Re: The name on the security certificate is invalid or does not ma

Tech-Archive recommends: Fix windows errors by optimizing your registry

Hi Cliff,

Thanks for your reply. We are using outlook 2007 internally nobody is
accessing email through outlook externally. OWA is working without any issue
internally as well as externally. However, when users are login to outlook
2007 they are receiving this error message "The name on the security
certificate is invalid or does not match the name of the site" to which users
have to click yes to continue. We don't want to purchase any new certificate
from any trusted authority. We are using internally generated certificate.

Few days back we were receiving Event ID:24 log in Application logs, I
followed the steps mention on
"http://technet.microsoft.com/en-us/library/cc733844(WS.10).aspx" deleted
existing Certificate with "HASH VALUE:
4ee0ed24245860de45714c68b13c62f4c1760297" and added new Certificate with
"HASH VALUE: 0d46120ce949542573473879caeade7c8a2e80b2".

Now in the security certificate error when check the HASH VALUE of the
certificate its "0d46120ce949542573473879caeade7c8a2e80b2". Please suggest
how to resolve this issue.


"Cliff Galiher" wrote:

Asif,

The certificate may be invalid because machines were not properly joined to
the domain. Did you use the SBS wizard? Even if the certificate name
matches, the root certificate will be untrusted if the machine is not domain
joined and thus the certificate is deemed "invalid" for that reason. A
properly joined machine gets the root cert from the DC so this error no
longer occurs.

If this non-domain machine and you are attempting to use outlook with RPC
over HTTP then SBS has a certificate installer package that must be run on
the machine to install the root cert as a trusted authority. Alternatively
you can purchase a 3rd-party cert that will already be issued from a trusted
authority. Your choice. I prefer 3rd party certs simply to ease remote
connectivity...

-Cliff


"A-S-I-F" <ASIF@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F8E29370-D684-4D15-9F53-28FBEB4101F8@xxxxxxxxxxxxxxxx
Hi All,
1) I am using Windows SBS Server 2008 with Exchange 2007 installed on it.
With all the Certicate configured internally. We haven’t purchased the
Certificate from any outside authority yet.
2) Also, user were getting Error message "The name on the security
certificate is invalid or does not match the name of the site" in outlook,
to
resolve this issue I followed the steps mention on
"http://support.microsoft.com/kb/940726"; &
http://social.technet.microsoft.com/Forums/en-US/exchangesvrclients/thread/697f79e2-ca8f-4a2e-bae5-55d3fa7f703f/?prof=required”;
however I was able run only first command as I was unable to find "EWS
(Default Web Site)", "oab (Default Web Site)", "unifiedmessaging (Default
Web
Site)".
3) After reaserching, I run following commands to get the status, location
of WebServicesVirtualDirectory, OABVirtualDirectory & UMVirtualDirectory
[PS] C:\Windows\System32>Get-WebServicesVirtualDirectory | fl
Name : EWS (SBS Web Applications)
Server : PASVR01
InternalUrl : https://sites/EWS/Exchange.asmx
ExternalUrl :

[PS] C:\Windows\System32>Get-OABVirtualDirectory | fl
Name : OAB (SBS Web Applications)
Server : PASVR01
InternalUrl : https://sites/OAB
ExternalUrl :

