Outlook 2007 Security Alert

[HWhite]

I recently installed SBS2008 in a new installation. My local server name and
domain is server.domain.local. The public name is server.domain.com. I paid
for a cert with GoDaddy for the name server.domain.com and installed
properly. My OWA and other public addresses work fine with the cert. No
errors. However, when opening Outlook, my internal Outlook 2007 clients are
giving a Security Alert stating "The name of the security certificate is
invalid or does not match the name of the site". Viewing the cert lists
server.domain.com.

I've tried installing the cert using the automatic option, as well as
manually installing it into the Trusted Root Certificate Authorities.
Neither have worked. The error still pops up when opening Outlook 2007.
Clicking Yes makes the error go away, but it just pops up again next time
Outlook is opened.

The platforms Outlook 2007 are installed on are XP Pro computers (fully
patched), and a 2008 Terminal Server (fully patched).

Hopefully I provided enough information. How can I resolve this annoying
issue?

Thanks for your time.

 

[Diane Poremsky [MVP]]

What is the name of the server they have configured in the profile outlook?
if they are using the local server name and not the public name, they will
get the certificate error message. They need to use the external name
internally.

--
Diane Poremsky [MVP - Outlook]



Outlook Tips by email:
mailto:[email protected]

EMO - a weekly newsletter about Outlook and Exchange:
mailto:[email protected]

Let's Really Fix Outlook 2010
http://forums.slipstick.com/forumdisplay.php?f=34

 

[HWhite]

hmmm... just so I'm clear... I need to type in server.domain.com in the
Microsoft Exchange Server box now, where I only used to have to type in the
netbios name of the mail server in the domain?

I just tried doing that, but it doesn't like it. It keeps reverting to the
local address. Do I need to set up Outlook Anywhere for this to work?

Thanks.

What is the name of the server they have configured in the profile outlook?
if they are using the local server name and not the public name, they will
get the certificate error message. They need to use the external name
internally.

--
Diane Poremsky [MVP - Outlook]



Outlook Tips by email:
mailto:[email protected]

EMO - a weekly newsletter about Outlook and Exchange:
mailto:[email protected]

Let's Really Fix Outlook 2010
http://forums.slipstick.com/forumdisplay.php?f=34

I recently installed SBS2008 in a new installation. My local server name
and
domain is server.domain.local. The public name is server.domain.com. I
paid
for a cert with GoDaddy for the name server.domain.com and installed
properly. My OWA and other public addresses work fine with the cert. No
errors. However, when opening Outlook, my internal Outlook 2007 clients
are
giving a Security Alert stating "The name of the security certificate is
invalid or does not match the name of the site". Viewing the cert lists
server.domain.com.

I've tried installing the cert using the automatic option, as well as
manually installing it into the Trusted Root Certificate Authorities.
Neither have worked. The error still pops up when opening Outlook 2007.
Clicking Yes makes the error go away, but it just pops up again next time
Outlook is opened.

The platforms Outlook 2007 are installed on are XP Pro computers (fully
patched), and a 2008 Terminal Server (fully patched).

Hopefully I provided enough information. How can I resolve this annoying
issue?

Thanks for your time.

 

[jacobmetro]

Check out this KB.

You need to configure your mail server to supply FQDN of the cert you
purchased from GoDaddy to the Outlook clients.

As far as the revert goes, this is a throw back to Exchange 5.5 where
the internal NetBIOS name of the server is more important than the DNS
name.

http://support.microsoft.com/?kbid=940726

Following KB940726 will solve your client's problems.

Jacob

 

[jacobmetro]

http://support.microsoft.com/?kbid=940726

 

[HWhite]

Thanks for the link. Just as a follow up, today I got a refund on my single
name cert and purchased a UCC cert. I installed it and got it configured
properly so the cert contains both my .local and my .com addresses. My OWA
and other things work fine.

In following the instructions on the link you provided, both before and
after replacing the cert, I got an error at the same spots...

this command works fine... Set-ClientAccessServer -Identity
SERVER-AutodiscoverServiceInternalUri
https://SERVER.PUBLICDOMAIN.com/autodiscover/autodiscover.xml

this command... Set-WebServicesVirtualDirectory -Identity "SERVER\EWS
(Default Web Site)" -InternalUrl
https://SERVER.PUBLICDOMAIN.com/ews/exchange.asmx

produces the following error...
Set-WebServicesVirtualDirectory : The operation could not be performed
because object 'SERVER\EWS (Default Web Site)' could not be found on domain
controller 'SERVER.LOCALDOMAIN.local'.
At line:1 char:32
+ Set-WebServicesVirtualDirectory <<<< -Identity "SERVER\EWS (Default Web
Site)" -InternalUrl https://SERVER.PUBLICDOMAIN.com/ews/exchange.asmx

this command... Set-OABVirtualDirectory -Identity "SERVER\oab (Default Web
Site)" -InternalUrl https://SERVER.PUBLICDOMAIN.com/oab

produces the following error...
Set-OabVirtualDirectory : The operation could not be performed because
object 'SERVER\oab (Default Web Site)' could not be found on domain
controller 'SERVER.LOCALDOMAIN.local'.
At line:1 char:24
+ Set-OABVirtualDirectory <<<< -Identity "SERVER\oab (Default Web Site)"
-InternalUrl https://SERVER.PUBLICDOMAIN.com/oab

I didn't do the last entry because I'm not using unified messaging at this
point.


So, I'm lost. I thought for sure since I got the local server address on
the cert that things would be much easier. And it probably is something
simple I'm missing, but I'm going crosseyed dealing with this.

Thanks for any additional help you can offer.