exchange certificate autodiscover warning message
I am using Exchange2007. I am getting this error from few days when I reinstalled the exchange certificates.
I have attached an image with this thread.
90% of users are not getting this error any more since i installed new certificates but still 10% users are looking
the old server/certificates.
I have followed these steps as mentioned on
http://support.microsoft.com/kb/940726
1. Start the Exchange Management Shell.
2. Modify the Autodiscover URL in the Service Connection Point. The Service Connection Point is stored in the Active Directory directory service. To modify this URL, type the following command, and then press ENTER:
Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUri
https://mail.contoso.com/autodiscover/autodiscover.xml
3. Modify the InternalUrl attribute of the EWS. To do this, type the following command, and then press ENTER:
Set-WebServicesVirtualDirectory -Identity "CAS_Server_Name\EWS (Default Web Site)" -InternalUrl
https://mail.contoso.com/ews/exchange.asmx
4. Modify the InternalUrl attribute for Web-based Offline Address Book distribution. To do this, type the following command, and then press ENTER:
Set-OABVirtualDirectory -Identity "CAS_Server_name\oab (Default Web Site)" -InternalUrl
https://mail.contoso.com/oab
5. Modify the InternalUrl attribute of the UM Web service. To do this, type the following command, and then press ENTER:
Set-UMVirtualDirectory -Identity "CAS_Server_Name\unifiedmessaging (Default Web Site)" -InternalUrl
https://mail.contoso.com/unifiedmessaging/service.asmx
Note This command is required only in an Exchange 2007 environment. This command no longer exists in an Exchange 2010 environment. Instead, the WebServices URL is used for this purpose.
6. Open IIS Manager.
7. Expand the local computer, and then expand Application Pools.
8. Right-click MSExchangeAutodiscoverAppPool, and then click Recycle.
Then I recreated the certificates again with following steps
1. Start the Exchange Management Shell.
2. New-ExchangeCertificate -DomainName newserver, newserver.mycompany.local, mycompany.local, mail1.mycompany.com, autodiscover.mycompany.local -Services IMAP, POP, IIS, SMTP
3. Remove-Exchangecertificate -Thumbprint xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx (removed the old certificate)
4. Enable-Exchangecertificate -Thumbprint xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx (enabled the new certificate)
but still getting same errors on few client outlooks. Clients are using outlook2007.
Any help??
November 24th, 2010 6:07am
Any reason you aren't using a commercial SSL certificate? The self signed certificates are really designed as a place holder until a commercial certificate is deployed.
Simon.Simon Butler, Exchange MVP
Blog |
Exchange Resources
Free Windows Admin Tool Kit Click here and download it now
November 24th, 2010 4:40pm
Hi,
I do not see the image you mentioned. Could you post the errors?
Does the issue persist if you create a new outlook profile for the users?
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Thanks
Gen Lin-MSFT
November 25th, 2010 4:52am
The error is:
The name on the security certificate is invalid or does not match the name of the site.
on view certificate i can see the new server's certificate, I install the new certificate but still getting same error every time i open outlook.
any idea?
Free Windows Admin Tool Kit Click here and download it now
November 25th, 2010 7:54am
You wrote that you've used those commands that sets the settings to use
mail.contoso.com
Is that name included in your certificate?
Also, check the externalurl on Webservices, OAB and UM
*****
3. Modify the InternalUrl attribute of the EWS. To do this, type the following command, and then press ENTER:
Set-WebServicesVirtualDirectory -Identity "CAS_Server_Name\EWS (Default Web Site)" -InternalUrl
https://mail.contoso.com/ews/exchange.asmx
4. Modify the InternalUrl attribute for Web-based Offline Address Book distribution. To do this, type the following command, and then press ENTER:
Set-OABVirtualDirectory -Identity "CAS_Server_name\oab (Default Web Site)" -InternalUrl
https://mail.contoso.com/oab
5. Modify the InternalUrl attribute of the UM Web service. To do this, type the following command, and then press ENTER:
Set-UMVirtualDirectory -Identity "CAS_Server_Name\unifiedmessaging (Default Web Site)" -InternalUrl
https://mail.contoso.com/unifiedmessaging/service.asmx
*****
Jonas Andersson MCTS: Microsoft Exchange Server 2007/2010 | MCITP: EMA 2007/2010 | MCSE/MCSA Blog:
http://www.testlabs.se/blog
November 25th, 2010 6:01pm