locked
We dont own our internal domain name RRS feed

  • Question

  • Our internal domain is owned by someone else and they aren't selling.  I've purchased a UNC cert for the external domain but the issue I'm facing is, when we open up outlook we get an alert, "The name on the security certificate is invaild or does not match the name of the site."

     

    I need this to go away, does anyone have a fix?

    Friday, September 3, 2010 2:48 PM

Answers

  • On your internal DNS servers, create a DNS zone for your external namespace.  Create A records in that zone that point to the internal IP of your CAS server (or CAS Array).  Change the internal URLs for the CAS services to the external namespace FQDN, this should be the same thing you have configured for the External URLs already.  As far as the CAS array FQDN goes, it can be whatever.  It does not need to be in the certificate.  CAS Arrays are for RPC client access only.
    Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com
    • Proposed as answer by TWHarrington Tuesday, September 7, 2010 3:51 PM
    • Marked as answer by Xiu Zhang Wednesday, September 8, 2010 9:23 AM
    Friday, September 3, 2010 6:06 PM
  • Hi,

    Please refer to the article below to modify the internal url for Autodiscover, EWS,OAB etc.

    Security warning when you start Outlook 2007 and then connect to a mailbox that is hosted on a server that is running Exchange Server 2007 or Exchange Server 2010: "The name of the security certificate is invalid or does not match the name of the site"

    http://support.microsoft.com/kb/940726

    Regards,

    Xiu

    • Proposed as answer by Xiu Zhang Monday, September 6, 2010 7:45 AM
    • Marked as answer by Xiu Zhang Wednesday, September 8, 2010 9:23 AM
    Monday, September 6, 2010 7:45 AM

All replies

  • You need to reconfigure all of your CAS services URLs to match the external domain namespace.  Configure split-brain DNS so that you can resolve external namespace to internal IPs while you are inside of your network.  Just match your Internal URLs to your external URLs configured today.
    Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com
    Friday, September 3, 2010 3:04 PM
  • To be clear you're saying, I should create A records in my external dns zone, (on the internal dns server) for my casarray name/mail server names and then change the autodiscover to point to the external zone as well as oab, free busy, etc...?
    Friday, September 3, 2010 4:40 PM
  • would this also include the cas array?
    Friday, September 3, 2010 4:47 PM
  • On your internal DNS servers, create a DNS zone for your external namespace.  Create A records in that zone that point to the internal IP of your CAS server (or CAS Array).  Change the internal URLs for the CAS services to the external namespace FQDN, this should be the same thing you have configured for the External URLs already.  As far as the CAS array FQDN goes, it can be whatever.  It does not need to be in the certificate.  CAS Arrays are for RPC client access only.
    Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com
    • Proposed as answer by TWHarrington Tuesday, September 7, 2010 3:51 PM
    • Marked as answer by Xiu Zhang Wednesday, September 8, 2010 9:23 AM
    Friday, September 3, 2010 6:06 PM
  • Hi,

    Please refer to the article below to modify the internal url for Autodiscover, EWS,OAB etc.

    Security warning when you start Outlook 2007 and then connect to a mailbox that is hosted on a server that is running Exchange Server 2007 or Exchange Server 2010: "The name of the security certificate is invalid or does not match the name of the site"

    http://support.microsoft.com/kb/940726

    Regards,

    Xiu

    • Proposed as answer by Xiu Zhang Monday, September 6, 2010 7:45 AM
    • Marked as answer by Xiu Zhang Wednesday, September 8, 2010 9:23 AM
    Monday, September 6, 2010 7:45 AM
  • That's everyone for you're input, it's working correctly now. :)
    Tuesday, September 7, 2010 3:43 PM