Exchange 2010 - Certificate error on internal Outlook 2013 connections

ssl-certificate exchange-2010 outlook-2013

Solution 1:

Here are the steps to change the FQDN used by Outlook to connect to the server (sources: Godaddy, puryear)

Using the Exchange Management console change the internal URL of the different webservices:

Set-ClientAccessServer -Identity Your_Server_Name -AutodiscoverServiceInternalUri https://mail.domain.com/autodiscover/autodiscover.xml

Set-WebServicesVirtualDirectory -Identity "Your_Server_Name\EWS (Default Web Site)" -Set-OABVirtualDirectory -Identity "Your_Server_Name\oab (Default Web Site)" -InternalUrl https://mail.domain.com/oab

Set-UMVirtualDirectory -Identity “Your_Server_Name\unifiedmessaging (Default Web Site)” -InternalUrl https://mail.domain.com/unifiedmessaging/service.asmx

Set-ActiveSyncVirtualDirectory -Identity "Your_Server_Name\Microsoft-Server-ActiveSync (Default Web Site)" -InternalUrl "https://mail.domain.com/Microsoft-Server-ActiveSync"

The main thing to notice here is that your setting the internal URLs to be the same as the external URLs.

Solution 2:

I am working through the same process, Exchange 2010 with Outlook 2013 clients and having just registered a mail.domain.com certificate. Our server isn't server.local though, it is server.domain.com, but I don't want to have to add that server name to the listed hostnames in the certificate, and also want to do it correctly.

https://www.digicert.com/internal-domain-name-tool.htm

You can use this tool to generate the Powershell scripts that will correct the Exchange URL addresses to be that of your externally facing hostname instead of your internal hostname, as well as a roll back script to revert the changes.

You will need to have installed the certificates into Exchange, and you will also need to have created an internal DNS entry to resolve mail.domain.com to servername.local.

You will most likely see that if you access mail.domain.com/OWA (from internal or external) you won't get a certificate error, but if you access server.local/OWA you will. This fix is definitely for you then!

Note: The Microsoft KB940726 article shows that the OABVirtualDirectory URL should be HTTPS, however if you had HTTP configured, the DigiCert tool will keep that instead of changing it to HTTPS.

Related

How to setup pfSense with multiple public IP's
Mails going to spam. Please see the details [duplicate]
Best Practice: DNS and VPN (with private network IPs) [closed]
Where is the "Compare" option in Excel (to compare two files)?
What is the modern way to get emulated 3D on headphones in a video game (PC)?
PowerPoint automatically change to bold one of the numbering in a list that contains bold font
WSL2, Android Studio and Intel HAXM
How can I remove an entry from the list of installed software? [duplicate]
How to understand SAN stores data at the block level, while NAS accesses data as files?
Arial font sometimes not rendering correctly in Google Docs (same account, same browser, same font, two documents)
How to enable VMX?
Dockerfile: clone repo with passwordless private key. Errors: "authentication agent" or "read_passphrase: can't open /dev/tty"