Re: Internal Namespace Issue


"Craig Johnson" <CraigJohnson@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:EDCE6B6F-31AC-48BA-9B7A-EA49DB12ACDE@xxxxxxxxxxxxxxxx
Thank you for your response... First off, renaming the domain is not an
option. I don't need anymore headaches.

My problem is... We have Exch07 deployed and it needs to be accessible by
Outlook from both the inside and outside. So, we created a verisign cert to
handle the external connections, however, the internal outlook clients are
resolving to the FQDN of the server name and the AD domain, thus generating a
cert warning. Just an inconvenience that we'd like to eliminate.


Actually, Craig, funny you've posted about this issue. I have a client with an internal domain name that is registered publicly with an entity in another country. I came in after the fact. Someone else had set it up.

Keep in mind the cert needs to be for a UCC SAN certificate (unified communications certificate for Subject Alternative Name) for Exchange 2007 and Outlook Anywhere to work. This means the cert must support multiple names. This is necessary for outlook Anywhere to work, as well as for ActiveSync Windows Mobile handhelds.

When I created the cert, I had to specify it was for the following names:

mail.domain.com (for the public mail server name)
exchangesever.internaldomain.net (for the actual internal name that Outlook uses in the mailserver namefield)
exchangeserver (the NetBIOS name for Exchange)
autodiscover.domain.com (the public record for Outlook autodiscover feature).

We received a reply from the cert company that the "internaldomain.net" name is registered elsewhere and they could not issue the cert. I told them to keep the order on hold, I will migrate the domain this weekend to a fresh domain, and recreate a new cert wtih the new name.

It is a major PITA (pain in the rump), but is what it is, it's not what it's not, and it's what has to be done...

Oh well... I wish you luck with your migration.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer
aceman@xxxxxxxxxxxxxxxxxxxxxxx

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.


.

Relevant Pages

  • Re: how to configure rpc over http connection for a client
    ... This is a server for my client. ... When i work at my office, outlook can connect to the exchange server. ... Yep - this is where you accept & then install the certificate after you get ...
    (microsoft.public.windows.server.sbs)
  • Re: New Users (accounts) cant see/get to My Docs or Email
    ... certificate was listed as 'not to be trusted'. ... Outlook 2003 client. ... If it works in OWA then it is Outlook. ... Is there a recommended way to delete the Exchange user from the ...
    (microsoft.public.windows.server.sbs)
  • Re: Exchange 2007 & Outlook 2007 mail profile and autodiscover
    ... I have a certificate that was originaly used just for our external web access users. ... as i've said several times, we have an application called desktop authority that will auto generate the outlook profiles and the correct server name, but even that appears to not work on the outlook 2007 ... Because Exchange now has Autodiscover with different URLs, the certificate should be a UCC certificate. ...
    (microsoft.public.exchange.clients)
  • Re: Trying to get RPC over HTTP for Outlook working
    ... What kind of certificate are you using on the ISA box? ... working well with Outlook 2003 but not Outlook 2007... ... I have a similar situation, my domain is company.local, server name is ... have a single Exchange server setup. ...
    (microsoft.public.outlook.installation)
  • Re: Exchange 2007 & Outlook 2007 mail profile and autodiscover
    ... I have a certificate that was originaly used just for our external web access users. ... as i've said several times, we have an application called desktop authority that will auto generate the outlook profiles and the correct server name, but even that appears to not work on the outlook 2007 ... Because Exchange now has Autodiscover with different URLs, the certificate should be a UCC certificate. ...
    (microsoft.public.exchange.clients)