none
The name of the security certificate is invalid or does not match the name of the site

    السؤال

  • We are running on Exchange 2007 SP1.

    Our initial setup had all the roles Hub Transport, CAS & MB running on the same server. (server1.domain.local)

    We recently setup a new server (server2.domain.local) to load balance the Hub Transport & CAS roles. both these roles are enabled on the both the servers

    server1.domain.local

    server2.domain.local

    whilst installing the new server we had to import the certificate from the old server. the principle name on the certificate is email.domain.com

    Now all outlook clients connecting to the servers are getting the error:

    "there is a problem with the proxy server's security certificate. The name on the security certificate is invalid or does not match the name of the target site server1.domain.local.Outlook is unable to connect to the proxy server. (ErrorCode 0)."

    i googled & found this article id: 940726: http://support.microsoft.com/kb/940726

    i also ran the Test E-mail Autoconfiguration on my Outlook & found

    Availabilty Service URL: https://server2.domain.local/EWS/Exchange.asmx

    Please advise if i need to change this URL to https://server1.domain.local/EWS/Exchange.asmx or https://email.domain.com/EWS/Exchange.asmx to ensure the users do not get this certificate security pop-up.

    If so, how do I make this change.

    Thank You.

    philip

    17/جمادى الأولى/1433 06:54 ص

الإجابات

جميع الردود

  • We are running on Exchange 2007 SP1.

    Our initial setup had all the roles Hub Transport, CAS & MB running on the same server. (server1.domain.local)

    We recently setup a new server (server2.domain.local) to load balance the Hub Transport & CAS roles. both these roles are enabled on the both the servers

    server1.domain.local

    server2.domain.local

    whilst installing the new server we had to import the certificate from the old server. the principle name on the certificate is email.domain.com

    Now all outlook clients connecting to the servers are getting the error:

    "there is a problem with the proxy server's security certificate. The name on the security certificate is invalid or does not match the name of the target site server1.domain.local.Outlook is unable to connect to the proxy server. (ErrorCode 0)."

    i googled & found this article id: 940726: http://support.microsoft.com/kb/940726

    i also ran the Test E-mail Autoconfiguration on my Outlook & found

    Availabilty Service URL: https://server2.domain.local/EWS/Exchange.asmx

    Please advise if i need to change this URL to https://server1.domain.local/EWS/Exchange.asmx or https://email.domain.com/EWS/Exchange.asmx to ensure the users do not get this certificate security pop-up.

    If so, how do I make this change.

    Thank You.

    philip

    17/جمادى الأولى/1433 06:54 ص
  • Hi,

    This article solving your problems,

    http://exchange.sembee.info/2007/install/singlenamessl.asp

    • تم الاقتراح كإجابة بواسطة Selcuk ARSLAN 17/جمادى الأولى/1433 12:08 م
    17/جمادى الأولى/1433 12:08 م
  • You need to setup both servers services to respond to the same name and load balance between your two HUB/CAS boxes.

    Set-OabVirtualDirectory -InternalURL <URL> -ExternalURL <URL>

    Set-OWAVirtualDirectory -InternalURL <URL> -ExternalURL <URL>

    Set-ECPVirtualDirectory -InternalURL <URL> -ExternalURL <URL>

    Set-WebServicesVirtualDirectory -InternalURL <URL> -ExternalURL <URL>

    Set-AutoDiscoverVirtualDirectory -ExternalURL <URL>

    What is happening is, people are hitting the autodiscover of your new CAS box, autodiscover is returning the defaults (which is the server name) and the certificate you imported does not match.  If you are using the same hostname internal and external, use it for both URLs for each service.

    17/جمادى الأولى/1433 01:12 م
  • The ideal solution would be to have a Unified Communications certificate with both server names listed. Although unless you have a load balancer in place you will not get load balancing with DNS alone.

    Also be aware that Exchange 2007 SP1 is no longer supported. You should be on Exchange 2007 SP3 with the latest rollup.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.

    17/جمادى الأولى/1433 02:51 م