The ranting of an IT Professional

Sep 30 2009   1:42PM GMT

Warning message when you start Outlook 2007 and then connect to a mailbox that is hosted on an Exchange 2007: Security certificate is invalid.



Posted by: Jason Tramer
Tags:
2007
certificate
Exchange
internal
outlook
outlook 2007
Security
ssl
warning

I encountered this issue when setting up an Exchange 2007 environment. After I installed the SSL cert for OWA all of the users using Outlook 2007 reported that they got a certificate warning when opening Outlook internally.

A co-worker of mine found this support article which fixed the issue and saved my bacon.

SYMPTOMS
When you start Microsoft Office Outlook 2007 and then connect to a mailbox that is hosted on a mailbox server that is running Microsoft Exchange Server 2007, you receive the following security warning message:

The name of the security certificate is invalid or does not match the name of the site.

CAUSE
You replace the default self-signed Exchange 2007 certificate with a different certificate.

By default, the URL that is stored in these objects references the NetBIOS name of the server. For example, a URL that resembles the following URL is stored:

https://NetBIOS_name.contoso.com/autodiscover/autodiscover.xml

This may differ from the host name that is used in the FQDN of the replacement certificate. For example, the replacement certificate may have an FQDN that resembles the following FQDN:

mail.contoso.com

This issue causes a name mismatch error to occur. Therefore, you receive the security warning message when you try to connect Outlook 2007 to the mailbox.

RESOLUTION
To resolve this issue, modify the URLs for the appropriate Exchange 2007 components. To do this, follow these steps:
1. Start the Exchange Management Shell.
2. Modify the Autodiscover URL in the Service Connection Point. The Service Connection Point is stored in the Active Directory directory service. To modify this URL, type the following command, and then press ENTER:

Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUri https://mail.contoso.com/autodiscover/autodiscover.xml

3. Modify the InternalUrl attribute of the EWS. To do this, type the following command, and then press ENTER:

Set-WebServicesVirtualDirectory -Identity “CAS_Server_Name\EWS (Default Web Site)” -InternalUrl https://mail.contoso.com/ews/exchange.asmx

4. Modify the InternalUrl attribute for Web-based Offline Address Book distribution. To do this, type the following command, and then press ENTER:

Set-OABVirtualDirectory -Identity “CAS_Server_name\oab (Default Web Site)” -InternalUrl https://mail.contoso.com/oab

5. Modify the InternalUrl attribute of the UM Web service. To do this, type the following command, and then press ENTER:

Set-UMVirtualDirectory -Identity “CAS_Server_Name\unifiedmessaging (Default Web Site)” -InternalUrl https://mail.contoso.com/unifiedmessaging/service.asmx

6. Open IIS Manager.
7. Expand the local computer, and then expand Application Pools.
8. Right-click MSExchangeAutodiscoverAppPool, and then click Recycle.

Source: http://support.microsoft.com/kb/940726

, ,

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: