Firsty thanks for reading, i am in a bit of pickle and i would appreciate your assistance.I am the sole admin of our Ex 2007 enviroment and i have to admit this is a little beyond me.I need to get Autodiscovery working and i have tried to, however when i open up Outlook 2007 it prompts for a password for the OWA website (mail.contso.com). Once i type it in it reports SECRUITY ALERT cas.contso.com "the name on the secruity certificate does not match the name on the site". I can click carry on and Autodiscovery does work but i dont want the password prompt or the server certifcate error.can you help?The EMC reports that my autodiscoveryInternalUrl is https://mail.contso.com/autodiscover/autodiscover.xmlFYI The CAS boxes are behind a ISA 2006 server.any help deeply appreciated...as i have a bunch of very vocal users all not OAB updates!!
February 23rd, 2009 7:22pm
Don't know if this is any help but when we went through this pain it had to do with the subject alternative name on the cert. We had to make another DNS entry for autodiscover.contoso.com and put that name in as an alternate name on the cert.Todd
February 23rd, 2009 8:28pm
Hi Todd,thanks for the reply.Well i dont have a subject alternative name certificate, i only have a certificate for the mail.contoso.com (OWA web URL) address, i dont have a sepearate certificate for autodiscovery.....do i need one and would that stop the login box and certificate error?
February 24th, 2009 12:10pm
Outlook 2007 trieshttp://autodiscover.contoso.comwhen looking for auto discover settings. I know we had very similiar problems and it took a public/internal DNS entry for autodiscover and the same FQDN in the subject alternative field in your certificate. You don't need a seperate cert; just a field in that cert where you can put an alternate name for your cas/hub server. When we first purchased the cert it didn't have that field. We had to upgrade to another class of cert that was more expensive but provided that field. So the primary name for your cas server is cas.contoso.com in the cert, your subject alternate name is autodiscover.contoso.com (same server IP).Sorry for being so vague - it was a while ago!Here's a good white paper about the service:http://technet.microsoft.com/en-us/library/bb332063.aspxTodd
February 25th, 2009 1:22am
Not sure if you are using a self assigned cert or a cert from a company like Verisign. If you use a valid SAN cert it will make your life 100X easier now and in the future. Otherwise if you are using a self assigned cert recreate though power shell with your SAN's.sample command to create it New-ExchangeCertificate -DomainName mail.domain.local,autodiscover.domain.local,server1.domain.local, -FriendlyName webmmail -GenerateRequest:$true -KeySize 1024 -Path c:\webmail.req -SubjectName "c=US,o=WebMail,cn=webmail..domain.local" -PrivateKeyExportable:$trueOnce the cert has been created import using the following Import Cert Import-ExchangeCertificate -path C:\certnew.cer Then we enable cert with thum print provided from import Enable-ExchangeCertificate -Thumbprint 5337DD805284851090B088C040XXXXXXXXXXXX -services iis then Test on server Hope this helps
February 25th, 2009 2:44am
Hi,We have relatedKB published, please refer to it:Warning message when you start Outlook 2007 and then connect to a mailbox that is hosted on an Exchange 2007-based server: "The name of the security certificate is invalid or does not match the name of the site"http://support.microsoft.com/?id=940726Regards,Xiu
February 25th, 2009 9:45am