Fighting this issue for almost a year now. We have a small Exchange 2010 organization that was recently migrated from Exchange 2003. Clients are a mix of Windows XP and Windows 7, but all are running Outlook 2007. For the Outlook 2010 upgrade a certificate that supports multiple SAN's was purchased from GoDaddy. There exists two "domains" in this company although only one is the true AD domain. Lets call the older domain "really_long_name.com" and the current windows domain name "short_name.com". One of the SAN's for the certificate is "autodiscover.short_name.com", however, there is NO SAN listed for "autodiscover.really_long_name.com". This one remote user constantly receives this prompt concerning an invalid name on certificate because it is using the autodiscover.really_long_name.com instead of autodiscover.short_name.com He is the only one that gets this, and I just reinstalled his Windows XP w/outlook 2007 and tested it via vpn and no longer received the error. Well he receives the laptop several days later and says it is not fixed, and finally comes clean that did a "repair" on Outlook and Add/Remove programs on it to customize his office. Never got a clear answer as to why. His primary SMTP domain is in fact: jsmith@short_name.com My AutoDiscoverInternalUri on my CAS server points to autodiscover.short_name.com and every other component references the FQD of my email server using the short_name.com domain. When I run an Autodiscover test on his laptop everything returns fine and it shows it accessing autodiscover.short_name.com Does anyone have any idea why his Outlook is for some reason appending the long_name domain for the autodiscover process?

Post the full error text he receives and all the steps he takes to make the error occur. Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

The error pops up about 5 seconds after launching Outlook. Hitting yes to the prompt makes the message go away until exits and launches Outlook again. Now this error is correct, the autodiscover name it is using, autodiscover.really_long_name.com is not list on cert, but the problem is that it should not even be using that domain name. It should be using the domain name of the shorter, AD, and primary SMTP domain. Again he is the ONLY one experiencing this issue so I feel like there is some odd configuration on his end.

Hello, please check the DNS settings on the client. Maybe the client has an external DNS server instead of an internal one in his DNS servers list. Greetings, Toni

Thanks da_doni, the vpn provides the address of our two internal windows DNS servers correctly so that should be good to, and it is a fresh install of XP joined to the domain before I shipped it off. Has the default HOSTS file. It is driving me insane.

Security warning when you start Outlook 2007 and then connect to a mailbox that is hosted on a server that is running Exchange Server 2007 or Exchange Server 2010: "The name of the security certificate is invalid or does not match the name of the site" http://support.microsoft.com/kb/940726 The Name on the security certificate is invalid or does not match the name of the site - PART 1 http://blogs.technet.com/b/danielkenyon-smith/archive/2010/05/13/the-name-on-the-certificate-is-invalid-or-does-not-match-the-name-of-the-site-part-1.aspx The Name on the security certificate is invalid or does not match the name of the site - PART 2 http://blogs.technet.com/b/danielkenyon-smith/archive/2010/05/13/the-name-on-the-certificate-is-invalid-or-does-not-match-the-name-of-the-site-part-2.aspx

Thanks Ramesh, but I have already done those steps listed in all of those articles related to this common certificate error. Like I said I have fighting this nagging issue for a long time. This issue ONLY affects one single user, while all of my other local and remote users do not experience this error. Here is the crux of the issue: Why does his Outlook believe the autodiscover service is running under the incorrect domain? Is that set in some rogue Service Connection Point record in AD? Why is it appending the really_long_name.com domain to the autodiscover instead of the short_name.com domain? I cannot figure out where this is coming from.

What does that user see when you run Test E-mail Autoconfiguration on that machine? Hold Ctrl, click on the Outlook icon, select Test E-mail Autoconfiguration, enter the user's e-mail address and password, clear the Guessmart checkboxes, and then click Test. Also, what is the CN of the certificate? Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Unfortunately this remote user is out in the field in another state and it is difficult to schedule access to his laptop, but I will work on that. However, I did that exact test on Wednesday and the test completed successfully with no issues. All URL and FQDN's were using the correct "short_name.com" domain. Here is cert info: CN Subject as listed in the EMC = exchange.short-name.com SAN info: DNS Name=exchange.short-name.com DNS Name=www.exchange.short-name.com DNS Name=autodiscover.short-name.com DNS Name=short-name.com DNS Name=webmail.short-name.com DNS Name=exchange

Hi, Please try to add your exchange server name to your host file and then check the issue. I'd like to know if you have SRN configured in the DNS. I recommend you to post the result of test e-mailautoconfiguration here. Besides, please try to use OWA to access mailbox to verify if we would meet certificate error. Found a similar thread to share with you: Can't connect Outlook 2007 from home using VPN http://social.technet.microsoft.com/Forums/en-US/exchangesvradmin/thread/b113a0cf-3fc3-4804-b8af-bb175f4a199f/ Xiu

Hi, Please try to add your exchange server name to your host file and then check the issue. I'd like to know if you have SRV configured in the DNS. I recommend you to post the result of test e-mailautoconfiguration here. Besides, please try to use OWA to access mailbox to verify if we would meet certificate error. Found a similar thread to share with you: Can't connect Outlook 2007 from home using VPN http://social.technet.microsoft.com/Forums/en-US/exchangesvradmin/thread/b113a0cf-3fc3-4804-b8af-bb175f4a199f/ Xiu

Concerning exchange server host name in host file, I can do that, but before I do consider this: -The netbios name of the server resolves to the correct ip address of the exchange server. -The FQDN of the exchange server resolves to the correct ip address of the server. Verified via nslookup that both of our Windows DNS servers resolve the name correctly over VPN. Result of Email Autoconfiguration Protocol: Exchange RPC Server: EXCHANGE.short-name.com Login Name: jsmith Availability Server URL: https://exchange.short-name.com/EWS/Exchange.asmx OOF URL: https://exchange.short-name.com/EWS/Exchange.asmx OAB URL: https://exchange.short-name.com/OAB/4dc4fee2-b3e1-4215-8386-b6721d621b15 Unified Message Service URL: https:/exchange.short-name.com/EWS/UM2007Legacy.asmx Auth Package: Unspecified Protocol: Exchange HTTP Server: exchange.short-fiber.com Login Name: jsmith SSL: Yes Mutual Authentication: Yes Availability Service URL: https://webmail.short-name.com/ews/exchange.asmx OOF URL: https://webmail.short-name.com/ews/exchange.asmx OAB URL: https://webmail.short-name.com/OAB/4dc4fee2-b3e1-4215-8386-b6721d621b15 Unified Message Service URL: https://webmail.short-name.com/ews/UM2007Legacy.asmx Auth Package: NTLM Certificate Principal Name: msstd:exchange.short-name.com Log Results: SMTP: jsmith@short-name.com Attempting URL https://exchange.short-name.com/Autodiscover/Autodiscover.xml found through SCP Autodiscover to https://exchange.short-name.com/Autodiscover/Autodiscover.xml starting GetLastError=0; httpStatus-200. Autodiscover to https://exchange.short-name.com/Autodiscover/Autodiscover.xml succeeded (0x00000000) These are the same results that I receive. The user encounters zero issues when accessing OWA.

Hi, When user vpn to the corp network, he can access OWA without any certificate related issue? Then I recommend you to try to configure the user profile inside the corp network, and then access via Outlook to see if problem would occur there. Regards, Xiu

Hi, When user vpn to the corp network, he can access OWA without any certificate related issue? Then I recommend you to try to configure the user profile inside the corp network, and then access via Outlook to see if problem would occur there. Regards, Xiu When I reinstalled XP on the laptop this is exactly what I did as I was connected locally to the network and the Outlook had zero issues, furthermore I connected wirelessly to a public network then VPN back into our corp network and still did not have a problem. But like I mentioned in my admittedly long story above, he mucked around with the Outlook installation and the cert error returned.

*Update - Workaround for issue* Amazingly, out of desperation, I have finally resolved the issue by using DNS and hotfix available as described in the following document: http://support.microsoft.com/kb/940881 Had user apply hotfix, and added DNS SRV record as instructed. Not thrilled with this solution as I know the root problem still exists and this is simply a band-aid, not to mention the fact that I had to make a change to my windows network infrastructure simply for one trouble user. Thanks for everyone's time and if anyone can come up with a possible explanation for the original problem I would be grateful.