Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

EX2K7 - Internal Outlook 2K7 clients getting cert error on startup

0 views
Skip to first unread message

Adam

unread,
Oct 28, 2009, 7:45:01 AM10/28/09
to
Hello all. We are experiencing a problem where our internal Outlook 2007
clients are reporting a certificate error on startup/connection to our
Exchange 2007 server. Here is a brief overview of our setup:
Domain: Windows Server 2003 AD domain with 2 DCs running Server 2008 (64)
Exchange setup: 1 member server running Server 2008 (64) w/ 1 HUB Server and
1 Mailbox Server - 1 member server running Server 2008 (64) w/ 1 CAS server.
On the CAS server, we've implemented 1 UCC cert containing all necessary
names for external access. We've also enabled the default simple cert that
ships with Ex2K7 strictly for internal clients.
Now for the issue at hand - when an internal client w/ Outlook 2K7 opens
Outlook, they receive a cert error stating that the name on the cert doesn't
match the name of the site. When you view the cert, it is showing the name of
the external site name, not the internal name of the CAS server. I've checked
the certs on the CAS server: both are correct and valid and the internal cert
does list both the NETBIOS and FQDN name of the CAS server. I've also checked
the SCP and it too is listing the correct internal names for the CAS server.
The services that are currently enabled for the internal cert are IMAP4 and
POP.
I've gone through numerous blogs and posts and have checked all the settings
they recommend and can't find the issue. Anyone have any ideas? Do we need to
enable the IIS service for the internal cert (can't see why we would)? Any
help would be greatly appreciated.
Adam

Adam

unread,
Oct 28, 2009, 7:54:01 AM10/28/09
to
I should also point out that we went with the above configuration because our
external domain name is different from our internal domain name. The external
3rd party cert only lists the external names for our CAS along with the MX
record listings. I read several posts on the "You had me at EHLO" blog which
said that this should work fine (and it saved us quite a bit of money on the
3rd party cert what with not having to add the internal NETBIOS and FQDN
names to the cert). Were they wrong?

Ed Crowley [MVP]

unread,
Oct 28, 2009, 11:52:36 AM10/28/09
to
Please post the complete error message you are receiving.
--
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
.

"Adam" <Ad...@discussions.microsoft.com> wrote in message
news:E6AB874B-DCE9-4A32...@microsoft.com...

Adam

unread,
Nov 3, 2009, 6:03:01 AM11/3/09
to
Ed,
Thanks for your reply. Sorry I wasn't able to get back to you. Have been
going round the houses with this one and things have progressed and changed,
though we are no closer to a resolution. I will abandon this post and re-open
a new one with all the new relevant details. Thanks again,
Adam

"Ed Crowley [MVP]" wrote:

> Please post the complete error message you are receiving.
> --
> Ed Crowley MVP
> "There are seldom good technological solutions to behavioral problems."

> ..

> .
>

0 new messages