2

Our end users are receiving the following dialog box in Outlook which refers to an incorrect internal domain name (domain.internal).

No dialog box is received if using Outlook Anywhere.

Outlook Security Alert

Clicking on View Certificate shows the correctly installed SSL certificate using an internet domain name (domain.org.au).

View Certificate

Exchange Management Console

Does the internal domain name need to be added to the SSL certificate? If so, how? Or is there another fix?

Ash
  • 448
  • 2
  • 9
  • 31

1 Answers1

2

So clients within your network resolve your exchange server as exchsvr.internal via AD dns WHICH DOES NOT match the name on your certificate. The cert works for clients outside your network because the DNS name they use DOES match the certificate. You will have to convince your internal clients that they are connecting to your server as extdomain.org.au its been a while for me in exchange management but... I believe there are two ways of doing it.

  1. have the external domain name resolve internally to its internal address. Do this by creating an internal zone. <- if you dont have experience with dns, setting up forwarders or domain transfers you may not want to do this

  2. Have your internal clients connect to the externally resolvable address of domain.org.au. You will have to use Exchange management console for that... and essentially what it does is tell your active directory attached machines that the server they want to auto connect to is no longer domain.internal I found the below here but do more homework before making such changes.

    Set-ClientAccessServer -Identity exchange -AutodiscoverServiceInternalUri https://webmail.company.net/autodiscover/autodiscover.xml 

Set-WebServicesVirtualDirectory -Identity "exchange\EWS (Default Web Site)" -InternalUrl https://webmail.company.net/ews/exchange.asmx

Set-OABVirtualDirectory -Identity "exchange\oab (Default Web Site)" -InternalUrl https://webmail.company.net/oab

This last command is not required on Exchange 2010:

    Set-UMVirtualDirectory -Identity "exchange\unifiedmessaging (Default Web Site)" -InternalUrl https://webmail.company.net/unifiedmessaging/service.asmx

You can use the "get" version of the commands, for example get-ClientAccessServer -Identity exchange to see what the current setting is, and make a note of it first.

Depending on the configuration of our network, even if they use the external address it is not likely that the traffic would go out past your gateway, meaning it should not interfere with external internet speeds.

MaCuban
  • 94
  • 1
  • 1
  • 6
  • Thanks for your help. I executed the Set-ClientAccessServer command for autodiscover. WebServicesVirtualDirectory and OABVirtualDirectory Internal Url and External Url appear to be set correctly already when running their respective Get commands. Any further ideas? – Ash May 18 '14 at 23:29