certificate error internal server name to get rid this warning without purchase a new cert again? Thanks AlfredAlfred Monday, July 16, 2012 5:29 AM Reply | Quote Answers 0 Sign in to vote Alfred, If you are going to purchase a certificate for Autodiscover alone, create a new certificate Request for autodiscover service from EMC and import it to exchange server through EMC. Assign the certificate to autodiscover service..No further reconfigurations required. If
Outlook 2010 Autodiscover Certificate Error
you can add the autodiscover url in to the existing certificate, again you require a certificate request and importing that certificate to EMC. Then assign the certificate to autodiscover too. As you are using a trusted third party certificate, you don't require it to import it in to clients. The certificate is already trusted there. Regards from www.exchangeonline.in Marked as answer by AlfredL Monday, July 16, 2012 6:15 AM Unmarked as answer by AlfredL Tuesday, July 17, 2012 2:54 AM Marked as answer by AlfredL Tuesday, July 17, 2012 2:55 AM Edited by ManU PhiliPModerator Thursday, April 17, 2014 4:15 AM Monday, July 16, 2012 6:11 AM Reply | Quote Moderator 0 Sign in to vote Yes. Autodiscover works in 3 ways: https://autodiscover.
Errors which applies to Outlook 2007, Outlook 2010, and Outlook 2013. You can see that post here. That blog post describes an incorrect certificate on Exchange itself. For example, you make a connection to outlook certificate error the name on the security certificate is invalid Exchange and your InternalURLs, ExternalURLs, and AutodiscoverServiceInternalURI FQDN is not defined on the outlook 2013 certificate error autodiscover certificate. Therefore, you must update the InternalURLs, ExternalURLs, and AutodiscoverServiceInternalURI to match the certificate FQDN. This specific issue is a
Autodiscover Certificate Error Office 365
bit different. This issue is that when you are trying to make a connection to Autodiscover via https://autodiscover.domain.com, the Outlook client does not successfully make a connection to it and you get a https://social.technet.microsoft.com/Forums/exchange/en-US/2e77262b-7ba3-41b8-9fe3-9896d2b056b5/outlook-anywhere-for-autodiscover-cert-error?forum=exchange2010 certificate error. The certificate you see pop up in Outlook during the error isn't even the certificate that is located on Exchange. The certificate error that pops up shows you that it is finding the certificate on your company's public website. So the million dollar question? Why the error and why is it showing the company's public website's certificate. Well first, let's explore a little on http://www.shudnow.net/2013/07/26/outlook-certificate-error-and-autodiscover-domain-com-not-working/ the steps External Autodiscover goes through in order to find Exchange. Internal Autodiscover and the Service Connection Point The Autodiscover service is a mechanism that can do several things. Automatic Mailbox Creation Redirects Outlook 2007/2010/2013 clients to point to the correct server in which their mailbox is located Provides URLs to Web Services for Outlook 2007/2010/2013 When you first launch your Outlook client (Outlook 2007 or above required for Autodiscover access), it will search Active Directory for a Service Connection Point (SCP) record. Every time a CAS Server is installed, it will register this SCP record within Active Directory in the following location: CN=Autodiscover,CN=Protocols,CN=
Availability Migration You are here: Home / Articles / Exchange 2010 FAQ: Do I Need Autodiscover Names in the SSL Certificate?Exchange 2010 FAQ: Do I Need Autodiscover Names in the SSL Certificate? June 12, 2011 by http://exchangeserverpro.com/exchange-2010-faq-autodiscover-names-ssl-certificate/ Paul Cunningham 46 Comments Question: Do I need to include the Autodiscover names for http://serverfault.com/questions/627870/outlook-security-alert-the-name-on-the-security-certificate-is-invalid-or-does all of my domain names in my SSL certificate? I've had a few questions lately about Autodiscover and Exchange 2010 SSL certificates. The questions are usually along the lines of: Do I need to add the Autodiscover name to my SSL certificate? Do I need an Autodiscover name for all of my SMTP certificate error domains in my SSL certificate? Both questions can be answered easily once you understand the basics of Autodiscover. Put simply, Autodiscover is a service hosted on Client Access servers that Outlook 2007 and 2010 clients can use to automatically discover information about the Exchange environment. An example of Autodiscover in action is when a mailbox-enabled user launches Outlook 2007/2010 for the first time and the Outlook profile is autodiscover certificate error automatically configured with the correct Exchange server name for that mailbox user. For internal, domain-joined clients this involves looking up the Autodiscover SCP (Service Connection Point) for the AD Site that the user's computer is in. Or if no SCP exists for that site the SCP in another site will be used. This is configurable and is known as Autodiscover site scope. The SCP is returned as a URL. This URL will be one of the Client Access servers in the organization, and will look something like this: Get-ClientAccessServer | fl name,autodiscoverserviceinternaluri Name : ESP-HO-EX2010A AutoDiscoverServiceInternalUri : https://esp-ho-ex2010a.exchangeserverpro.net/Autodiscover/Autodiscover.xml So for an internal, domain-joined computer the SSL certificate must include the name (or names, if more than one exists) for the Client Access servers in the organization that a client will be discovering via that SCP lookup. Externally connected clients are different, because they can't lookup the SCP in Active Directory from outside of the network. These clients might be roaming laptop users with Outlook, or they might be ActiveSync capable smartphones such as iPhones. In either case they will attempt to connect to Autodiscover by performing a DNS lookup for "autodiscover.smtpdomainname". For example an iPhone user setting up their Exch
Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring developers or posting ads with us Server Fault Questions Tags Users Badges Unanswered Ask Question _ Server Fault is a question and answer site for system and network administrators. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top Outlook security alert - The name on the security certificate is invalid or does not match the name of the site up vote 13 down vote favorite 4 SBS 2008 running Exchange 2007 and IIS6.0 CompanyA has two other companies that operate under the same roof. To accommodate email, we have 3 Exchange accounts per user to manage this. All users use their CompanyA account to log into the domain. CORP\user user@companyA.com CORP\user-companyb user@companyB.com <-- only used for email CORP\user-companyc user@companyC.com <-- only used for email Email works fine internally and via OWA. The problem exist when setting up Outlook for remote users who need access to companyB and companyC emails, Outlook pops up the certificate error. The SSL cert SAN has the following DNS names: webmail.companyA.com www.webmail.companyA.com CORP-SBS CORP-SBS.local autdiscover.companyA.com I was told by the users who access companyC email address remotely that this never used to happen before. This started with the CEO changed DNS providers on his own and in the process the original DNS settings were lost. He mentioned something about an SRV record being created which corrected this issue but that's about it. Looking for guidance on how to properly address this. ssl exchange outlook certificate share|improve this question edited Feb 15 '15 at 4:28 HopelessN00b 44.5k1798168 asked Sep 11 '14 at 15:37 Mike66350216 1291111 add a comment| 2 Answers 2 active oldest votes up vote 23 down vote accepted This issue is most likely caused by Outlook's Autodiscover service, part of the Outlook Anywhere functionality. Autodiscover provides various information to the end-user's Outlook client on the various services offered by Exchange and where these can be