Exchange 2010 - Certificate error on internal Outlook 2013 connections

exchange-2010 ssl-certificate outlook-2013
15,798

Solution 1

Here are the steps to change the FQDN used by Outlook to connect to the server (sources: Godaddy, puryear)

Using the Exchange Management console change the internal URL of the different webservices:

Set-ClientAccessServer -Identity Your_Server_Name -AutodiscoverServiceInternalUri https://mail.domain.com/autodiscover/autodiscover.xml

Set-WebServicesVirtualDirectory -Identity "Your_Server_Name\EWS (Default Web Site)" -Set-OABVirtualDirectory -Identity "Your_Server_Name\oab (Default Web Site)" -InternalUrl https://mail.domain.com/oab

Set-UMVirtualDirectory -Identity “Your_Server_Name\unifiedmessaging (Default Web Site)” -InternalUrl https://mail.domain.com/unifiedmessaging/service.asmx

Set-ActiveSyncVirtualDirectory -Identity "Your_Server_Name\Microsoft-Server-ActiveSync (Default Web Site)" -InternalUrl "https://mail.domain.com/Microsoft-Server-ActiveSync"

The main thing to notice here is that your setting the internal URLs to be the same as the external URLs.

Solution 2

I am working through the same process, Exchange 2010 with Outlook 2013 clients and having just registered a mail.domain.com certificate. Our server isn't server.local though, it is server.domain.com, but I don't want to have to add that server name to the listed hostnames in the certificate, and also want to do it correctly.

https://www.digicert.com/internal-domain-name-tool.htm

You can use this tool to generate the Powershell scripts that will correct the Exchange URL addresses to be that of your externally facing hostname instead of your internal hostname, as well as a roll back script to revert the changes.

You will need to have installed the certificates into Exchange, and you will also need to have created an internal DNS entry to resolve mail.domain.com to servername.local.

You will most likely see that if you access mail.domain.com/OWA (from internal or external) you won't get a certificate error, but if you access server.local/OWA you will. This fix is definitely for you then!

Note: The Microsoft KB940726 article shows that the OABVirtualDirectory URL should be HTTPS, however if you had HTTP configured, the DigiCert tool will keep that instead of changing it to HTTPS.

Share:
15,798

Related videos on Youtube

Lorenz Meyer
Author by

Lorenz Meyer

Allround IT specialist: PHP, VBA and JavaScript programmer Help Desk Network administrator (MCSA) Database administrator (MCDBA)

Updated on September 18, 2022

Comments

  • Lorenz Meyer
    Lorenz Meyer over 1 year

    I have an Exchange 2010 and Outlook 2003. The exchange server has a wildcard SSL certificate installed *.domain.com, (for use with autodiscover.domain.com and mail.domain.com). The local fqdn of the Exchange server is exch.domain.local. With this configuration there is no problem.

    Now I started upgrading all Outlook 2003 to Outlook 2013, and I start to get consistently a certificate error in Outlook :

    The Name on the security certificate is invalid or does not match the name of the site

    I understand why I get that error: Outlook 2013 is connecting to exch.domain.local while the certificate is for *.domain.com.

    I was ready to buy a SAN (Subject Alternate Names) Certificate, that contains the three domains exch.domain.local, mail.domain.com, autodiscover.domain.com. But there is a hindrance: the certificate provider (in my case Godaddy) requires that the domain is validated as being our property. Now it is not possible for an internal domain that is not accessible from the internet. So this turns out not to be an option.

    Create self-signed SAN certificate with an Enterprise CA is an other option that is barely viable: There would be certificate error with every access to webmail, and I had to install the certificate on all Outlook clients.

    What is a recommended viable solution ?

    Is it possible to disable certificate checking in Outlook ?
    Or how could I change the Exchange server configuration so that the public domain name is used for all connections ?
    How to change the main FQDN of the Exchange server, as suggested in the answer, without the need of reinstalling the server ? Or is there another solution I'm not thinking of ?

    Any advice is welcome.

    • Joe Sniderman
      Joe Sniderman almost 10 years
      Why are you using .local at all?
    • Lorenz Meyer
      Lorenz Meyer almost 10 years
      @JoeSniderman Because our AD domain is sbgmb.local. Therefore the fqdn of the exchange server is exch.sbgmb.local.
    • Lorenz Meyer
      Lorenz Meyer almost 10 years
      @JoeSniderman Do you know how to force Outlook2013 to connect to the external host name only ?
  • Lorenz Meyer
    Lorenz Meyer over 9 years
    I understand. My question is 'How not to use .local in my FQDN without creating a new domain, moving all computers and users, reinstalling a DC, Exchange server ... how do I change the main fqdn of my Exchange server without creating work for two months ?
  • Lorenz Meyer
    Lorenz Meyer over 9 years
    My Exchange server has an external domain name, and Outlook Anywhere work from the internet. Only on-premise Outlook clients have the certificate warning.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Exchange Server 2010 ActiveSync SSL Certificate Problem
Exchange ActiveSync is not working with Android's 'verify certificate' setting, what do I need to do to make them work together?
Exchange 2010 SSL certificate requirements for multiple domains
How to unassign self-signed cert from SMTP on Exchange 2010?
Exchange Server - How to use existing certificate without CSR?
Outlook: Name on security certificate invalid
Flutter on Android 7 CERTIFICATE_VERIFY_FAILED with LetsEncrypt SSL cert after Sept 30, 2021
Firebase Hosted flutter app shows not a secure connection error when launching an external URL
Flutter video player wont accept self signed https connection
How to Bypass SSL Certificate Verification in flutter?