Removing the Security Alert Outlook pops up for internal network domain clients - Remove security?

Question

I have several Outlook clients on the internal network pointing to the internal DNS name of the Exchange 2010 SP1 R2 server.

The name we're using is exchange2.example.local.

Since new guidelines have been adopted, CAs will no longer issue SSL certificates for domains in the TLD .local. This means that I can no longer get a working SSL certificate for this hostname, and the Outlook clients are frequently popping up a Security Alert Popup.

Is there any way to keep Outlook from requiring and verifying a certificate to get mail from Exchange for internal clients that are on the same network as the Exchange server? I don't need this extra layer of security anyways, since all of the clients are protected by the internal network security layers.

score 1 · Answer 1 · answered Dec 05 '14 at 00:00

1

Can you renew the selfcertificate that exchange create when you install it ?

After that install it locally it each computer.

answered Dec 05 '14 at 00:00

yagmoth555

16,300
4
26
48

I think I could do that, but the problem is that this server hosts inside and outside email use. If I use the self signed certificate it has only the local exchange server name/DNS on it and will stop popups for the inside people only. If I use the Godaddy certificate it works for all external devices (no popups) or anyone else using OWA etc.. pointing at the external url for mail, but the inside devices all then get popups because they are looking for the internal exchange domain name. THERE A WAY TO TURN OFF SECURITY AND/OR CERTIFICATE NEEDS FOR INSIDE MAIL TRAFFIC BETWEEN OUTLOOK & EXCH? – OrthoNetAdmin Dec 05 '14 at 15:22

score 0 · Answer 2 · answered Dec 05 '14 at 16:21

Try the step listen there with your godaddy certificate; The Name on the security certificate is invalid or does not match the name of the site - PART 2

In resume;

Get-ClientAccessServer -Identity exchange2 | FL

and validate the URL, make them fit the external URL;

Set-ClientAccessServer -Identity "mbx1" –AutodiscoverServiceInternalURI https://nlb.nwtraders.msft/autodiscover/autodiscover.xml



Set-WebServicesVirtualDirectory -Identity "mbx1\EWS (Default Web Site)" –InternalUrl  https://nlb.nwtraders.msft/EWS/Exchange.asmx



Set-OABVirtualDirectory -Identity “mbx1\OAB (Default Web Site)” -InternalURL https://nlb.nwtraders.msft/OAB



Enable-OutlookAnywhere -Server mbx1 -ExternalHostname “nlb.nwtraders.msft” -ClientAuthenticationMethod “NTLM”



Set-ActiveSyncVirtualDirectory -Identity “mbx1\Microsoft-Server-ActiveSync (Default Web Site)” -InternalURL https://nlb.nwtraders.msft/Microsoft-Server-Activesync

I didnt change the value there, but you can guess the step.

You might need a split-DNS setup to make the name resolve to an internal IP

Removing the Security Alert Outlook pops up for internal network domain clients - Remove security?

2 Answers2