none
Outlook Client - The name on the certificate does not match the name of the server... error RRS feed

  • Question

  • I have 1 client who is receiving the coomon error messgae that the certificate name does not match the server. This is strange since all other clients are connecting with no certificate error messages. This user was using a dual profile setup but in the troubleshooting of this issue, we removed the second profile and are only running the 1 profile that produces this error.

    The user is logging into a workstation that is in the domain in which the Exchange server resides and when running through the auto configuration of the exchange client, it finds his user id and auto fills all of the connection info needed. As mentioned, this is 1 user getting this error.

    I appreciate any help.

    Thank You.

    J.T.


    JT

    Thursday, May 17, 2012 2:52 PM

All replies

  • You should be able to view the certificate to see if it is the correct one. Once you have the address on the SSL certificate you can identify what the issue is - for example DNS related, trust related etc.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.

    Thursday, May 17, 2012 3:02 PM
  • The names are different. The internal server name is mail.domain.lcl and the certificate is mail.outsidename.com. However, my understanding is that when you use autodiscover, it uses what is in the autodiscover.xml which is the internal address, correct? not sure why 1 user is getting this.

    JT

    Thursday, May 17, 2012 3:06 PM
  • Internally, autodiscover will use the name that is specified on the server as part of get-clientaccessserver for the value of AutodiscoverServiceInternalURI.

    Are you not using a Unified Communications certificate then? That would have both the internal and external names on it. Furthermore I would expect the issue to affect all users if it was your internal SSL certificate that was causing the problem.

    If you are using a single name SSL certificate then you will have to configure a split DNS system that allows the external name on the certificate to resolve internally, then change anything to use that name inside as well.

    http://exchange.sembee.info/2007/install/singlenamessl.asp

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.

    Thursday, May 17, 2012 3:10 PM
  • I am not using a Unified Communications certificate. I have ONLY a SSL single name certificate for the OWA interface.

    JT

    Thursday, May 17, 2012 6:30 PM
  • In that case you have to follow the instructions I have provided above. SSL is not just for OWA in Exchange 2007 and higher.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.

    Thursday, May 17, 2012 9:43 PM
  • Hi,

    I understand that only one outlook client user has certificate related issue, is that ture?

    What is the url for autodiscover when you run test e-mailautoconfiguration, it connect to https://mail.domain.lcl/autodiscover/autodiscover.xml or https://mail.outsidename.com/autodiscover/autodiscover.xml

    If it connect to https://mail.domain.lcl/autodiscover/autodiscover.xml, then we need mail.domian.lcl to be included certificate.

    Besides, you can run MMC with certificate snap-in to check the certificate that this client computer has installed.


    Xiu Zhang

    TechNet Community Support

    Friday, May 18, 2012 7:44 AM