Certificate errors while configuring mailtips and autodiscover


  • I'm trying to get mailtips working in our Exchange 2010 environment.

    There is a reverse proxy running TMG 2010 which handles external OWA requests. It has a SAN certificate installed on it from Digicert. The certificate includes, and

    An internal Exchange 2010 server,, has all the roles (MB+CAS+HT) installed. It has a certificate for ex2010 and installed on it.

    I did the following to get mailtips to work:

    Set-ClientAccessServer -Identity EX2010 -AutodiscoverServiceInternalUri

    Set-WebServicesVirtualDirectory -Identity "EX2010\EWS (Default Web Site)" -InternalUrl

    Set-OABVirtualDirectory -Identity "EX2010\oab (Default Web Site)" -InternalUrl

    Create a entry in the Internal DNS for with the same IP address as

    Unfortunately, after this was done, I started getting security alert prompts warning that "The name on the security certificate in invalid or does not match the name of the site." This happens since the certificate used internally has EX2010 and not

    How do I fix this? The certificate for is only on the reverse proxy in the DMZ and not the internal Exchange server, and the documentation I have read indicates that this is how it is supposed to be. 

    • Edited by ShamanTT Wednesday, February 22, 2012 3:30 PM
    Wednesday, February 22, 2012 3:28 PM


  • Mailtips has started working, although somewhat mysteriously.

    I had deleted the DNS entry for after the security prompts related to the certifcate started appearing.

    Later, I re-created the DNS entry (same as before). The security prompts did NOT re-appear and mailtips starting working on one PC, but not 2 others that was used for testing.

    One night passed, and this morning mailtips is working fine with Outlook 2010 on all the test PC's and I'm not receiving any certificate related prompts.

    Thursday, February 23, 2012 12:19 PM

All replies