I am using Exchange 2013 with outlook 2013. After setting up and connecting with outlook I got an error, a dialog box popped up with 2 ticks and a cross relating to the security certificate, the cross said The name on the security certificate is invalid or does not match the name on the site. Still everything worked. While reading up on this error I tried the recommendations on this page. http://support.microsoft.com/kb/940726 using Set-ClientAccessServer . After this I now get an anew error There is a problem with the proxy server's security certificate, The name on the security certificate is invalid or does not match the name on the site" and outlook can no longer connect to exchange. I can still use the owa web interface. If any other data is needed please let me know. Please help. Thanks Alan Mosley - ThatsIT Solutions

Hi, The problem could be that the InternalHostname configured for Outlook Anywhere, is configured with the ServerFQDN and you didn't include that name in your Certificate. Please check with: Get-OutlookAnywhere | fl Internalhostname,Externalhostname Also See Step4: Configure Mail Flow and Client AccessMartina Miskovic

Thanks for your help InternalHostname : mail.it.local ExternalHostname : mail.thatsit.net.auAlan Mosley - ThatsIT Solutions

Hi The certificate for that domain name (I assume you gave us real info here) is for remote.thatsit.net.au externally which doesn't match mail.thatsit.net.au which may be why you are getting the error. If this is the only certificate you are using then you should consider buying a UCC certificate which can have multiple names on it. Cheers, Steve

Yes remote is for remote access on a different server on the network, but this would explain problems from outside using owa, but I am having problems connecting with outlook desktop application. ThanksAlan Mosley - ThatsIT Solutions

So do you have a certificate installed on the Exchange server that has mail.thatsit.net.au included on it?

no only the self signed certificates that were created on setup Alan Mosley - ThatsIT Solutions

OK, Outlook Anywhere does not work with the self signed certificates so you would either need a public UCC cert or a certificate issued by your internal CA. If you are planning to get a public cert it cannot contain .local hostnames so you would need to use split DNS internally and change the Internal hostnames and URLs to match the external ones. Steve

Thanks, but this is the east of my problems, my problem is that outlook desktop app can not connect to exchange as stated in my original post. Thanks Alan Mosley - ThatsIT Solutions

In Exchange 2013 all connections from Outlook clients use the Outlook Anywhere (RPC/HTTP) method to connect so you will need valid certificates even for internal clients. See this article for more information: http://technet.microsoft.com/en-us/library/jj150540.aspx#BKMK_Arch specifically the paragraph under the 3 bullet points in the section: Exchange 2013 architecture Cheers, Steve EDIT: Also the Deploying Outlook Anywhere section in this article: http://technet.microsoft.com/en-us/library/bb123741.aspx

ok thanks for the article. but I still think I have a deeper proble, sine I set up I get the error with 2 ticks and a cross relating to the security certificate, the cross said The name on the security certificate is invalid or does not match the name on the site. Still everything worked. While reading up on this error I tried the recommendations on this page. http://support.microsoft.com/kb/940726 using Set-ClientAccessServer . After this I now get an anew error There is a problem with the proxy server's security certificate, The name on the security certificate is invalid or does not match the name on the site" and outlook can no longer connect to exchange. I can still use the owa web interface. will getting a certificate fix the second problem also, it would seem that because I did not have this error before something has changed. Thanks Alan Mosley - ThatsIT Solutions

OK, Outlook Anywhere does not work with the self signed certificates so you would either need a public UCC cert or a certificate issued by your internal CA. If you are planning to get a public cert it cannot contain .local hostnames so you would need to use split DNS internally and change the Internal hostnames and URLs to match the external ones. Steve

Hello, You need at least mail.thatsit.net.au and autodiscover.thatsit.net.au included in the certificate. Thanks, If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.comSimon Wu TechNet Community Support

Hello, You need at least mail.thatsit.net.au and autodiscover.thatsit.net.au included in the certificate. Thanks, If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.comSimon Wu TechNet Community Support