locked
Certificate issue with Exchange 2010 server with mulitple locations RRS feed

  • Question

  • I have two offices with Exchange 2010 servers. Our Boston location is the main exchange server that hosts the public webmail address. The office in Georgia connects to the Boston server but gets certificate errors while in the Georgia office. I have purchased and installed a certificate with GoDaddy on the server but the certificate error issued to *.opendns.com and issued by Equifax Secure Certificate Authority. This error message comes up on both PCs and Macs. Any help would be greatly appreciated. Chris
    Wednesday, December 7, 2011 8:10 PM

Answers

  • If you are using the external name internally then you will need a split DNS system so the external DNS name resolves to the internal IP address. Most firewalls will not allow traffic to go back out and then come back in again.
    Furthermore the clients in that second office will need to use a DNS host that you control, if you want to use OpenDNS then that should be configured via your domain controllers.

    I have written about split DNS here:

    http://exchange.sembee.info/network/split-dns.asp

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.
    • Proposed as answer by Terence Yu Friday, December 9, 2011 12:29 AM
    • Marked as answer by Terence Yu Friday, December 16, 2011 8:18 AM
    Thursday, December 8, 2011 6:18 PM

All replies

  • Can you confirm if this is happening internally or externally, with Outlook or OWA access? It isn't clear from your question and it makes a difference to the response.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.
    Thursday, December 8, 2011 9:51 AM
  • It only happens with Outlook internally.  I have tested going to https://servername.corp.companyname.com/owa internally and the correct certificate shows up with no errors. Externally everybody for Outlook Anywhere and OWA point to our Boston server to receive email at https://webmail.companyname.com .

    Thursday, December 8, 2011 1:29 PM
  • If you are using the external name internally then you will need a split DNS system so the external DNS name resolves to the internal IP address. Most firewalls will not allow traffic to go back out and then come back in again.
    Furthermore the clients in that second office will need to use a DNS host that you control, if you want to use OpenDNS then that should be configured via your domain controllers.

    I have written about split DNS here:

    http://exchange.sembee.info/network/split-dns.asp

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.
    • Proposed as answer by Terence Yu Friday, December 9, 2011 12:29 AM
    • Marked as answer by Terence Yu Friday, December 16, 2011 8:18 AM
    Thursday, December 8, 2011 6:18 PM
  • Hi
       Do you have anything to update your issue ?

    Terence Yu

    TechNet Community Support

    Friday, December 16, 2011 8:19 AM
  • I am facing the same proplem with Outlook anywhere clients. when the Outlook anywhere clients tries to launch the profile they are getting an certificate error from the Issued to name "*.opendns.com" . I have No clue from where its coming up.

    Sam

    Exchange ADMIN.

    Friday, February 3, 2012 2:34 AM
  • I am facing the same proplem with Outlook anywhere clients. when the Outlook anywhere clients tries to launch the profile they are getting an certificate error from the Issued to name "*.opendns.com" . I have No clue from where its coming up.

    Sam

    Exchange ADMIN.


    Ask your question fresh.
    However you must be using open DNS somewhere on your network and have name resolution issues.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.
    Friday, February 3, 2012 12:57 PM