name of the security certificate is invalid

[guest]

One of our clients has Exchange 2010 on Windows 2008. When opening Outlook 2007, they receive the following security warning:
The name of the security certificate is invalid or does not match the name of the site. I found this article: support.microsoft.com/kb/940726 Security warning when you start Outlook 2007 and then connect to a mailbox that is hosted on a server that is running Exchange Server 2007 or Exchange Server 2010: "The name of the security certificate is invalid or does not match the name of the site".

When I run this command: Set-ClientAccessServer -Identity <var>CAS_Server_Name</var> -AutodiscoverServiceInternalUri https://<var>mail</var>.contoso.com/autodiscover/autodiscover.xml

should I replace CAS_Server_Name with the Excahnge servername, for example, mailserver?

The server FQDN is mailserver.domain.local and the Internet DNS is mail.domain.com, should I replace https://mail.contoso.com with the Internet DNS name mail.domain.com? Right?

Can I just remove the self issued certificate and re-create another one?

Is there any way to do that command "Set-ClientAccessServer -Identity <var>CAS_Server_Name</var> -AutodiscoverServiceInternalUri https://<var>mail</var>.contoso.com/autodiscover/autodiscover.xml" using GUI?

[guest]

To troubleshoot the issue, please help me to collect the following information:



1. Please send me a screenshot of the error.

2. Please collect the autodiscover test result on a problematic client as the following:

===========

1. In Outlook 2007, hold Ctrl key and right click the Outlook icon in the system tray.

2. Select Test E-mail AutoConfiguration.

3. Only select Use AutoDiscover and click Test.

4. Please capture screenshots of the "result" and "log" and send it to me.



3. Please run the following cmdlet in EMS on the server:



Get-ExchangeCertificate | fl > c:\cert.txt



Please send the output file to me.



Regarding you questions, you should replace mail.contoso.com to match the domain name on the certificate.



With self issued certificate, yes, we can remove the old one and recreate a new one. For more information, please refer to the following article:



Understanding the Self-Signed Certificate in Exchange 2007

http://technet.microsoft.com/en-us/libr ... 80%29.aspx



Regarding Set-ClientAccessServer via GUI, no. It is not possible.

[guest]

I received your files. I found that the issue occurs because x.xx.org that Outlook tries to access via autodiscover service is not included in the domain name of the certificate.

AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR

ule, System.Security.AccessControl.CryptoKeyAccessRule}

CertificateDomains : {srvr, srvr.xx.local}

HasPrivateKey : True

IsSelfSigned : True

Issuer : CN=srvr

NotAfter : 10/11/2015 5:29:09 PM

NotBefore : 10/11/2010 5:29:09 PM

PublicKeySize : 2048

RootCAType : None

SerialNumber : 146DA5D3CA9EEA874A2A8B7FDD674BBF

Services : IMAP, POP, IIS, SMTP

Status : Valid

Subject : CN=srvr

Thumbprint : 1C73BACDB201303E639F9424A904114D4173B404

To resolve the issue, please run the following cmdlets in EMS on the Exchange 2010 CAS server to change the web services URLs:

Set-WebServicesVirtualDirectory "EWS (Default Web Site)" -InternalUrl https://srvr.xx.local/ews/exchange.asmx
Set-OABVirtualDirectory "OAB (Default Web Site)" -InternalUrl https://srvr.xx.local/oab

After that, please restart IIS service on the CAS server. Then, please restart Outlook client to verify the issue.

Regarding the UMVirtualDirectory error, it is fine as Exchange 2010 server no longer implements it.

[guest]

After running

Set-WebServicesVirtualDirectory "EWS (Default Web Site)" -InternalUrl https://srvr.xx.local/ews/exchange.asmx

Set-OABVirtualDirectory "OAB (Default Web Site)" -InternalUrl https://srvr.xx.local/oab

we still receive the sam ealert. I did more reseach and this command fix it.

Set-ClientAccessServer -Identity servername.domain.org -AutodiscoverServiceInternalUri https://mail.domainname.org/autodiscove ... scover.xml

[blin]

Here is teh another fix: The name on the security certificate is invalided or does not match the name of the site - http://www.chicagotech.net/exchange/autodisverissue.htm. Make sure you use external domain name, for example Set-WebServicesVirtualDirectory "EWS (Default Web Site)" -InternalUrl https://mail.domain.org/ews/exchange.asmx

[blin]

Q: I followed your instruction and fix some computers. However, other computers don't work. Why?

A: In the problematic computer, uncheck Use Cached Excahneg mode and try it.

[blin]

Based on my experience, the KB 940726 (http://support.microsoft.com/kb/940726) helps us to solve this issue in most cases. I suggest that you carefully read the article and suggest your client to follow it one by one.

For more information about certificate, please refer to below article.
http://technet.microsoft.com/en-us/libr ... v=exchg.80).aspx

Also, please read “Autodiscover and Certificates” in below article.
http://technet.microsoft.com/en-us/libr ... 3(EXCHG.80).aspx

[chicagotech]

That could be autodiscover issue. Please refer to this page for more details:
The name on the security certificate is invalided or does not match ...The name on the security certificate is invalided or does not match the name of
the site. We are running Exchange 2010 on Windows 2008. The Outlook 2007 or ...
www.chicagotech.net/exchange/autodisverissue.htm