"simon22" wrote:

> Hi All,
>
> I got exchange server 2007 with sp1 installed.
> Today I installed a verisign certificate in order to get RPC over http to
> work.
>
> After installing the certificate RPC is working fine from outside the
> network and we are happy however.
>
> Internal users inside the domain getting an error message saying that:
> "Name on the Security Certificate is Invalid or Does Not Match the Name on
> the Certificate"
>
> How can I fix the problem so users inside the network will not receive the
> error message ?
>
> I saw a few posts about setting new dns zone but not sure what to do.
>
> Cheers,
> Simon

"EX Admin" wrote:

> Simon,
>
> Ok, this is a new feature and could be annoying.... No matter how you
> configure the client as MAPI or Outlook Anywhere Outlook 2007 with Exchange
> 2007 uses a new feature called autodiscovery. There are a number of items
> OOF,OAB, availablity etc.... that use service. Depending on your
> configuration domain joined or not will depend on how items are accessed.
> There are a number of locations that urls need to be set
> get-autodiscovevirtualdirectory
> get-webservicesvirtualdirectory
> get-clientaccessserver (look for autodiscover internal uri)
>
> you can use
>
> set-autodiscovevirtualdirectory
> set-webservicesvirtualdirectory
> set-clientaccessserver (look for autodiscover internal uri)
>
> to set internal uri to match your certificate name (FQDN) if it can be
> resolved by internal users.
>
> some of internal uri must be point to your server name... you need to change
> it. alse you may need certificate called autodiscover.yourSMTPdomain.com ...
> in order for outside to use Outlook anywhere via autodiscover. it's really
> cool.
>
> http://msexchangeteam.com/archive/2006/10/23/429296.aspx
>
> good luck!
>
>
> "simon22" wrote:
>
> > Hi All,
> >
> > I got exchange server 2007 with sp1 installed.
> > Today I installed a verisign certificate in order to get RPC over http to
> > work.
> >
> > After installing the certificate RPC is working fine from outside the
> > network and we are happy however.
> >
> > Internal users inside the domain getting an error message saying that:
> > "Name on the Security Certificate is Invalid or Does Not Match the Name on
> > the Certificate"
> >
> > How can I fix the problem so users inside the network will not receive the
> > error message ?
> >
> > I saw a few posts about setting new dns zone but not sure what to do.
> >
> > Cheers,
> > Simon

"simon22" wrote:

> Hi There,
>
> I fixed the issue after searching the net for a few hours.
>
> first you need to do this:
> http://support.microsoft.com/kb/940726
>
> And you can read here more:
> http://social.technet.microsoft.com/Forums/en-US/exchangesvrclients/thread/697f79e2-ca8f-4a2e-bae5-55d3fa7f703f/#page:2
>
> You will also need to do this:
> First you create a new DNS zone in your DNS server using the address
> configured in your commercial certificate, lets say: mail.supermail.com
>
> Then you create a  Host (A) type to point to your mail server´s IP :
> mail.supermail.com  192.168.0.5
> Then you just change the following values thru the Exchange shell console:
> Set-ClientAccessServer -Identity CAS_Server_Name
> -AutodiscoverServiceInternalUri
> https://mail.supermail.com/autodiscover/autodiscover.xml
>
> Set-WebServicesVirtualDirectory -Identity "CAS_Server_Name\EWS (Default Web
> Site)" -InternalUrl https://mail.supermail.com/ews/exchange.asmx
>
> Set-OABVirtualDirectory -Identity "CAS_Server_name\oab (Default Web Site)"
> -InternalUrl https://mail.supermail.com/oab
>
> Set-UMVirtualDirectory -Identity "CAS_Server_Name\unifiedmessaging (Default
> Web Site)" -InternalUrl
> https://mail.supermail.com/unifiedmessaging/service.asmx
>
> *please note that you must change: "CAS_Server_Name" to your exchange server
> name and mail.supermail.com with the correct address.
>
>
> This fixed my problem.
> simon
>
>
> "EX Admin" wrote:
>
> > Simon,
> >
> > Ok, this is a new feature and could be annoying.... No matter how you
> > configure the client as MAPI or Outlook Anywhere Outlook 2007 with Exchange
> > 2007 uses a new feature called autodiscovery. There are a number of items
> > OOF,OAB, availablity etc.... that use service. Depending on your
> > configuration domain joined or not will depend on how items are accessed.
> > There are a number of locations that urls need to be set
> > get-autodiscovevirtualdirectory
> > get-webservicesvirtualdirectory
> > get-clientaccessserver (look for autodiscover internal uri)
> >
> > you can use
> >
> > set-autodiscovevirtualdirectory
> > set-webservicesvirtualdirectory
> > set-clientaccessserver (look for autodiscover internal uri)
> >
> > to set internal uri to match your certificate name (FQDN) if it can be
> > resolved by internal users.
> >
> > some of internal uri must be point to your server name... you need to change
> > it. alse you may need certificate called autodiscover.yourSMTPdomain.com ...
> > in order for outside to use Outlook anywhere via autodiscover. it's really
> > cool.
> >
> > http://msexchangeteam.com/archive/2006/10/23/429296.aspx
> >
> > good luck!
> >
> >
> > "simon22" wrote:
> >
> > > Hi All,
> > >
> > > I got exchange server 2007 with sp1 installed.
> > > Today I installed a verisign certificate in order to get RPC over http to
> > > work.
> > >
> > > After installing the certificate RPC is working fine from outside the
> > > network and we are happy however.
> > >
> > > Internal users inside the domain getting an error message saying that:
> > > "Name on the Security Certificate is Invalid or Does Not Match the Name on
> > > the Certificate"
> > >
> > > How can I fix the problem so users inside the network will not receive the
> > > error message ?
> > >
> > > I saw a few posts about setting new dns zone but not sure what to do.
> > >
> > > Cheers,
> > > Simon

