The Name on the security certificate is invalid or does not match the name of the site

After following the articles I posted about a few days ago about our exchange 2003 to 2010 upgrade, we ran into another hiccup.  You receive an error when opening outlook “The Name on the security certificate is invalid or does not match the name of the site.”  This is because our certificate didnt match the fqdn of the mail server.  For us the fqdn was exchange.ads.ssc.wisc.edu, and the cert was for exchange.ssc.wisc.edu.  After some googlefoo, I found the solution.

You can change all but two of teh URL’s in the exchange management console.  Go to server configuration, then to the CAS role.  When you open on properties on the different sections (OWA, ECP, etc), you will see the url’s used both internally and externally.  Change all those to match the cert (in our case the outside facing url was right).  That will get you all but two.  The next two have to be done in the exchnage powershell environment.

You can start by typing:

Get-ClientAccessServer -identity CASservername | FL

At the top of the returned info is AutoDiscoverServiceInternalUri. That will be pointing to the wrong url. To change it, type the following:

Set-ClientAccessServer -Identity "CASServerName" -AutodiscoverServiceInternalURI https://domainonthecert/autodiscover/autodiscover.xml

My code was:

Set-ClientAccessServer -Identity "exchange" -AutodiscoverServiceInternalURI https://exchange.ssc.wisc.edu/autodiscover/autodiscover.xml

If you run the first command again, you can verify it has been changed. Second command is this:

Get-WebServicesVirtualDirectory

To fix this one, we would use:

Set-WebServicesVirtualDirectory -Identity "CASservername\EWS (Default Web Site)" -InternalUrl https://domainonthecert/EWS/Exchange.asmx

For example, here is what I put in:

Set-WebServicesVirtualDirectory -Identity "exchange\EWS (Default Web Site)" -InternalUrl https://exchange.ssc.wisc.edu/EWS/Exchange.asmx

After that, go to IIS, open up the application pool, and right click on MSExchangeAutodiscoverAppPool and click recycle.

After that, Outlook opened without any more errors.

Filed under: Exchange, Microsoft | Posted on March 17th, 2011 by CharlieMaurice

Leave a Reply

RSS Feed

Categories

Archives

Blogroll

Meta

Copyright © 2018 Charlie's Tech Ramblings. All rights reserved.

Tech Blue designed by Hive Designs • Ported by Free WordPress Themes