Sign in
 
HomeOnline20132010Other VersionsLibraryForumsGalleryEHLO Blog
TechCenter >
Security alert

Answered Security alert

  • Saturday, May 12, 2012 6:51 PM
     
     
    Sign In to Vote
    0

    Hi All,

    I have recently moved many mailboxes to Exchange 2010 - However have a further problem. When outlook is loaded (all users are on Outlook 2010) it loads fine, but then I get popups saying 'Security Alert' and at the moment I'm getting 3 of them - There are 3 Client Access Servers running in a CAS array using the DNS 'Round Robin' method. The name of the array is 'casarray.domain.local'

    The alerts I get are soon after outlook is loaded I get an alert for 'exchangesvr1.domain.local', 'exchangeserver2.domain.local', 'exchangeserver3.domain.local' and 'casarray.domain.local'

    The alert says; that the certificate is from a trusted certifying authority, the security certificate date is valid.

    But says that The name on the security certificate is invalid or does not match the name of the site - The name on the certificate when I click 'view certificate' is 'mail.domain.com'

    I have a SSL certificate enabled for my external access (paid for SSL cert) that is for 'mail.domain.com'

    Any and all help would be gratefully recieved!

    James


    • Edited by severniae Saturday, May 12, 2012 6:54 PM
    •  
     

All Replies

  • Saturday, May 12, 2012 7:00 PM
     
     
    Sign In to Vote
    0

    your issue is that name on cert ends w/ .com, but you internal name ends w/ .local

    try:

    Set-OWAVirtualDirectory –Identity "CASServerNAME\OWA (default web site)" -ExternalURL https://webmail.company.com

    Set-OWAVirtualDirectory –Identity "CASServerNAME\OWA (default web site)" -InternalURL https://webmail.company.com

    Change name in bold and website to accomodate your .com site

    do  the same for ECP, OAB, ActiveSync and EWS



    • Edited by Halo-NEXT Saturday, May 12, 2012 7:05 PM
    • Edited by Halo-NEXT Saturday, May 12, 2012 7:06 PM
    •  
     
  • Saturday, May 12, 2012 7:15 PM
     
     
    Sign In to Vote
    0

    So do you mean instead of setting the internal machine names for the internalurl - to use the same externalurl as is on the certificate? I don't have NAT loopback enabled so these links probably wouldn't work, as they would go out of the same connection and then back in on themselves...... Is there another workaround?

    Thanks for the response!

     
  • Saturday, May 12, 2012 7:18 PM
     
     Answered
    Sign In to Vote
    0

    you can do split-brain dns

    the idea is to match .com on your cert with the dns name. It needs to be .com instead of .local


    • Edited by Halo-NEXT Saturday, May 12, 2012 7:19 PM
    • Marked As Answer by severniae Saturday, May 12, 2012 9:39 PM
    •  
     
  • Saturday, May 12, 2012 7:25 PM
     
     
    Sign In to Vote
    0

    Sorry I'm not quite sure what you mean! I'm guessing it means doing something with my internal DNS server?

     
  • Saturday, May 12, 2012 7:49 PM
     
     
    Sign In to Vote
    0
    http://www.itgeared.com/articles/1020-what-is-split-brain-split-horizon-or/