"Mick" <M***@discussions.microsoft.com> wrote in message
news:EF69C4A9-FCA1-486B-B5AB-AD1DCAD3C8D5@microsoft.com...
> Hi,
>
> I know the post is a few months old but I've got same issue, I found the
> 940726 article before I fond this post. Just one thing is unclear, do you
> actually have to enter the full "\EWS (Default Web Site)" for each line or
> is
> "(Default Web Site)" just a comment?
>
> Thanks
>
> Mick
>
>
> "simon22" wrote:
>
>> Hi There,
>>
>> I fixed the issue after searching the net for a few hours.
>>
>> first you need to do this:
>> http://support.microsoft.com/kb/940726
>>
>> And you can read here more:
>> http://social.technet.microsoft.com/Forums/en-US/exchangesvrclients/thread/697f79e2-ca8f-4a2e-bae5-55d3fa7f703f/#page:2
>>
>> You will also need to do this:
>> First you create a new DNS zone in your DNS server using the address
>> configured in your commercial certificate, lets say: mail.supermail.com
>>
>> Then you create a  Host (A) type to point to your mail server´s IP :
>> mail.supermail.com  192.168.0.5
>> Then you just change the following values thru the Exchange shell
>> console:
>> Set-ClientAccessServer -Identity CAS_Server_Name
>> -AutodiscoverServiceInternalUri
>> https://mail.supermail.com/autodiscover/autodiscover.xml
>>
>> Set-WebServicesVirtualDirectory -Identity "CAS_Server_Name\EWS (Default
>> Web
>> Site)" -InternalUrl https://mail.supermail.com/ews/exchange.asmx
>>
>> Set-OABVirtualDirectory -Identity "CAS_Server_name\oab (Default Web
>> Site)"
>> -InternalUrl https://mail.supermail.com/oab
>>
>> Set-UMVirtualDirectory -Identity "CAS_Server_Name\unifiedmessaging
>> (Default
>> Web Site)" -InternalUrl
>> https://mail.supermail.com/unifiedmessaging/service.asmx
>>
>> *please note that you must change: "CAS_Server_Name" to your exchange
>> server
>> name and mail.supermail.com with the correct address.
>>
>>
>> This fixed my problem.
>> simon
>>
>>
>> "EX Admin" wrote:
>>
>> > Simon,
>> >
>> > Ok, this is a new feature and could be annoying.... No matter how you
>> > configure the client as MAPI or Outlook Anywhere Outlook 2007 with
>> > Exchange
>> > 2007 uses a new feature called autodiscovery. There are a number of
>> > items
>> > OOF,OAB, availablity etc.... that use service. Depending on your
>> > configuration domain joined or not will depend on how items are
>> > accessed.
>> > There are a number of locations that urls need to be set
>> > get-autodiscovevirtualdirectory
>> > get-webservicesvirtualdirectory
>> > get-clientaccessserver (look for autodiscover internal uri)
>> >
>> > you can use
>> >
>> > set-autodiscovevirtualdirectory
>> > set-webservicesvirtualdirectory
>> > set-clientaccessserver (look for autodiscover internal uri)
>> >
>> > to set internal uri to match your certificate name (FQDN) if it can be
>> > resolved by internal users.
>> >
>> > some of internal uri must be point to your server name... you need to
>> > change
>> > it. alse you may need certificate called
>> > autodiscover.yourSMTPdomain.com ...
>> > in order for outside to use Outlook anywhere via autodiscover. it's
>> > really
>> > cool.
>> >
>> > http://msexchangeteam.com/archive/2006/10/23/429296.aspx
>> >
>> > good luck!
>> >
>> >
>> > "simon22" wrote:
>> >
>> > > Hi All,
>> > >
>> > > I got exchange server 2007 with sp1 installed.
>> > > Today I installed a verisign certificate in order to get RPC over
>> > > http to
>> > > work.
>> > >
>> > > After installing the certificate RPC is working fine from outside the
>> > > network and we are happy however.
>> > >
>> > > Internal users inside the domain getting an error message saying
>> > > that:
>> > > "Name on the Security Certificate is Invalid or Does Not Match the
>> > > Name on
>> > > the Certificate"
>> > >
>> > > How can I fix the problem so users inside the network will not
>> > > receive the
>> > > error message ?
>> > >
>> > > I saw a few posts about setting new dns zone but not sure what to do.
>> > >
>> > > Cheers,
>> > > Simon