The name on the security certificate is invalid or does not match the name of the site

So you installed Exchange 2007 (or Exchange 2010), you have your Outlook 2007/2010 clients, Unified Communciations certificate, configured the Exchange Webservices, Autodiscover, really anything:

Set-OWAVirtualDirectory –Identity X2007SRV\OWA (default web site) -ExternalURL https://webmail.inframan.nl/OWA -InternalURL https://webmail.inframan.nl/OWA
Set-OABVirtualDirectory –Identity X2007SRV\OAB (default web site) -ExternalURL https://webmail.inframan.nl/OAB -InternalURL https://webmail.inframan.nl/OAB
Set-WebServicesVirtualDirectory –Identity X2007SRV\EWS (default web site) -ExternalURL https://webmail.inframan.nl/ews/exchange.asmx -InternalURL https://webmail.inframan.nl/ews/exchange.asmx
Set-ActiveSyncVirtualDirectory –Identity X2007SRV\Microsoft-Server-ActiveSync (default web site) -ExternalURL https://webmail.inframan.nl/Microsoft-Server-ActiveSync -InternalURL https://webmail.inframan.nl/Microsoft-Server-ActiveSync
Set-ECPVirtualDirectory –Identity 2010CAS\ECP (default web ) -ExternalURL https://webmail.inframan.nl/ECP -InternalURL https://webmail.inframan.nl/ECP

But still users get this annoying certificate warning while on the internal network :“The name on the security certificate is invalid or does not match the name of the site

image

Troubleshooting with Outlook (right mouse click on the Outlook icon in the task bar) but all information that Outlook reveales look good:

image

Using the Remote Connectivity Analyzer (www.testexchangeconnectivity.com) doesn’t show any errors whatsoever. The error message comes from IIS, do the next step is to check the IIS Log File:

image

When using the Get-AutodiscoverVirtualDirectory cmdlet you can check the –InternalURL and –ExternalURL properties, and these turn out to be empty, so we have to set these properties:

Get-AutodiscoverVirtualDirectory | Set-Autodiscover –InternalURL https://webmail.inframan.nl/autodiscover/autodiscover.xml -ExternalURL https://webmail.inframan.nl/autodiscover/autodiscover.xml

doesn’t give the results we want. Even worse, the –InternalURL and –ExternalURL aren’t used at all in the Client Access Server (although they are enforced by the Schema). The Client Access Server object has a property called –AutodiscoverServiceInternalUri, and this property needs the complete URL to the autodiscover XML file:

Set-ClientAccessServer –Identity X2007SRV –AutodiscoverServiceInternalUri https://autodiscover.inframan.nl/autodiscover/autodiscover.xml

Now the error message “The name on the security certificate is invalid or does not match the name of the site” won’t show up anymore on the Outlook clients.

Exchange Schema Versies

Every Exchange version comes with its own Active Directory Schema updates, even Cumulative Updates come with Schema updates these days. To determin the version of the Schema when it comes to Exchange you can verify the rangeUpper property of the ms-Exch-Schema-Version-Pt object in the Schema Partition as shown in the following figure (for Exchange 2013 CU8).

image

You can also use the following PowerShell commands to retrieve the Schema version:

$root = [ADSI]"LDAP://RootDSE"
$m = [ADSI]("LDAP://" + "CN=ms-Exch-Schema-Version-Pt," + $root.schemaNamingContext)
$m.rangeUpper

image

The following table lists all (or most) Schema versions of Exchange Server:

Exchange version Schema version
Exchange 2007 RTM 10637
Exchange 2007 SP1 1116
Exchange 2007 SP2 14622
Exchange 2007 SP3 14625
Exchange 2010 RTM 14622
Exchange 2010 SP1 14726
Exchange 2010 SP2 14732
Exchange 2010 SP3 14734
Exchange 2013 RTM 15137
Exchange 2013 CU1 15254
Exchange 2013 CU2 15281
Exchange 2013 CU3 15283
Exchange 2013 SP1 15292
Exchange 2013 CU5 15300
Exchange 2013 CU6 15303
Exchange 2013 CU7 15312
Exchange 2013 CU8 15312

Page last modified: March 15, 2015

Follow

Get every new post delivered to your Inbox.

Join 27 other followers