I had Windows Server R2 Enterprise installed, and then installed Exchange Server 2010 SP1. My Exchange Server is also my Domain Controller and my external Web Server. My AD FQDN is myDomain.com, which is also my corporate external domain name. The internal name of the server is dc.myDomain.com. However for emails, I want all the world (both internal and external) to access it as mail.myDomain.com. In EMC, I changed the default setting for all internal client access of all kinds to https://mail.myDomain.com, instead of its default setting of https://dc.myDomain.com. I have a valid SSL cert installed from a recognized CA, for mail.myDomain.com. In the EBPA, I am getting the error message: The subject alternative name (SAN) of SSL certificate for https://dc.myDomain.com/Autodiscover/Autodiscover.xml does not appear to match the host address. Host address: dc.myDomain.com. Current SAN: DNS Name=mail.myDomain.com, DNS Name=www.mail.myDOmain.com. What have I done wrong, what are the concequences, and how do I fix it? TIA, mlavie

Autodiscover URL still see the https://dc.myDomain.com/Autodiscover/Autodiscover.xml Consequence - You will get an Certificate pop up when you open outlook. Do we have an entry for AutoDiscover in the SSL cert ? Autodiscover.mydomain.comSatheshwaran Manoharan | Exchange 2003/2007/2010 | Blog:http://www.careexchange.in | Please mark it as an answer if it really helps you

You can only use a single name SSL certificate if you external DNS supports SRV records. If they don't, you need to use a Unified Communications certificate with the autodiscover entry in it. You cannot change all of the URLs that are required using just EMC, you have to use the Shell as well. You have missed the internal Autodiscover record. This is set on set-clientaccessserver and is the value for AutodiscoverServiceInternalURI. That will need to be corrected as well. You may also have to correct the URLs on Web Services and a few other places. Your best option would have been to use a UC certificate, with the internal and external names on it. You could still use your preferred name internally and externally, but would not have any issues with Exchange. Finally, if you are using Enterprise edition of Windows, why on earth is Exchange installed on a domain controller with all of the headaches that involves? Put DC and Exchange in to two separate VMs. You can have up to four VMs on the physical server with Enterprise edition of Windows under the current licensing provisions. Oh and Exchange 2010 SP1 isn't the latest version - if it was a new install I would have gone straight to Exchange 2010 SP2. Simon. Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.

Thank you both. Since I am working with a DNS provider who doesn't seem to support SRV records (Dotster) and as you can ell from my question that playing around with PowerShell is beyond me, I assume I must buy a UC. Could someone please point me to a cheap, universally-recognized UC cert provider? As to why I have Exchange and the DC on the same physical box, we are a tiny startup, and if I can't get Exchange Server up wuthout help, i should certainly not be playing around with virtualization ("children, don't try this at home..."). Thanks, mlavie

If you are a tiny startup, then why not use SBS 2011? Cheaper and designed for small businesses. The wizards would do everything for you. Anyway... Certificate request instructions: http://exchange.sembee.info/2010/install/ssl-request.asp response instructions at the bottom of the page. Source for the SSL certificate: http://certificatesforexchange.com/ Simon. Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.

Thanks for the info. Too bad you operate only in the UK. Since the software we are deleoping is destined to run on large servers, we need to acquire expertise in running them. Again, thanks. mlavie

Hi Simon, I noticed that when I ran the Analyzer Tool's Heath Check from emc, it complained that the cert didn't cover contoso.com and dc.comtoso.com, as expected. But it also compalined that the cert didn't cover www.mail.contoso.com . My external name is mail.contoso.com. If the health checker compained about this, then must I also add www.mail.contoso.com to the cert? And if not, is there any way to make the Health Checker not expect to find www.mail.contoso.com? TIA, mlavie

You don't do development work on a production server, so my argument that SBS would be the best fit still applies. The product is the same. The only thing you don't get on SBS that Enterprise edition can giev you is clustering and that would require a second server and licences. You don't need the www variant, so that can be ignored. Simon. Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.

Thanks for the response. BTW - nobody has replied to my post regarding the ExRCA response for testing RPC over HTTP: "The RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime process." I've found lots of pages with "possible causes", but no instructions how to methodically diagnose the issue until I can identify the defintie cause. Amy help there would be much apprecited. TIA, mlavie

Hi Simon, One very last point: I have managed to solve all the various problems I was having, except that after getting the new UCC from CertificatesForExchange, the ExRCA RPC Over HTTP Test failed, with: "The certificate common name contoso.com doesn't validate against the mutual authentication string that was provided: msstd:mail.contoso.com" I assume that this is because the Common Name is contoso.com, but the OutlookAnywhere server provided by autodiscover is mail.contoso.com. I'd appreciate it if you could tell me where to go from here, and then this installtion is finally over! TIA, mlavie

Personally I never set the common name in the SSL request to the root of the domain. I don't know why the SSL wizard in Exchange 2010 does that. My preference would be to do a new SSL request, identical to the first, but with mail.domain.com set as the common name. Then do a rekey through the supplier's web site and install the replacement certificate. That will clear the issues for you. Simon. Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.

Thanks Simon - that's indeed what I did, and now everything works. I had last dealt with Exchange Server in 2003, when I installed Exchange Server 2003, and haven't done any Exchnage Server installation since - so all of this was obviously very new to me. Regards, Lavie