• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

SSL Certificate issue

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2010] >> General >> SSL Certificate issue Page: [1]
Login
Message << Older Topic   Newer Topic >>
SSL Certificate issue - 3.Dec.2013 12:16:22 PM   
Brianvo

 

Posts: 15
Joined: 3.Dec.2013
Status: offline
Hello all.

I installed a new SSL cert on my new Exchange 2010 server. It's listed under certs and I have assigned IIS and SMTP to it. From outside when connecting to OWA it works fine, but I have internal users getting a popup warning in their outlook 2007 clients shown below. I don't understand why this would be affecting internal users and am confused. Do I have to point the internal Active-Sync link to the outside address listed on the cert? Any advice would be most appreciated. Thank you

Post #: 1
RE: SSL Certificate issue - 6.Dec.2013 1:23:35 AM   
elmajdal

 

Posts: 48
Joined: 15.Jan.2006
From: Lebanese in Kuwait
Status: offline
This happens when your Domains listed in the SSL Certificate does not match your Internal Domain Name.


For example, you log in to your mail using : mail.domain.com

however, your internal domain name is domain.local

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to Brianvo)
Post #: 2
RE: SSL Certificate issue - 6.Dec.2013 7:17:30 AM   
Brianvo

 

Posts: 15
Joined: 3.Dec.2013
Status: offline
quote:

ORIGINAL: elmajdal

This happens when your Domains listed in the SSL Certificate does not match your Internal Domain Name.


For example, you log in to your mail using : mail.domain.com

however, your internal domain name is domain.local



Hello elmajdal.

Thank you for replying. I am aware of what is causing it, what I don't understand is why it is happening. The SSL cert should only be used for external communication not internal, so why is this affecting my internal users? If I change the address of the internal active sync to match that of the outside one, will all clients now route out of the domain and then back in?

(in reply to elmajdal)
Post #: 3
RE: SSL Certificate issue - 6.Dec.2013 8:06:35 AM   
Seb85er

 

Posts: 12
Joined: 5.Dec.2013
Status: offline
Hi Brianvo,
whats you internal autodiscoverurl?find it via Get-AutodiscoverVirtualDirectory.
set it the same as the external and then put an A record in dns for the internal ip of the cas server

(in reply to Brianvo)
Post #: 4
RE: SSL Certificate issue - 6.Dec.2013 8:24:06 AM   
Brianvo

 

Posts: 15
Joined: 3.Dec.2013
Status: offline
Hi Seb86er.

That's what I was thinking but wasn't sure if it would cause other issues. I will try that and see how it works. Thank you.

(in reply to Seb85er)
Post #: 5
RE: SSL Certificate issue - 9.Dec.2013 1:42:05 PM   
Brianvo

 

Posts: 15
Joined: 3.Dec.2013
Status: offline
Ok. I created the internal A record for mail. and changed exchange to reflect mail. for my internal and I am STILL getting the popup. I am stumped.

(in reply to Seb85er)
Post #: 6
RE: SSL Certificate issue - 9.Dec.2013 2:18:09 PM   
de.blackman

 

Posts: 3542
Joined: 4.Apr.2005
From: Toronto, Canada
Status: offline
Hi Brianvo,


quote:

ORIGINAL: Brianvo
Thank you for replying. I am aware of what is causing it, what I don't understand is why it is happening. The SSL cert should only be used for external communication not internal, so why is this affecting my internal users?


Unfortunately this is not a correct statement. CAS role are tied into the IIS installation on the servers. By default only a single web site is created when IIS is installed and exchange always publishes its virtual directory in this web site, where this certificate is installed.
Is your internal domain name the same as your public domain name (SMTP domain name)?

_____________________________

Ibrahim Benna - Microsoft Exchange MVP
Forum Moderator
Navantis
@IbrahimBenna

(in reply to Brianvo)
Post #: 7
RE: SSL Certificate issue - 9.Dec.2013 2:20:15 PM   
Brianvo

 

Posts: 15
Joined: 3.Dec.2013
Status: offline
Yes. I created an A record for the name. mail.xxxx.com should now work both internally and external. I created a new internal mail connector and put the mail. in the FQDN and everything states mail for the internal address. I must be missing something somewhere but I don't know what.

(in reply to de.blackman)
Post #: 8
RE: SSL Certificate issue - 9.Dec.2013 2:39:12 PM   
de.blackman

 

Posts: 3542
Joined: 4.Apr.2005
From: Toronto, Canada
Status: offline
The image you posted is not from your environment but can you please let us know what URL it is actually complaining about from your environment?

