locked
Changing the FQDN of the UM Settings to Match Certifcate RRS feed

  • Question

  • I have a pair of Exchange 2013 mailbox servers (consolidated CAS/MBX) that are providing UM services: ServerA.domain.local and ServerB.domain.local

    I installed a public certificate (exchange.company.com) on the servers and successfully assigned it to the UM servers, configured each for TLS on UM, and started the services. Then, I configured a cross-forest Lync 2013 system to route to domain.local for voicemail using ExchUMUtil.ps1 which apparently obtains the names of the UM servers automatically.

    Here's the problem: Lync connects to the UM servers, then errors with "The peer certificate does not contain a matching FQDN"; msexchtls-target=ServerA.domain.local

    I know the reason for the error - the certificate and server names don't match. The question is how do I change the FQDN of the UM services to use the public names that are on the the certificate? Outlook Anywhere, OWA, and ActiveSync all have a nice little dialog box for changing the DNS names - alas there isn't one for UM that I can find.
    Sunday, May 15, 2016 4:51 AM

Answers

  • Assign the UM and UMCallRouting service to the cert. I typically generate a new specific cert using a trusted internal CA for this cert and set the CN = FQDN of the server.

    Blog:    Twitter:   

    • Proposed as answer by Andy DavidMVP Tuesday, May 17, 2016 10:43 AM
    • Marked as answer by Victor Davis Tuesday, May 17, 2016 10:41 PM
    Sunday, May 15, 2016 11:18 PM

All replies

  • Assign the UM and UMCallRouting service to the cert. I typically generate a new specific cert using a trusted internal CA for this cert and set the CN = FQDN of the server.

    Blog:    Twitter:   

    • Proposed as answer by Andy DavidMVP Tuesday, May 17, 2016 10:43 AM
    • Marked as answer by Victor Davis Tuesday, May 17, 2016 10:41 PM
    Sunday, May 15, 2016 11:18 PM
  • Thanks for the reply.

    I ended up using an internal CA as you recommended. Since the deployment involved two forests, I also had to do a lot of exporting and importing of internal CA root certificates, but in the end everything worked.

    I was just hoping there was a simple way of changing the FQDN of the UM services in order to simplify the deployment, like we do for Outlook Anywhere, etc.

    Cheers


    Victor Davis

    • Proposed as answer by Andy DavidMVP Tuesday, May 17, 2016 10:43 AM
    Tuesday, May 17, 2016 2:30 AM