locked
Always prompted to "Do you want to proceed" security alert w/ Outlook startup RRS feed

  • Question

  • I know it's a certificate problem. I have one certificate installed for use with our OWA, it's for mails.zeropointusa.com website. Well our server is SRVZPDC.zeropoint.net internally, and well, since our internal server name isn't on the issued cert, how to we get a cert for use with the internal name? I'm tired of having to click yes everytime I open Outlook, and all my users have to do that too.

    Microsoft Exchange 2007
    Wednesday, March 10, 2010 1:37 PM

Answers

  • ok so the only problem with creating that request is my cert authority won't create any certs that include domains other than our public domain, zeropointusa.com. It would almost seem like I need two certs installed w/ exchange, one for our external name and one for our internal name.
    You need a ssl cert with multiple Subject Alternatvie Names, i.e. multiple SANs supported certificate, where that ssl will be insalled on the CAS pointed to by your public domain host name"mails.zeropointusa.com" and will contain your private host name (FQDN of CAS) and netbios name of CAS server as SANs.

    Regards,

    Laeeq Qazi|Team Lead(Exchange + Sharepoint + BES + DynamicsCRM) www.HostingController.com
    • Marked as answer by Allen Song Monday, March 22, 2010 9:04 AM
    Wednesday, March 10, 2010 10:19 PM
  • 
    Another alternative is to create a split-brain DNS and host an internal DNS record for your external name internally.
    --
    Ed Crowley MVP
    "There are seldom good technological solutions to behavioral problems."
    .
    "Laeeq Qazi" wrote in message news:8fd37106-2caa-4e80-85ec-8cb75bdba914...
    ok so the only problem with creating that request is my cert authority won't create any certs that include domains other than our public domain, zeropointusa.com. It would almost seem like I need two certs installed w/ exchange, one for our external name and one for our internal name.
    You need a ssl cert with multiple Subject Alternatvie Names, i.e. multiple SANs supported certificate, where that ssl will be insalled on the CAS pointed to by your public domain host name"mails.zeropointusa.com" and will contain your private host name (FQDN of CAS) and netbios name of CAS server as SANs.

    Regards,

    Laeeq Qazi|Team Lead(Exchange + Sharepoint + BES + DynamicsCRM) www.HostingController.com

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    • Marked as answer by Allen Song Monday, March 22, 2010 9:04 AM
    Thursday, March 11, 2010 2:44 AM

All replies

  • Maybe you can create a forward lookup that point the .com adres to the internal ip?
    You might have to change the autodiscover.xml adres of the exchange server though.

    With friendly regards
    Wednesday, March 10, 2010 1:57 PM
  • I know it's a certificate problem. I have one certificate installed for use with our OWA, it's for mails.zeropointusa.com website. Well our server is SRVZPDC.zeropoint.net internally, and well, since our internal server name isn't on the issued cert, how to we get a cert for use with the internal name? I'm tired of having to click yes everytime I open Outlook, and all my users have to do that too.

    Microsoft Exchange 2007
    You will need a new certificate with both internal and external host name of your cas like this

    New-ExchangeCertificate -GenerateRequest -Path c:\mail_Cert.csr -KeySize 2048 -SubjectName "O=My Corporation Inc, OU=Internet Sales, C=US, S=California, L=Los Angeles,cn=mails.zeropointusa.com" -DomainName  mails.zeropointusa.com, SRVZPDC.zeropoint.net,SRVZPDC -PrivateKeyExportable $True

    Plz visit this page for more details:

    Above page is just for information, u can purchase the ssl cert from anywhere.



    Regards,


    Laeeq Qazi|Team Lead(Exchange + Sharepoint + BES + DynamicsCRM) www.HostingController.com
    Wednesday, March 10, 2010 2:02 PM
  • ok so the only problem with creating that request is my cert authority won't create any certs that include domains other than our public domain, zeropointusa.com. It would almost seem like I need two certs installed w/ exchange, one for our external name and one for our internal name.
    Wednesday, March 10, 2010 2:13 PM
  • anyone please?
    Microsoft Windows Server 2008 Standard Microsoft Exchange 2007
    Wednesday, March 10, 2010 9:33 PM
  • ok so the only problem with creating that request is my cert authority won't create any certs that include domains other than our public domain, zeropointusa.com. It would almost seem like I need two certs installed w/ exchange, one for our external name and one for our internal name.
    You need a ssl cert with multiple Subject Alternatvie Names, i.e. multiple SANs supported certificate, where that ssl will be insalled on the CAS pointed to by your public domain host name"mails.zeropointusa.com" and will contain your private host name (FQDN of CAS) and netbios name of CAS server as SANs.

    Regards,

    Laeeq Qazi|Team Lead(Exchange + Sharepoint + BES + DynamicsCRM) www.HostingController.com
    • Marked as answer by Allen Song Monday, March 22, 2010 9:04 AM
    Wednesday, March 10, 2010 10:19 PM
  • 
    Are external users coming straight to the Exchange server or do you have a web publishing device like ISA or TMG in your DMZ?  If you do that, then you can get a cert with just your external name for the ISA or TMG server and create your own CA and issue your certificate for the Exchange server.
    --
    Ed Crowley MVP
    "There are seldom good technological solutions to behavioral problems."
    .
    "Laeeq Qazi" wrote in message news:8fd37106-2caa-4e80-85ec-8cb75bdba914...
    ok so the only problem with creating that request is my cert authority won't create any certs that include domains other than our public domain, zeropointusa.com. It would almost seem like I need two certs installed w/ exchange, one for our external name and one for our internal name.
    You need a ssl cert with multiple Subject Alternatvie Names, i.e. multiple SANs supported certificate, where that ssl will be insalled on the CAS pointed to by your public domain host name"mails.zeropointusa.com" and will contain your private host name (FQDN of CAS) and netbios name of CAS server as SANs.

    Regards,

    Laeeq Qazi|Team Lead(Exchange + Sharepoint + BES + DynamicsCRM) www.HostingController.com

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Thursday, March 11, 2010 2:43 AM
  • 
    Another alternative is to create a split-brain DNS and host an internal DNS record for your external name internally.
    --
    Ed Crowley MVP
    "There are seldom good technological solutions to behavioral problems."
    .
    "Laeeq Qazi" wrote in message news:8fd37106-2caa-4e80-85ec-8cb75bdba914...
    ok so the only problem with creating that request is my cert authority won't create any certs that include domains other than our public domain, zeropointusa.com. It would almost seem like I need two certs installed w/ exchange, one for our external name and one for our internal name.
    You need a ssl cert with multiple Subject Alternatvie Names, i.e. multiple SANs supported certificate, where that ssl will be insalled on the CAS pointed to by your public domain host name"mails.zeropointusa.com" and will contain your private host name (FQDN of CAS) and netbios name of CAS server as SANs.

    Regards,

    Laeeq Qazi|Team Lead(Exchange + Sharepoint + BES + DynamicsCRM) www.HostingController.com

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    • Marked as answer by Allen Song Monday, March 22, 2010 9:04 AM
    Thursday, March 11, 2010 2:44 AM
  • Hi,

    You can also change the relevant URL which named internal name to mails.zeropointusa.com to workaround this issue.

    Thanks

    Allen
    Monday, March 15, 2010 9:23 AM