Saturday, May 12, 2012 6:51 PM
I have recently moved many mailboxes to Exchange 2010 - However have a further problem. When outlook is loaded (all users are on Outlook 2010) it loads fine, but then I get popups saying 'Security Alert' and at the moment I'm getting 3 of them - There are 3 Client Access Servers running in a CAS array using the DNS 'Round Robin' method. The name of the array is 'casarray.domain.local'
The alerts I get are soon after outlook is loaded I get an alert for 'exchangesvr1.domain.local', 'exchangeserver2.domain.local', 'exchangeserver3.domain.local' and 'casarray.domain.local'
The alert says; that the certificate is from a trusted certifying authority, the security certificate date is valid.
But says that The name on the security certificate is invalid or does not match the name of the site - The name on the certificate when I click 'view certificate' is 'mail.domain.com'
I have a SSL certificate enabled for my external access (paid for SSL cert) that is for 'mail.domain.com'
Any and all help would be gratefully recieved!
- Edited by severniae Saturday, May 12, 2012 6:54 PM
Saturday, May 12, 2012 7:00 PM
your issue is that name on cert ends w/ .com, but you internal name ends w/ .local
Set-OWAVirtualDirectory –Identity "CASServerNAME\OWA (default web site)" -ExternalURL https://webmail.company.com
Set-OWAVirtualDirectory –Identity "CASServerNAME\OWA (default web site)" -InternalURL https://webmail.company.com
Change name in bold and website to accomodate your .com site
do the same for ECP, OAB, ActiveSync and EWS
Saturday, May 12, 2012 7:15 PM
So do you mean instead of setting the internal machine names for the internalurl - to use the same externalurl as is on the certificate? I don't have NAT loopback enabled so these links probably wouldn't work, as they would go out of the same connection and then back in on themselves...... Is there another workaround?
Thanks for the response!
Saturday, May 12, 2012 7:18 PM
you can do split-brain dns
the idea is to match .com on your cert with the dns name. It needs to be .com instead of .local
Saturday, May 12, 2012 7:25 PM
Sorry I'm not quite sure what you mean! I'm guessing it means doing something with my internal DNS server?
Saturday, May 12, 2012 7:49 PM