Usually this comes up complaining about autodiscover. Actually can you give us an overview of your environment (number of servers, their roles and placements).

_____________________________

Ibrahim Benna - Microsoft Exchange MVP
Forum Moderator
Navantis
@IbrahimBenna

(in reply to Brianvo)
Post #: 9
RE: SSL Certificate issue - 9.Dec.2013 2:41:03 PM   
Brianvo

 

Posts: 15
Joined: 3.Dec.2013
Status: offline
Sure. Even though I have changed everything to mail.mydomain.com it is still stating exchangeservername.mydomian.com I only have one exchange server with all of the rolls on it. Plenty or resources and only 75 users.

(in reply to de.blackman)
Post #: 10
RE: SSL Certificate issue - 10.Dec.2013 3:30:08 AM   
Seb85er

 

Posts: 12
Joined: 5.Dec.2013
Status: offline
Hi Brian please post the following the:
the results of Get-AutodiscoverVirtualDirectory | select Name,Server,internalurl,externalurl |fl

Names on your ssl certificate

(in reply to Brianvo)
Post #: 11
RE: SSL Certificate issue - 10.Dec.2013 7:32:11 AM   
Brianvo

 

Posts: 15
Joined: 3.Dec.2013
Status: offline
Hi Seb85er.

Please bear with me, I am very new to exchange 2010 and powershell. Here are the results. I'm not sure why it isn't showing the urls. I checked in management console and they are there.

Name : Autodiscover (Default Web Site)
Server : UREEXCHANGE
InternalUrl :
ExternalUrl :

But when I run Get-WebServicesVirtualDirectory I get the following:

Identity : UREEXCHANGE\EWS (Default Web Site)
InternalURL: https://ureexchange.xxxxxx.com/Exchangeasmx
ExternalURL: https://mail.xxxxxxx.com/ews/exchange.asmx

< Message edited by Brianvo -- 10.Dec.2013 8:24:43 AM >

(in reply to Seb85er)
Post #: 12
RE: SSL Certificate issue - 10.Dec.2013 7:42:40 AM   
de.blackman

 

Posts: 3542
Joined: 4.Apr.2005
From: Toronto, Canada
Status: offline
Brianvo,

I believe you may be using the regular powershell instead of the exchange management shell. To open the Exchange shell, go to your start menu, point to the Microsoft Exchange folder and there you will find the Exchange Management Shell. Try the command there and give us the output (please block out or replace any domain names you don't want to make public on the forum).

_____________________________

Ibrahim Benna - Microsoft Exchange MVP
Forum Moderator
Navantis
@IbrahimBenna

(in reply to Brianvo)
Post #: 13
RE: SSL Certificate issue - 10.Dec.2013 8:25:27 AM   
Brianvo

 

Posts: 15
Joined: 3.Dec.2013
Status: offline
Hi de.blackman

Yep. Just realized that and updated my post. Thank you.

(in reply to de.blackman)
Post #: 14
RE: SSL Certificate issue - 10.Dec.2013 8:32:51 AM   
Brianvo

 

Posts: 15
Joined: 3.Dec.2013
Status: offline
Ok So I just ran

Get-ClientAccessServer | fl identity, autodiscoverserviceinternalurl

and it was showing the wrong url so I updated it with

Set-ClientAccessServer -Identity XXXXXX –AutoDiscoverServiceInternalUri https://mail.XXXX.com/Autodiscover/Autodiscover.xml

and will test and see if the error still occurs.

(in reply to Brianvo)
Post #: 15
RE: SSL Certificate issue - 12.Dec.2013 8:55:44 AM   
Brianvo

 

Posts: 15
Joined: 3.Dec.2013
Status: offline
Well that seems to have done it. I still don't understand why it wasn't updating using the GUI but as long as it's working I'm not complaining. Thank you everyone for your suggestions.

(in reply to Brianvo)
Post #: 16
RE: SSL Certificate issue - 12.Dec.2013 10:37:13 AM   
de.blackman

 

Posts: 3542
Joined: 4.Apr.2005
From: Toronto, Canada
Status: offline
Hey Brianvo,

glad to hear you got this resolved. Just as an FYI - the autodiscover entry you modified unfortunately is one of those that cannot be modified from the GUI - Exchange Shell is the only way as you found out :).

_____________________________

Ibrahim Benna - Microsoft Exchange MVP
Forum Moderator
Navantis
@IbrahimBenna

(in reply to Brianvo)
Post #: 17

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2010] >> General >> SSL Certificate issue Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter