Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

MAPI security warning

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2007] >> General >> MAPI security warning Page: [1]
Login
Message << Older Topic   Newer Topic >>
Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM
TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!
MAPI security warning - 29.Sep.2008 11:52:30 AM   
mlebel

 

Posts: 34
Joined: 19.Aug.2008
Status: offline 		After installing a 3rd party SSL Certificate on my Exchange 2007 server for securing OWA, I have a security warning on my MAPI clients (outlook 2007) saying "the name on the security certificate is not valid or does not match the name on this site"

How can I resolve this issue ?
Post #: 1
RE: MAPI security warning - 29.Sep.2008 1:26:27 PM   
John Weber

 

Posts: 584
Joined: 20.Apr.2005
From: Portland, Oregon
Status: offline 		Troubleshooting question:
Internal with ol2007 or external using OA?

_____________________________

-jmw
http://tsoorad.blogspot.com

(in reply to mlebel)
Post #: 2
RE: MAPI security warning - 29.Sep.2008 10:44:28 PM   
mlebel

 

Posts: 34
Joined: 19.Aug.2008
Status: offline 		Internal exchange server is : exchange.umcb.local (10.10.10.5)
Internal OWA is : https://10.10.10./owa (security warning in IE7 from inside)

External OWA is : mail.publicdomain.com
FQDN on SSL is: mail.publicdomain.com

I get the warning when users are connecting to the mailbox server (wich is also the CAS and the Hub) server at address exchange.umcb.local

(in reply to John Weber)
Post #: 3
RE: MAPI security warning - 30.Sep.2008 11:43:54 AM   
John Weber

 

Posts: 584
Joined: 20.Apr.2005
From: Portland, Oregon
Status: offline 		If you do "get-exchangecertificate" against the server what do you get?

I am thinking that the cert is showing just the fqdn, and you are going after MAIL.
The client is looking for mail.publicdomain.com, the cert matches that, but the server internally is exchange.umcb.local.

So, a cert mismatch?

_____________________________

-jmw
http://tsoorad.blogspot.com

(in reply to mlebel)
Post #: 4
RE: MAPI security warning - 30.Sep.2008 12:22:29 PM   
mlebel

 

Posts: 34
Joined: 19.Aug.2008
Status: offline 		[PS] Z:\>get-exchangecertificate | fl
AccessRules:System.Security.AccessControl.CryptoKeyAccessRule,System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail.publicdomain.ca}
HasPrivateKey: True
IsSelfSigned: False
Issuer: E=server-certs@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, S=Western Cape,C=ZA 

NotAfter: 2009-09-15 19:59:59
NotBefore: 2008-09-14 20:00:00
PublicKeySize: 1024
RootCAType: ThirdParty
SerialNumber: 6BD46C56CASERIALDD9F3F35E692
Services: IIS
Status: Valid

Subject: CN=mail.publicdomain.ca, OU=Domain Validated, OU=Thawte SSL123 certificate, OU=Go to [link=http://forums.msexchange.org/https://www.thawte.com/repository/index.html]https://www.thawte.com/repository/index.html[/link], O=mail.publicdomain.ca

Thumbprint: 5*****5CCCCDAF611C2901*******45953DA40

AccessRules: {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}

CertificateDomains : {EXCHANGE, EXCHANGE.umcb.local}
HasPrivateKey: True
IsSelfSigned: True
Issuer: CN=EXCHANGE
NotAfter: 2009-09-11 15:38:10
NotBefore : 2008-09-11 15:38:10
PublicKeySize: 2048
RootCAType: None
SerialNumber: 85CE5A3B********E4E3C53B371440E61
Services: IMAP, POP, SMTP
Status: Valid
Subject: CN=EXCHANGE
Thumbprint: 5195EDE01D45E********6CB8755F60034B7

AccessRules: {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule}

CertificateDomains: {EXCHANGE, EXCHANGE.umcb.local}
HasPrivateKey: True
IsSelfSigned: True
Issuer: CN=EXCHANGE
NotAfter: 2009-09-09 01:04:41
NotBefore: 2008-09-09 01:04:41
PublicKeySize: 2048
RootCAType: None
SerialNumber: E3EE8AF1D9F17D9549371A6932393963
Services: IMAP, POP
Status: Valid
Subject: CN=EXCHANGE
Thumbprint: DCB70E436*******E0C36445A08EB9D2F9093FB

< Message edited by mlebel -- 30.Sep.2008 12:26:40 PM >

(in reply to John Weber)
Post #: 5
RE: MAPI security warning - 30.Sep.2008 12:27:32 PM   
John Weber

 

Posts: 584
Joined: 20.Apr.2005
From: Portland, Oregon
Status: offline 		Wow.  Just read the entire thread again.  I did not grok your initial question very well.

This here appears to be that the MAPI client, and also the OA functions are looking for Autodiscover.
Take a look at this:  http://tsoorad.blogspot.com/2008/01/outlook-2007-certificate-error.html

and also: 
http://exchange-genie.blogspot.com/2007/07/autodiscover-ad-attribute.html

_____________________________

-jmw
http://tsoorad.blogspot.com

(in reply to mlebel)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2007] >> General >> MAPI security warning Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts