Sign in with
Sign up | Sign in
Your question

Certificate Warning in Outlook

Tags:
  • Exchange Server
  • Domain Name
  • Outlook
  • Business Computing
  • Certificate
Last response: in Business Computing
Share
February 12, 2014 12:51:57 PM

I have setup an exchange server for 4 users, on their outlook they are receiving a certificate error because remote.company.com is not a registered domain name on the cert. I went through all of exchange and in there is no remote.company.com everything is set to mail.company.com which is on the cert from godaddy. But the cert error still comes up in outlook. I was able to find a remote.company.com in the forward lookup zones in DNS, but I do not know if I can delete it, or if that will fix the cert error in outlook. In the remote.company.com in DNS are Start of Authority with a 2, Name Server and Host types. The same records are located in the domain name company.local under forward lookup zones, but the Start of Authority number is 320. Right now email is working and I have them clicking yes to the warning. Is there any harm in deleting the remote.company.com out of DNS? Would that fix the cert problem?

More about : certificate warning outlook

February 12, 2014 12:57:41 PM

You shouldn't delete remote.company.com out of dns ever, especially if you are using sbs.

This is a horrid problem that I am having issues with my self. I ended up reinstalling the self cert for the local dns name and installing the external cert on a unix reverse proxy.

Microsoft give advice on fixing the issue by renaming all the exchange server names with the external remote.whetever name, but it didnt work for me.
m
0
l
February 12, 2014 1:03:18 PM

I am new to DNS, is there any way possible in renaming remote.company.com to mail.company.com or would it be easier to add remote.company.com to my godaddy cert. The server is running SBS 2011.
m
0
l
Related resources
February 12, 2014 1:36:40 PM

when you say 'outlook' do you mean OWA or an internal outlook client as part of ms office ?

When you run outlook internally it looks up your server name to connect to, that name is somthing like: yourservername.yourdomain.local

So when it gets the cert for the external name, remote.domain.com or mail.domain.com they dont match.

I havent been able to find a working solution.
m
0
l
February 12, 2014 1:44:31 PM

It is internal Outlook from Microsoft office. I have OWA using mail.domain.com.
m
0
l
February 12, 2014 1:49:27 PM

it might be possible to set up split dns, but thats pretty advanced stuff, and I decided not to attempt it since the server is in use every day the risk of down time is too great.

It might be possible to just buy a SAN cert with both internal and external names on, but they are being phased out due to man in the middle security issues and bowers and other services will stop trusting them.
m
0
l
February 25, 2014 12:57:06 PM

I just wanted to update and say I have found a solution it turned out there were some setting in exchange that still had remote.mycompany.com instead of mail.mycompany.com, but I had to use the exchange shell because you can not change them in the exchange managment console.

Here are the commands I ran:

Get-ExchangeCertificate
Get-WebServicesVirtualDirectory |fl identity,internalurl,externalurl

These commands allowed me to see where the remote.mycompany.com were still present.

I ran these commands to change them all to mail.mycompany.com

Set-WebServicesVirtualDirectory -Identity “ECAS1\EWS (Default Web Site)” -InternalUrl https://mail.domain.com/EWS/Exchange.asmx -BasicAuthentication:$true

Set-WebServicesVirtualDirectory -Identity “ECAS2\EWS (Default Web Site)” -InternalUrl https://mail.domain.com/EWS/Exchange.asmx -BasicAuthentication:$true

Set-ClientAccessServer -Identity CASServer -AutoDiscoverServiceInternalUri https://mail.shudnow.net/Autodiscover/Autodiscover.xml

Here are the links for the websites:
http://www.shudnow.net/2007/08/10/outlook-2007-certific...
http://premnair.wordpress.com/2010/07/03/configure-ews-...
m
0
l
Related resources
!