Wednesday, February 22, 2012 3:28 PM
I'm trying to get mailtips working in our Exchange 2010 environment.
There is a reverse proxy running TMG 2010 which handles external OWA requests. It has a SAN certificate installed on it from Digicert. The certificate includes mail.domain.com, autodiscover.domain.com and legacy.domain.com.
An internal Exchange 2010 server, ex2010.domain.com, has all the roles (MB+CAS+HT) installed. It has a certificate for ex2010 and ex2010.domain.com installed on it.
I did the following to get mailtips to work:
Set-ClientAccessServer -Identity EX2010 -AutodiscoverServiceInternalUri https://mail.domain.com/autodiscover/autodiscover.xml
Set-OABVirtualDirectory -Identity "EX2010\oab (Default Web Site)" -InternalUrl https://mail.domain.com/oab
Create a entry in the Internal DNS for autodiscover.domain.com with the same IP address as EX2010.domain.com
Unfortunately, after this was done, I started getting security alert prompts warning that "The name on the security certificate in invalid or does not match the name of the site." This happens since the certificate used internally has EX2010 and not mail.domain.com.
How do I fix this? The certificate for mail.domain.com is only on the reverse proxy in the DMZ and not the internal Exchange server, and the documentation I have read indicates that this is how it is supposed to be.
Wednesday, February 22, 2012 3:39 PMDid you check these articles?
Wednesday, February 22, 2012 3:44 PM
Below link would help you
add the internal server name in SAN certificate and copy the certificate to internal server & enable it.
Wednesday, February 22, 2012 5:12 PM
That is the article I used to get mailtips working. However, it also created the problem with the security certificate error because we use a reverse proxy server.
I don't think the recommendation "add the internal server name in SAN certificate and copy the certificate to internal server & enable it" applies to our environment. The SAN certificate is from Digicert and does not expose internal server names to external users since a reverse proxy is used.
Wednesday, February 22, 2012 5:22 PM
Add DNS record for mail.domain.com.
Another issue you may have is make sure you have EWS, OAB and others added to your TMG rule.
Thursday, February 23, 2012 12:19 PM
Mailtips has started working, although somewhat mysteriously.
I had deleted the DNS entry for autodiscover.domain.com after the security prompts related to the certifcate started appearing.
Later, I re-created the DNS entry (same as before). The security prompts did NOT re-appear and mailtips starting working on one PC, but not 2 others that was used for testing.
One night passed, and this morning mailtips is working fine with Outlook 2010 on all the test PC's and I'm not receiving any certificate related prompts.
- Marked As Answer by Simon_WuMicrosoft Contingent Staff, Moderator Friday, February 24, 2012 8:12 AM
Thursday, February 23, 2012 1:24 PM