Security warning when you start Outlook 2007 and then connect to a mailbox that is hosted on a server that is running Exchange Server 2007 or Exchange Server 2010: “The name on the security certificate is invalid or does not match the name of the site”

I recently setup a SBS 2011 server for one of my clients. For several reasons we changed the external name to reach the server so instead of remote.fdqn.com.au it would be exchange.fqdn.com.au this worked perfectly once DNS settings propagated and allowed employees to connect externally via webmail or Outlook Anywhere (one of the best features in exchange/outlook hands down).  One issue which popped up after we installed the certificate for this new domain is that it was assigned to a different domain than what was configured in Exchange 2010, so internally clients would get security pop-ups everytime they would open their outlook.

The fix requires the use of the Exchange PowerShell Console, so fire it up. Once it loads, we first need to know what the name of our client access server is (for sites with multiple CAS servers you need to use this on the server doing your auto-discovery). So run Get-ClientAccessServer which will list all of the available CAS servers, for this instance it is SBSSERVER. So now that we have a list of servers and we know which is doing the auto-discovery we need to re-configure it to the new DNS entry.  Microsoft documentation doesn’t have ” ” quotation marks but it is important to have. So now run Set-ClientAccessServer with the following
Set-ClientAccessServer -Identity "SBSSERVER" -AutoDiscoverServiceInternalUri "https://exchange.fqdn.com.au/autodiscover/autodiscover.xml" with SBSSERVER being your CAS server and fqdn.com.au being the correct domain the certificate is assigned to.

Once the command runs successfully, re-open outlook and you will no longer be presented with a security warning everytime you are on the internal network.

3 thoughts on “Security warning when you start Outlook 2007 and then connect to a mailbox that is hosted on a server that is running Exchange Server 2007 or Exchange Server 2010: “The name on the security certificate is invalid or does not match the name of the site”

  1. I have a client with this EXACT problem. I tried your solution but several stations still get this popup.

    Any other ideas?

    FYI, there is a small typo on your blog

    “The name ON the security certificate is invalid or ..”
    ……….^^………
    the correct wording of the error is ON not OF.

    • John says:

      Hi Richard, thanks for catching that, will update the post.

      I believe there is another step you can try, which is configuring the url for the Offline Address Book. So something similar in the Powershell console to:

      Set-OABVirtualDirectory -identity "OAB (Default Web Site)" -externalurl https://external url to cas/OAB -RequireSSL:$true

Leave a Reply