Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
internal / external domain mismatch and certificate errors
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
internal / external domain mismatch and certificate errors - 4.Jan.2011 4:08:01 PM
|
|
|
waldo
Posts: 3
Joined: 4.Jan.2011
Status: offline
|
I am facing an interesting issue at an organization.
Their internal domain was setup using and arbitrary .com name for which the organization does not control, let's say abc.com. So all the users login to abc.com, but the name is not actually registered to them.
They registered the name xyz.com. An exchange server was recently setup, and it is on the abc.com domain. However mail comes in for xyz.com. I succesfully installed a certificate for xyz.com, and off-site everything such as activesynh, outlook anywhere etc. works great.
However, since the internal users are on abc.com, when they start outlook, they receive a certificate error. How can I fix this. I have thought about issuing a self-signed certificate (I can't get one for abc.com since they don't own the domain). Or is there a way I can force the clients to trust the certificate regardless of the name mismatch? I have tried placing the xyz.com certificate in various stores, but I always receive the warning.
I would ideally like to rename the domain name, but Exchange 2010 doesn't support this. If anyone has a work-around that would be great!.
What do you suggest? How can I fix the certificate error?
|
|
|
|
|
RE: internal / external domain mismatch and certificate... - 4.Jan.2011 4:18:57 PM
|
|
|
de.blackman
Posts: 3542
Joined: 4.Apr.2005
From: Toronto, Canada
Status: offline
|
All client access methods for internal users will use the InternalURL value for the different methods. What you can try is change the InternalURL values to match your externalURLs. In your internal DNS, create a zone for xyz.com and populate it with the same entries that are on your external DNS but instead use the internal IPs for each URL. If some of the URLs must point to an external IP, so be it! Make sure that any changes to the xyz.com zone made externally has been duplicated on the internal xyz.com zone as well.
_____________________________
Ibrahim Benna - Microsoft Exchange MVP
Forum Moderator
Navantis
@IbrahimBenna
|
|
|
|
|
RE: internal / external domain mismatch and certificate... - 4.Jan.2011 5:17:36 PM
|
|
|
waldo
Posts: 3
Joined: 4.Jan.2011
Status: offline
|
I did try creating an internal DNS zone to match the external, and have set the internal URL to that of the external, but clients still pickup the internal domain automatically. I am going to try to manually configure the clients, and see if that helps...
quote:
ORIGINAL: de.blackman
All client access methods for internal users will use the InternalURL value for the different methods. What you can try is change the InternalURL values to match your externalURLs. In your internal DNS, create a zone for xyz.com and populate it with the same entries that are on your external DNS but instead use the internal IPs for each URL. If some of the URLs must point to an external IP, so be it! Make sure that any changes to the xyz.com zone made externally has been duplicated on the internal xyz.com zone as well.
|
|
|
|
|
RE: internal / external domain mismatch and certificate... - 7.Jan.2011 4:25:54 AM
|
|
|
RyanAderson88
Posts: 1
Joined: 7.Jan.2011
Status: offline
|
It may possible that internal domain name has already been purchased by another company. You can add new internal DNS zone for your external (legal) domain.Hope this will help you.
|
|
|
|
|
RE: internal / external domain mismatch and certificate... - 7.Jan.2011 11:14:55 AM
|
|
|
waldo
Posts: 3
Joined: 4.Jan.2011
Status: offline
|
Yep, tried this, and it everything resolves OK, but after connecting, the internal host name is used again, and we get those blasted certificate warnings...
I am thinking of possibly exporting all the pst files (if someone knows a better way, please let me know), removing exchange from the domain, and renaming the domain, then installing exchange again...
??
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
