Security warning when you start Outlook 2007 and then connect to a mailbox that is hosted on a server that is running Exchange Server 2007 or Exchange Server 2010: “The name on the security certificate is invalid or does not match the name of the site”

, ,

I recently setup a SBS 2011 server for one of my clients. For several reasons we changed the external name to reach the server so instead of remote.fdqn.com.au it would be exchange.fqdn.com.au this worked perfectly once DNS settings propagated and allowed employees to connect externally via webmail or Outlook Anywhere (one of the best features in exchange/outlook hands down).  One issue which popped up after we installed the certificate for this new domain is that it was assigned to a different domain than what was configured in Exchange 2010, so internally clients would get security pop-ups everytime they would open their outlook.

The fix requires the use of the Exchange PowerShell Console, so fire it up. Once it loads, we first need to know what the name of our client access server is (for sites with multiple CAS servers you need to use this on the server doing your auto-discovery). So run Get-ClientAccessServer which will list all of the available CAS servers, for this instance it is SBSSERVER. So now that we have a list of servers and we know which is doing the auto-discovery we need to re-configure it to the new DNS entry.  Microsoft documentation doesn’t have ” ” quotation marks but it is important to have. So now run Set-ClientAccessServer with the following
Set-ClientAccessServer -Identity "SBSSERVER" -AutoDiscoverServiceInternalUri "https://exchange.fqdn.com.au/autodiscover/autodiscover.xml" with SBSSERVER being your CAS server and fqdn.com.au being the correct domain the certificate is assigned to.

Once the command runs successfully, re-open outlook and you will no longer be presented with a security warning everytime you are on the internal network.


3 responses to “Security warning when you start Outlook 2007 and then connect to a mailbox that is hosted on a server that is running Exchange Server 2007 or Exchange Server 2010: “The name on the security certificate is invalid or does not match the name of the site””

  1. Richard Fagen Avatar

    I have a client with this EXACT problem. I tried your solution but several stations still get this popup.

    Any other ideas?

    FYI, there is a small typo on your blog

    “The name ON the security certificate is invalid or ..”
    ……….^^………
    the correct wording of the error is ON not OF.

    1. John Avatar
      John

      Hi Richard, thanks for catching that, will update the post.

      I believe there is another step you can try, which is configuring the url for the Offline Address Book. So something similar in the Powershell console to:

      Set-OABVirtualDirectory -identity "OAB (Default Web Site)" -externalurl https://external url to cas/OAB -RequireSSL:$true

  2. Jase Shim Avatar
    Jase Shim

    Thanks. This article helped me out. Really thank you!

Leave a Reply

More Posts

Fixing SQL Reporting Services The URL has already been reserved error during Configuration

I was recently helping out a colleague with an SQL Server Reporting Services (SSRS) installation. When it came time to configuring that instance of SSRS and making it listen on port 80 for that particular site we got The URL has already been reserved warning message, navigating to the Reporting Services URLs gives us a HTTP […]

Using PowerShell to Manage Windows Server DNS entries

Firstly, Happy new year. Anyway, I was recently tasked with creating a large number of DNS entries on our internal DNS servers. To accomplish this I decided to use PowerShell to perform an import of a CSV file that I had been given that already had my DNS entries. There was a header row with […]

Exchange Management Console not setting Permissions for Receive Connectors, fixing 5.7.1 Client was not authenticated issues with inbound e-mails

I was recently helping out on a migration from Exchange 2003 to Exchange 2010. The organisation was moving from two servers, a front end and back end server to four with two Mailbox servers running in a DAG (Database Availability Group) configuration and two Client Access Servers in an array and along with Hub Transport […]