internal / external domain mismatch and certificate errors

internal / external domain mismatch and certificate errors (Full Version)

All Forums >> [Microsoft Exchange 2010] >> Installation

Message

waldo -> internal / external domain mismatch and certificate errors (4.Jan.2011 4:08:01 PM)
I am facing an interesting issue at an organization. Their internal domain was setup using and arbitrary .com name for which the organization does not control, let's say abc.com. So all the users login to abc.com, but the name is not actually registered to them. They registered the name xyz.com. An exchange server was recently setup, and it is on the abc.com domain. However mail comes in for xyz.com. I succesfully installed a certificate for xyz.com, and off-site everything such as activesynh, outlook anywhere etc. works great. However, since the internal users are on abc.com, when they start outlook, they receive a certificate error. How can I fix this. I have thought about issuing a self-signed certificate (I can't get one for abc.com since they don't own the domain). Or is there a way I can force the clients to trust the certificate regardless of the name mismatch? I have tried placing the xyz.com certificate in various stores, but I always receive the warning. I would ideally like to rename the domain name, but Exchange 2010 doesn't support this. If anyone has a work-around that would be great!. What do you suggest? How can I fix the certificate error?

de.blackman -> RE: internal / external domain mismatch and certificate errors (4.Jan.2011 4:18:57 PM)
All client access methods for internal users will use the InternalURL value for the different methods. What you can try is change the InternalURL values to match your externalURLs. In your internal DNS, create a zone for xyz.com and populate it with the same entries that are on your external DNS but instead use the internal IPs for each URL. If some of the URLs must point to an external IP, so be it! Make sure that any changes to the xyz.com zone made externally has been duplicated on the internal xyz.com zone as well.

waldo -> RE: internal / external domain mismatch and certificate errors (4.Jan.2011 5:17:36 PM)
I did try creating an internal DNS zone to match the external, and have set the internal URL to that of the external, but clients still pickup the internal domain automatically. I am going to try to manually configure the clients, and see if that helps... quote: ORIGINAL: de.blackman All client access methods for internal users will use the InternalURL value for the different methods. What you can try is change the InternalURL values to match your externalURLs. In your internal DNS, create a zone for xyz.com and populate it with the same entries that are on your external DNS but instead use the internal IPs for each URL. If some of the URLs must point to an external IP, so be it! Make sure that any changes to the xyz.com zone made externally has been duplicated on the internal xyz.com zone as well.

RyanAderson88 -> RE: internal / external domain mismatch and certificate errors (7.Jan.2011 4:25:54 AM)
It may possible that internal domain name has already been purchased by another company. You can add new internal DNS zone for your external (legal) domain.Hope this will help you.

waldo -> RE: internal / external domain mismatch and certificate errors (7.Jan.2011 11:14:55 AM)
Yep, tried this, and it everything resolves OK, but after connecting, the internal host name is used again, and we get those blasted certificate warnings... I am thinking of possibly exporting all the pst files (if someone knows a better way, please let me know), removing exchange from the domain, and renaming the domain, then installing exchange again... ??

Page: [1]