UCC Cert Internal Domain Name is Different then external
Environment-Exchange 2007 SP1, Single Server. Recently I purchased a UCC Cert for my domain from a 3rd party. I didn't realize it at the time but, the internal Domain Name is Different than the External DNS Records pointed to OWA. So when I apply the Certificate my Outlook Clients receive a Certificate mismatch message when logging on. The internal domain name has already been purchased by another company so it is not possible to obtain that domain name. Does anyone know how to fix my internal domain issues with the mismatch names since I cannot add that DNS name to my UCC Cert?
June 17th, 2010 4:46pm

Recently, I also facing same problem while upgrading Exchange 2003 to Exchange 2007. The problem start when we found out that our internal domain was hold by external party, so the SAN certificate Authority will not able to produce the cert with internal name which belong to others.. That party didn't use the name for commercial yet, they just hold it. This problem bring to management and they decided to buy the name from that external party. In your case, i think you can still use the UCC cert but for internal name, you can generated it from your Internal CA. The down side of this is you must export the internal cert and install on every PC on you company.
Free Windows Admin Tool Kit Click here and download it now
June 18th, 2010 5:01am

Recently, I also facing same problem while upgrading Exchange 2003 to Exchange 2007. The problem start when we found out that our internal domain was hold by external party, so the SAN certificate Authority will not able to produce the cert with internal name which belong to others.. That party didn't use the name for commercial yet, they just hold it. This problem bring to management and they decided to buy the name from that external party. In your case, i think you can still use the UCC cert but for internal name, you can generated it from your Internal CA. The down side of this is you must export the internal cert and install on every PC on you company. The deployment of the certificates can easily be done with GPOs and publish the root certificate to the clients But if they aren't domain joined there's a little bit more job..Jonas Andersson MCTS: Microsoft Exchange Server 2007/2010 | MCITP: EMA 2007/2010 | MCSE/MCSA Blog: http://www.testlabs.se/blog
June 18th, 2010 11:34am

Add a new internal DNS zone for your external (legal) domain. Create entries for Exchange in that DNS zone. Get a new certificate with the appropriate addresses in the new DNS zone. Instruct users to use URLs based on the new DNS zone for Exchange. -- Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." . "Super0ne1" wrote in message news:959a62e9-97c3-4b33-b1b9-e553ededc8fe... Environment-Exchange 2007 SP1, Single Server. Recently I purchased a UCC Cert for my domain from a 3rd party. I didn't realize it at the time but, the internal Domain Name is Different than the External DNS Records pointed to OWA. So when I apply the Certificate my Outlook Clients receive a Certificate mismatch message when logging on. The internal domain name has already been purchased by another company so it is not possible to obtain that domain name. Does anyone know how to fix my internal domain issues with the mismatch names since I cannot add that DNS name to my UCC Cert? Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
June 20th, 2010 6:04am

Hi Ed, I'm interest to know more in details about your solution. It is posssible for you to provide step by step. It will help me for reference in future.. Thank you
June 21st, 2010 6:14am

Hi I think Ed means that in your internal dns, create a new zone with the name of your public dns zone like : externaldomain.com In that zone you create mail, autodiscover etc so you have the same name externally as internally That means the users can go to same URL wherever they are (internal/external) Jonas Andersson MCTS: Microsoft Exchange Server 2007/2010 | MCITP: EMA 2007/2010 | MCSE/MCSA Blog: http://www.testlabs.se/blog
Free Windows Admin Tool Kit Click here and download it now
June 21st, 2010 9:54am

I like this Solution. Let me put this into production and see if it works for me. Thanks!
June 21st, 2010 4:51pm

Please try and it is work then let me know step by step. Thank you
Free Windows Admin Tool Kit Click here and download it now
June 23rd, 2010 6:47am

This does not seem to work like expected. Here is exactly what I did. Created zone that has the (Legal) external name. Populated zone with Exchange Server Name, and autodiscover. I then tried a couple things to try and redirect to this zone. I tried creating CNAME's in DNS, Host Files. I also tried to create a new outlook profile but, it always resolves to the internal name.... Am I missing something?
June 23rd, 2010 11:10pm

Outlook will always resolve to the internal domain for MAPI, but Autodiscover will provide URLs in the domain you configure in the various settings for web services, offline address book, etc. -- Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." . "Super0ne1" wrote in message news:76a1e8c1-bffd-4f13-930d-0de515e5a124... This does not seem to work like expected. Here is exactly what I did. Created zone that has the (Legal) external name. Populated zone with Exchange Server Name, and autodiscover. I then tried a couple things to try and redirect to this zone. I tried creating CNAME's in DNS, Host Files. I also tried to create a new outlook profile but, it always resolves to the internal name.... Am I missing something? Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
June 24th, 2010 4:19am

ok great that worked perfectly. I used this command via powershell. Set-ClientAccessServer –Identity XXXXXX -AutoDiscoverServiceInternalUri: https://autodiscover.XXXXXXXX.com/Autodiscover/Autodiscover.xml and bang it works. Thanks!
June 24th, 2010 11:05pm

Sorry, I'm still unable to figure out how you solve the problem. Let say, Internal domain name: contoso.com External domain name: contoso.com.my Internal domain name was already used by others party. So I can't obtain UCC certificate with below DNS names..right: 1. webmail.contoso.com.my, autodiscover.contoso.com.my,Exch01.contoso.com,contoso.com So with Ed' solution, you've creatde DNS zone for external domain name:contoso.com.my in your Internal DNS. In that zone, you create below records: - webmail.contoso.com.my - autodiscover.contoso.com.my Then you obtained UCC certificate from Public Certificate Authority with following names: - webmail.contoso.com.my - autodiscover.contoso.com.my Normally, Internal Autodiscover URL is https://autodiscover.contoso.com/autodiscover/autodiscover.xml So, there is different between UCC's DNS name for autodiscover.contoso.com.my with Internal URL which is autodiscover.contoso.com then you used the powershell to modify the Internal autodiscover to be: https://autodiscover.contoso.com.my/autodiscover/autodiscover.xml.. Do above solution was practice by you.. please confirm ! Many thank
Free Windows Admin Tool Kit Click here and download it now
June 29th, 2010 4:22am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics