none
Certificate errors while configuring mailtips and autodiscover

    Question

  • I'm trying to get mailtips working in our Exchange 2010 environment.

    There is a reverse proxy running TMG 2010 which handles external OWA requests. It has a SAN certificate installed on it from Digicert. The certificate includes mail.domain.com, autodiscover.domain.com and legacy.domain.com.

    An internal Exchange 2010 server, ex2010.domain.com, has all the roles (MB+CAS+HT) installed. It has a certificate for ex2010 and ex2010.domain.com installed on it.

    I did the following to get mailtips to work:

    Set-ClientAccessServer -Identity EX2010 -AutodiscoverServiceInternalUri https://mail.domain.com/autodiscover/autodiscover.xml

    Set-WebServicesVirtualDirectory -Identity "EX2010\EWS (Default Web Site)" -InternalUrl https://mail.domain.com/ews/exchange.asmx.com/autodiscover/autodiscover.xml

    Set-OABVirtualDirectory -Identity "EX2010\oab (Default Web Site)" -InternalUrl https://mail.domain.com/oab

    Create a entry in the Internal DNS for autodiscover.domain.com with the same IP address as EX2010.domain.com

    Unfortunately, after this was done, I started getting security alert prompts warning that "The name on the security certificate in invalid or does not match the name of the site." This happens since the certificate used internally has EX2010 and not mail.domain.com.

    How do I fix this? The certificate for mail.domain.com is only on the reverse proxy in the DMZ and not the internal Exchange server, and the documentation I have read indicates that this is how it is supposed to be. 



    • Edited by ShamanTT Wednesday, February 22, 2012 3:30 PM
    Wednesday, February 22, 2012 3:28 PM

Answers

  • Mailtips has started working, although somewhat mysteriously.

    I had deleted the DNS entry for autodiscover.domain.com after the security prompts related to the certifcate started appearing.

    Later, I re-created the DNS entry (same as before). The security prompts did NOT re-appear and mailtips starting working on one PC, but not 2 others that was used for testing.

    One night passed, and this morning mailtips is working fine with Outlook 2010 on all the test PC's and I'm not receiving any certificate related prompts.

    Thursday, February 23, 2012 12:19 PM

All replies