Internal & External Server Certificate Error

Status
Not open for further replies.
A

AasimPathan



Hi,

I've recently removed SBS2008 from the Network & created a New Server with Windows 2008 R2 & configured Exchange 2010 with basic setup. My domain name is mydomain.local but my external domain is mydomain.com.
I have a Godaddy Certificate which i've installed for all services of Exchange. OWA & Autodiscover & RPC Over HTTP works fine without any errors.

But internally i am getting Certificate error when using Outlook 2007 for certificate Mismatch "the name of the Certificate is invalid / doesnot match the name of the site"

Any possible solution to solve this problem.... Thanks in Advance.

Aasim

MCITP: Server 2008 Administration

MCITP:Server Administration|MCTS: Server 2008| MCSE: Server 2003| MCSA + M: Exchange Server 2003| MCP: Windows XP|
 
B

busbar



Hi,

this is because the internal SCP autodiscover points to the internal FQDN of the server, you can solve this by including the server FQDN in the certificate, or set the internal SCP to the name included in the cert using this cmdlet:

Set-ClientAccessServer &ndash;Identity <CAS Server Name> -AutoDiscoverServiceInternalUri: <Internal URL>

Regards, Mahmoud Magdy Watch Arabic Level 300 Videos about Exchange 2010 here: http://vimeo.com/user3271816 Read pretty advanced Exchange stuff I post here: http://www.enowconsulting.com/ese/blog.asp, follow my blog: http://autodiscover.wordpress.com , corp blog: http://ingazat.wordpress.com and if you Liked my post please mark it as helpful and accept it as an answer
 
A

AasimPathan



Can you tell me how'd that resolve?

my external CAS server is accessed by address remote.mydomain.com

my internal CAS server is accessed by server.mydomain.local

when i ping remote.mydomain.com from (Server) it resolves to my external Ip
Set-ClientAccessServer &ndash;Identity server.mydomain.local -AutoDiscoverServiceInternalUri: server.mydomain.local ?
OR
Set-ClientAccessServer &ndash;Identity server.mydomain.local -AutoDiscoverServiceInternalUri: remote.mydomain.com

MCITP:Server Administration|MCTS: Server 2008| MCSE: Server 2003| MCSA + M: Exchange Server 2003| MCP: Windows XP|
 
B

busbar

if you want to use different names then you will need to include those names in the certificate using UCC certificate, my solution is done when using single name to access emails internally and externally.Regards, Mahmoud Magdy Watch Arabic Level 300 Videos about Exchange 2010 here: http://vimeo.com/user3271816 Read pretty advanced Exchange stuff I post here: http://www.enowconsulting.com/ese/blog.asp, follow my blog: http://autodiscover.wordpress.com , corp blog: http://ingazat.wordpress.com and if you Liked my post please mark it as helpful and accept it as an answer
 
A

AasimPathan



Sorry for delay in response, I got stuck with other things.

I've read that page you've suggested above but my problem is not multiple domain names but its the ".com" & ".local" that's required

Is there any other method that I can use or do i have to create the entire domain again? I don't want to use Domain Renaming Tools as that's risky

MCITP:Server Administration|MCTS: Server 2008| MCSE: Server 2003| MCSA + M: Exchange Server 2003| MCP: Windows XP|
 
R

ronnypot



Hi,

if you use more domain names you need to use a UCC / SAN certificate with all used domain names on it.

Otherwise you will have to change all internal and external urls to remote.mydomain.com and use internal dns to create a record to point the local ip address.

Regards Ronny
 
B

Brian Desmond -MVP-



IF i Buy GODADDY's Multiple certificates will this work without any error?

Not easily. Just add the additional names (server.mydomain.local) to the cert and you'll be fine.Active Directory, 4th Edition - www.briandesmond.com/ad4/
 
P

Paul Garlick, MCITP MCTS BCSS BCSA



If you want to refer to your exchange box internally as mydomain.local , you need to goto your godaddy account, add mydomain.local to the certificate and do whats called a rekey. Then download that certificate and reimport it to your IIS and exchange. You have to use a UCC or SAN certificate.

Here is the godaddy info:

http://help.godaddy.com/article/867

This is not a complicated process, its essentially what you did originally. Only this time you are just adding your mydomain.local to the certificate.

Renaming the domain is not required!
 
Status
Not open for further replies.
Top