[PS] C:\Windows\System32>Get-UMVirtualDirectory | fl
Name : UnifiedMessaging (SBS Web Applications)
Server : PASVR01
InternalUrl : https://sites/UnifiedMessaging/Service.asmx
ExternalUrl :
4) Then after getting the correct locations of all the directory I run the
following commands to change the internal url on existing Certs
Set-ClientAccessServer -Identity PASVR01 -AutodiscoverServiceInternalUri
https://pasvr01/owa/autodiscover/autodiscover.xml
Set-WebServicesVirtualDirectory -Identity "PASVR01\EWS (SBS Web
Applications)" -InternalUrl https://pasvr01/owa/ews/exchange.asmx
Set-OABVirtualDirectory -Identity "PASVR01\OAB (SBS Web Applications)"
-InternalUrl https://pasvr01/owa/oab
Set-UMVirtualDirectory -Identity "PASVR01\UnifiedMessaging (SBS Web
Applications)" -InternalUrl
https://pasvr01/owa/unifiedmessaging/service.asmx
5) However, this does'nt resolved our issue so run the following commands
to
change the external url on existing Certs
Set-WebServicesVirtualDirectory -Identity "PASVR01\EWS (SBS Web
Applications)" -ExternalUrl
https://exchange.domain.com/owa/ews/exchange.asmx
Set-OABVirtualDirectory -Identity "PASVR01\OAB (SBS Web Applications)"
-ExternalUrl https://exchange.domain.com/owa/oab
Set-UMVirtualDirectory -Identity "PASVR01\UnifiedMessaging (SBS Web
Applications)" -ExternalUrl
https://exchange.domain.com/owa/unifiedmessaging/service.asmx
6) I also tried running "New-ExchangeCertificate -PrivateKeyExportable
$True
-Services “IMAP, POP, IIS, SMTP” -SubjectName “cn=PASVR01" as I have
deleted
one of the certicate on this server in past.
7) Following was the status of internal and external URL.
[PS] C:\Windows\System32>Get-WebServicesVirtualDirectory | fl
Name : EWS (SBS Web Applications)
Server : PASVR01
InternalUrl : https://pasvr01/owa/ews/exchange.asmx
ExternalUrl : https:// exchange.domain.com
/owa/ews/exchange.asmx

[PS] C:\Windows\System32>Get-OABVirtualDirectory | fl
Name : OAB (SBS Web Applications)
Server : PASVR01
InternalUrl : https://pasvr01/owa/oab
ExternalUrl : https:// exchange.domain.com/owa/oab

[PS] C:\Windows\System32>Get-UMVirtualDirectory | fl
Name : UnifiedMessaging (SBS Web Applications)
Server : PASVR01
InternalUrl :
https://pasvr01/owa/unifiedmessaging/service.asmx
ExternalUrl : https://exchange.
domain.com/owa/unifiedmessaging/service.asmx

10) Still we are facing this issue of "The name on the security
certificate
is invalid or does not match the name of the site" in outlook.

PLEASE HELP ME TO RESOLVE THIS ISSUE.

Thanks in Advance,

Asif


.

Relevant Pages

  • Re: Outlook over internet RPC not working
    ... The cert was already in that store, ... same certificate, and then regardless of the configuration on the working ... Checked all Outlook over the Internet settings? ...
    (microsoft.public.windows.server.sbs)
  • Re: Macro sending email how to disable warning?
    ... I'm looking up selfcert stuff for Outlook. ... ' Set app at start of day and uniquely identify Meeting item with *!* to ... self-generated certificate included in Office. ... Each user would have to generate a cert and sign the VBA ...
    (microsoft.public.outlook.program_vba)
  • Re: Outlook RPC over HTTp deosnt work
    ... Go to remote web workplace (or Outlook Web Access), accept the certificate prompt, 'view', and 'install' the certificate - accepting all the defaults. ... > when you try to use RPC over HTTP to connect the Exchange Server. ...
    (microsoft.public.windows.server.sbs)
  • Re: How to get Digital Certificate for Outlook 2007?
    ... you can import your cert from Thawte or any other provider; ... Outlook 2007 I don't seem to get the certificate. ... I also created a verisign 60 trial cert which I am going to test out. ...
    (microsoft.public.security)
  • Re: RPC over HTTP
    ... We have already set up Outlook Web Access and purchase a SSL Certificate ... I have used the "outlook.exe /rpcdiag" to see if it uses the HTTP ... firewall through to the exchange server. ...
    (microsoft.public.windows.server.sbs)