Ureader.com  
Microsoft software help and Community
   home   |   control panel login   |   archive   |  
 
Exchange
2000.active.directory
2000.admin
2000.announcements
2000.app.conversion
2000.applications
2000.clients
2000.clustering
2000.connectivity
2000.development
2000.documentation
2000.general
2000.information.store
2000.interop
2000.kms
2000.misc
2000.protocols
2000.realtime.collabo.
2000.setup
2000.transport
2000.win2000
admin
application.conversion
applications
clients
clustering
connectivity
design
development
misc
mobility
setup
tools
  
 
date: Tue, 15 Jan 2008 06:19:01 -0800,    group: microsoft.public.exchange.clients        back       


Certificate Security Alert    
Hello;

We have Exchange 2007 and Outlook 2007. When users open Outlook they get a 
Security Alert telling me the "name on the security certificate is invalid or 
does not math the name of the site. Do you want to proceed. I currently dont 
have a certificate in place. How can I stop this from coming up?
-- 
Lee Morgenstein
date: Tue, 15 Jan 2008 06:19:01 -0800   author:   Lee am

RE: Certificate Security Alert    
Hi Lee,

Thanks for posting in our newsgroup.

From your description, I know that when you open Outlook 2007, you get the 
"The name on the security certificate is invalid or does not match the name 
of the site". If that's not right, please don't hesitate to let me know.

Based on my research, this issue is caused by that you changed the security 
certificate installed on your Exchange 2007 server and the Issue To name of 
the certificate now doesn't match the internal FQDN name of your Exchange 
server. For more info about this error, please refer to the following KB 
article:

923575 Error message when Outlook 2007 tries to connect to a server by 
using an RPC connection or an HTTPS connection: "There is a problem with 
the proxy server's security certificate"
http://support.microsoft.com/default.aspx?scid=kb;EN-US;923575

Based on my knowledge, we may have two possible solutions for this 
particular issue:

1. The straightforward solution is to contact the third-party vendor who 
you get the new security certificate from, and confirm whether their 
certificate supports Subject Alternative Names. If so, you can ask them to 
simply issue a new certificate with both internal name and external name of 
your Exchange 2007 server, and then install the new certificate to solve 
the problem.

2. Alternatively you need to change the AutoDiscoverServiceInternalUri 
value on your Exchange 2007 ClientAccess Server (CAS) to match the Issue To 
name of your current security certificate. To do so, please follow these 
steps:

i.) First we need to check the current value of 
AutoDiscoverServiceInternalUri in your Exchange 2007 CAS server:

a. In Exchange Management Shell, run the command: GET-ClientAccessServer | 
fl

b. Then you will see the following as example:

Name                           : <your Exchange 2007 Server name>
OutlookAnywhereEnabled         : False
AutoDiscoverServiceCN          : <your Exchange 2007 CAS name>
AutoDiscoverServiceClassName   : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri : https://<internal name of your Exchange 
2007 CAS>/Autodiscover/Autodiscover.xml

c. Then check whether the name in AutoDiscoverServiceInternalUri matches 
the name in the Issue To field of the security certificate you are using 
now. If it doesn't match, it will cause the error your users encountered.

ii.) In order to fix the error, we have to change the 
AutoDiscoverServiceInternalUri to match the Issue To name on the 
Certificate. In addition we have to change the path on the Default Web 
Site. To do that:

a. First run the following commands in the Exchange Management Shell on 
your Exchange 2007 CAS so that we would have a backup listing of the 
current settings:
Get-Clientaccessserver <your Exchange 2007 server NetBIOS name> | fl > 
backupCAS.txt
Get-WebServicesVirtualDirectory | fl > backupWeb.txt

b. We then run the following commands

Set-Clientaccessserver <your Exchange 2007 server NetBIOS name> 
-AutoDiscoverServiceInternalUri https://<external name of your Exchange 
2007 which is in the Issue To field of current 
certificate>/Autodiscover/Autodiscover.xml

set-WebServicesVirtualDirectory "<your Exchange 2007 server NetBIOS 
name>\EWS (Default Web Site)" -InternalUrl https:// <external name of your 
Exchange 2007 which is in the Issue To field of current 
certificate>/EWS/Exchange.asmx

Hope this helps. 

If you need further assistance, please don't hesitate to let me know.

Best regards,

Robert Li(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================

This newsgroup only focuses on SBS technical issues. If you have issues 
regarding other Microsoft products, you'd better post in the corresponding 
newsgroups so that they can be resolved in an efficient and timely manner. 
You can locate the newsgroup here: 
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the 
"Notify me of replies" box to receive e-mail notifications when there are 
any updates in your thread. When responding to posts via your newsreader, 
please "Reply to Group" so that others may learn and benefit from your 
issue.

Microsoft engineers can only focus on one issue per thread. Although we 
provide other information for your reference, we recommend you post 
different incidents in different threads to keep the thread clean. In doing 
so, it will ensure your issues are resolved in a timely manner. 

For urgent issues, you may want to contact Microsoft CSS directly. Please 
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
<Thread-Topic: Certificate Security Alert
<thread-index: AchXgZMU0A+Qc51mSo2od3gYqA4KDA==
<X-WBNR-Posting-Host: 207.46.19.168
<From: =?Utf-8?B?TGVl?= <Alabama@nospam.nospam>
<Subject: Certificate Security Alert
<Date: Tue, 15 Jan 2008 06:19:01 -0800
<Lines: 9
<Message-ID: 
<MIME-Version: 1.0
<Content-Type: text/plain;
<	charset="Utf-8"
<Content-Transfer-Encoding: 7bit
<X-Newsreader: Microsoft CDO for Windows 2000
<Content-Class: urn:content-classes:message
<Importance: normal
<Priority: normal
<X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
<Newsgroups: microsoft.public.exchange.clients
<Path: TK2MSFTNGHUB02.phx.gbl
<Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.exchange.clients:3737
<NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
<X-Tomcat-NG: microsoft.public.exchange.clients
<
<
<Hello;
<
<We have Exchange 2007 and Outlook 2007. When users open Outlook they get a 
<Security Alert telling me the "name on the security certificate is invalid 
or 
<does not math the name of the site. Do you want to proceed. I currently 
dont 
<have a certificate in place. How can I stop this from coming up?
<-- 
<Lee Morgenstein
<
date: Wed, 16 Jan 2008 10:01:47 GMT   author:   ( (Robert Li [MSFT]))

RE: Certificate Security Alert    
thank you for your assistance
-- 
Lee Morgenstein


"v-robeli@online.microsoft.com (Robert Li" wrote:

> Hi Lee,
> 
> Thanks for posting in our newsgroup.
> 
> From your description, I know that when you open Outlook 2007, you get the 
> "The name on the security certificate is invalid or does not match the name 
> of the site". If that's not right, please don't hesitate to let me know.
> 
> Based on my research, this issue is caused by that you changed the security 
> certificate installed on your Exchange 2007 server and the Issue To name of 
> the certificate now doesn't match the internal FQDN name of your Exchange 
> server. For more info about this error, please refer to the following KB 
> article:
> 
> 923575 Error message when Outlook 2007 tries to connect to a server by 
> using an RPC connection or an HTTPS connection: "There is a problem with 
> the proxy server's security certificate"
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;923575
> 
> Based on my knowledge, we may have two possible solutions for this 
> particular issue:
> 
> 1. The straightforward solution is to contact the third-party vendor who 
> you get the new security certificate from, and confirm whether their 
> certificate supports Subject Alternative Names. If so, you can ask them to 
> simply issue a new certificate with both internal name and external name of 
> your Exchange 2007 server, and then install the new certificate to solve 
> the problem.
> 
> 2. Alternatively you need to change the AutoDiscoverServiceInternalUri 
> value on your Exchange 2007 ClientAccess Server (CAS) to match the Issue To 
> name of your current security certificate. To do so, please follow these 
> steps:
> 
> i.) First we need to check the current value of 
> AutoDiscoverServiceInternalUri in your Exchange 2007 CAS server:
> 
> a. In Exchange Management Shell, run the command: GET-ClientAccessServer | 
> fl
> 
> b. Then you will see the following as example:
> 
> Name                           : <your Exchange 2007 Server name>
> OutlookAnywhereEnabled         : False
> AutoDiscoverServiceCN          : <your Exchange 2007 CAS name>
> AutoDiscoverServiceClassName   : ms-Exchange-AutoDiscover-Service
> AutoDiscoverServiceInternalUri : https://<internal name of your Exchange 
> 2007 CAS>/Autodiscover/Autodiscover.xml
> 
> c. Then check whether the name in AutoDiscoverServiceInternalUri matches 
> the name in the Issue To field of the security certificate you are using 
> now. If it doesn't match, it will cause the error your users encountered.
> 
> ii.) In order to fix the error, we have to change the 
> AutoDiscoverServiceInternalUri to match the Issue To name on the 
> Certificate. In addition we have to change the path on the Default Web 
> Site. To do that:
> 
> a. First run the following commands in the Exchange Management Shell on 
> your Exchange 2007 CAS so that we would have a backup listing of the 
> current settings:
> Get-Clientaccessserver <your Exchange 2007 server NetBIOS name> | fl > 
> backupCAS.txt
> Get-WebServicesVirtualDirectory | fl > backupWeb.txt
> 
> b. We then run the following commands
> 
> Set-Clientaccessserver <your Exchange 2007 server NetBIOS name> 
> -AutoDiscoverServiceInternalUri https://<external name of your Exchange 
> 2007 which is in the Issue To field of current 
> certificate>/Autodiscover/Autodiscover.xml
> 
> set-WebServicesVirtualDirectory "<your Exchange 2007 server NetBIOS 
> name>\EWS (Default Web Site)" -InternalUrl https:// <external name of your 
> Exchange 2007 which is in the Issue To field of current 
> certificate>/EWS/Exchange.asmx
> 
> Hope this helps. 
> 
> If you need further assistance, please don't hesitate to let me know.
> 
> Best regards,
> 
> Robert Li(MSFT)
> 
> Microsoft CSS Online Newsgroup Support
> 
> Get Secure! - www.microsoft.com/security
> 
> =====================================================
> 
> This newsgroup only focuses on SBS technical issues. If you have issues 
> regarding other Microsoft products, you'd better post in the corresponding 
> newsgroups so that they can be resolved in an efficient and timely manner. 
> You can locate the newsgroup here: 
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
> 
> When opening a new thread via the web interface, we recommend you check the 
> "Notify me of replies" box to receive e-mail notifications when there are 
> any updates in your thread. When responding to posts via your newsreader, 
> please "Reply to Group" so that others may learn and benefit from your 
> issue.
> 
> Microsoft engineers can only focus on one issue per thread. Although we 
> provide other information for your reference, we recommend you post 
> different incidents in different threads to keep the thread clean. In doing 
> so, it will ensure your issues are resolved in a timely manner. 
> 
> For urgent issues, you may want to contact Microsoft CSS directly. Please 
> check http://support.microsoft.com for regional support phone numbers.
> 
> Any input or comments in this thread are highly appreciated.
> 
> =====================================================
> 
> This posting is provided "AS IS" with no warranties, and confers no rights.
> 
> --------------------
> <Thread-Topic: Certificate Security Alert
> <thread-index: AchXgZMU0A+Qc51mSo2od3gYqA4KDA==
> <X-WBNR-Posting-Host: 207.46.19.168
> <From: =?Utf-8?B?TGVl?= <Alabama@nospam.nospam>
> <Subject: Certificate Security Alert
> <Date: Tue, 15 Jan 2008 06:19:01 -0800
> <Lines: 9
> <Message-ID: 
> <MIME-Version: 1.0
> <Content-Type: text/plain;
> <	charset="Utf-8"
> <Content-Transfer-Encoding: 7bit
> <X-Newsreader: Microsoft CDO for Windows 2000
> <Content-Class: urn:content-classes:message
> <Importance: normal
> <Priority: normal
> <X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
> <Newsgroups: microsoft.public.exchange.clients
> <Path: TK2MSFTNGHUB02.phx.gbl
> <Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.exchange.clients:3737
> <NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
> <X-Tomcat-NG: microsoft.public.exchange.clients
> <
> <
> <Hello;
> <
> <We have Exchange 2007 and Outlook 2007. When users open Outlook they get a 
> <Security Alert telling me the "name on the security certificate is invalid 
> or 
> <does not math the name of the site. Do you want to proceed. I currently 
> dont 
> <have a certificate in place. How can I stop this from coming up?
> <-- 
> <Lee Morgenstein
> <
> 
>
date: Fri, 18 Jan 2008 18:55:01 -0800   author:   Lee am

RE: Certificate Security Alert    
Hi Lee,

Thanks for your reply.

I am glad to know the information is helpful.

If you have any questions in future, please don't hesitate to post in our 
newsgroup.

Best regards,

Robert Li(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================

This newsgroup only focuses on SBS technical issues. If you have issues 
regarding other Microsoft products, you'd better post in the corresponding 
newsgroups so that they can be resolved in an efficient and timely manner. 
You can locate the newsgroup here: 
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the 
"Notify me of replies" box to receive e-mail notifications when there are 
any updates in your thread. When responding to posts via your newsreader, 
please "Reply to Group" so that others may learn and benefit from your 
issue.

Microsoft engineers can only focus on one issue per thread. Although we 
provide other information for your reference, we recommend you post 
different incidents in different threads to keep the thread clean. In doing 
so, it will ensure your issues are resolved in a timely manner. 

For urgent issues, you may want to contact Microsoft CSS directly. Please 
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
date: Mon, 21 Jan 2008 08:12:06 GMT   author:   ( (Robert Li [MSFT]))

Re: Certificate Security Alert    
On Jan 21, 3:12 am, v-rob...@online.microsoft.com (v-
rob...@online.microsoft.com (Robert Li [MSFT])) wrote:
> Hi Lee,
>
> Thanks for your reply.
>
> I am glad to know the information is helpful.
>
> If you have any questions in future, please don't hesitate to post in our
> newsgroup.
>
> Best regards,
>
> Robert Li(MSFT)
>
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! -www.microsoft.com/security
>
> =====================================================
>
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> checkhttp://support.microsoft.comfor regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
>
> =====================================================
>
> This posting is provided "AS IS" with no warranties, and confers no rights.

Is there a way to use the self-signed certificate for the internal uri
and use the certificate that I bought for the external?
date: Thu, 14 Feb 2008 07:06:50 -0800 (PST)   author:   dylan

Google
 
Web ureader.com


    COPYRIGHT 2007, YARDI TECHNOLOGY LIMITED, ALL RIGHT RESERVE  |   contact us