Autodiscovery Nightmare!
Firsty thanks for reading, i am in a bit of pickle and i would appreciate your assistance.I am the sole admin of our Ex 2007 enviroment and i have to admit this is a little beyond me.I need to get Autodiscovery working and i have tried to, however when i open up Outlook 2007 it prompts for a password for the OWA website ( Once i type it in it reports SECRUITY ALERT "the name on the secruity certificate does not match the name on the site". I can click carry on and Autodiscovery does work but i dont want the password prompt or the server certifcate error.can you help?The EMC reports that my autodiscoveryInternalUrl is The CAS boxes are behind a ISA 2006 server.any help deeply i have a bunch of very vocal users all not OAB updates!!
February 23rd, 2009 7:22pm

Don't know if this is any help but when we went through this pain it had to do with the subject alternative name on the cert. We had to make another DNS entry for and put that name in as an alternate name on the cert.Todd
Free Windows Admin Tool Kit Click here and download it now
February 23rd, 2009 8:28pm

Hi Todd,thanks for the reply.Well i dont have a subject alternative name certificate, i only have a certificate for the (OWA web URL) address, i dont have a sepearate certificate for i need one and would that stop the login box and certificate error?
February 24th, 2009 12:10pm

Outlook 2007 trieshttp://autodiscover.contoso.comwhen looking for auto discover settings. I know we had very similiar problems and it took a public/internal DNS entry for autodiscover and the same FQDN in the subject alternative field in your certificate. You don't need a seperate cert; just a field in that cert where you can put an alternate name for your cas/hub server. When we first purchased the cert it didn't have that field. We had to upgrade to another class of cert that was more expensive but provided that field. So the primary name for your cas server is in the cert, your subject alternate name is (same server IP).Sorry for being so vague - it was a while ago!Here's a good white paper about the service:
Free Windows Admin Tool Kit Click here and download it now
February 25th, 2009 1:22am

Not sure if you are using a self assigned cert or a cert from a company like Verisign. If you use a valid SAN cert it will make your life 100X easier now and in the future. Otherwise if you are using a self assigned cert recreate though power shell with your SAN's.sample command to create it New-ExchangeCertificate -DomainName mail.domain.local,autodiscover.domain.local,server1.domain.local, -FriendlyName webmmail -GenerateRequest:$true -KeySize 1024 -Path c:\webmail.req -SubjectName "c=US,o=WebMail,cn=webmail..domain.local" -PrivateKeyExportable:$trueOnce the cert has been created import using the following Import Cert Import-ExchangeCertificate -path C:\certnew.cer Then we enable cert with thum print provided from import Enable-ExchangeCertificate -Thumbprint 5337DD805284851090B088C040XXXXXXXXXXXX -services iis then Test on server Hope this helps
February 25th, 2009 2:44am

Hi,We have relatedKB published, please refer to it:Warning message when you start Outlook 2007 and then connect to a mailbox that is hosted on an Exchange 2007-based server: "The name of the security certificate is invalid or does not match the name of the site",Xiu
Free Windows Admin Tool Kit Click here and download it now
February 25th, 2009 9:45am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics