madmatt

I setup Exchange 2007 on my server. The domain is usmsol.local. I created a certificate through CA Cert (thanks Geffy) in the name mail.usmsol.net since that is how I will be accessing OWA.

However, when I open Outlook 2007 I get a certificate error since the name of the server (usm-fusion.usmsol.local) doesn't match the name on the certificate (mail.usmsol.net).

How do I resolve this or prevent Outlook from displaying this message? I've already installed both the root certificate and the server certificate.

Furthermore, you cannot add .LOCAL domains to the certiificates on CA Cert. If I go through VeriSign will I be able to add both usm-fusion.usmsol.local and mail.usmsol.net?

Any help/input is appreciated. Thank you.

NetRyder

Your current setup should still work.

What address did you enter in the "Microsoft Exchange Server" field in Outlook 2007's account setup?
Also, what do you have in these two highlighted fields in the Exchange Proxy Settings dialog?

---

LordOfLA

what specs are you running exchange 2007 on?

I tried it on a 2GB ram athlon 64 /windows 2003 standard x64 and it kept crashing the server.

---

madmatt

LordOfLA -
Dell PowerEdge SC1430 - 1.6GHz Xeon 5110, 2GB, 2x500GB
Windows Server 2003 R2 Enterprise x64

NR -
It works, however, I get a certificate error when I first open Outlook (I see the same message twice before it allows me to continue). This is annoying and I don't want to see it. See attachment.

The FQDN of my Exchange server: usm-fusion.usmsol.local

I don't have Outlook Anywhere configured yet.

Geffy

You need to have the FQDN of the Exchange server, or what the exchange server believes its called to match up with the SSL certificate. So you probably need to change that to mail.usmol.net.

---

fitz

two words for you:

Split DNS

---

madmatt

I am happy to report that the issue has been resolved and I now have a fully functional Domain Controller and Exchange Server all in one.

I reformatted the box and did things slightly different after doing my research.

The first thing I did was use a .NET address for my domain instead of the .LOCAL so I could add the names to the certificate without having issues.

Here's the command I used (with my values removed).

After submitting this request to a publisher I imported the certificate (cert.cer).

Nothing difficult yet. After retrieving the thumbprint (for use in the next step) it gets a little tricky due to poorly written Microsoft documentation (I'll get to why in just a bit).

Next we will enable to certificate for SMTP, IIS, and whatever other services you are going to offer (i.e. IMAP, POP).

Here's the thing. Last I knew, Exchange's specialty was SMTP. Microsoft's documentation doesn't mention having to enable the certificate for SMTP for your Exchange 2007 server to function correctly (hence the reason I was seeing errors in the Event Viewer and when I opened Outlook 2007).

How things change with new versions... Anyway, I hope this post will help someone else in the future.

peterzog

I am having the same problem. Before I make name changes to my server can you clarify how you have it setup.

Your domain is: address.net

Your Exchange server true name is: mail.address.net

You have DNS for external requests of mail.address.net, autodiscover.address.net, server.address.net and so on... pointing to the IP of mail.address.net right?

Does IE7 have any problem with a self-assigned certificate when using the Outlook web client?

mdaitc

hey madmatt,

you said:

after submitting this request to a publisher I imported the certificate (cert.cer).

Which "publisher" did you use?

Thanks!

madmatt

mdaitc,

http://www.cacert.org

You have to import the root cert on the server and any client (including the WM device) for it to work perfectly.

peterzog,

I have mail.address.net and autodiscover.address.net pointing to the external IP address for my network.

server.local.address.net and local.address.net do not reverse on the outside. However, that is okay because they aren't accessible from the outside.