Exchange 2010 Hoster Edition

I already blogged about the Exchange 2010 Hoster Edition… it is generally speaking not a good idea to try this in an enterprise environment… The Exchange 2010 Hoster Edition:

But currently I’m working for a hosting company, and I have to prepare a migration from Hosted Messaging and Collaboration (HMC4.5) to Exchange 2010 Hoster Edition. So, I have plenty of time to play with it… (And Greg, I have the SPLA licenses, don’t worry 😉

Continue reading Exchange 2010 Hoster Edition

The name on the security certificate is invalid or does not match the name of the site

So you installed Exchange 2007 (or Exchange 2010), you have your Outlook 2007/2010 clients, Unified Communciations certificate, configured the Exchange Webservices, Autodiscover, really anything:

Set-OWAVirtualDirectory –Identity X2007SRV\OWA (default web site) -ExternalURL -InternalURL
Set-OABVirtualDirectory –Identity X2007SRV\OAB (default web site) -ExternalURL -InternalURL
Set-WebServicesVirtualDirectory –Identity X2007SRV\EWS (default web site) -ExternalURL -InternalURL
Set-ActiveSyncVirtualDirectory –Identity X2007SRV\Microsoft-Server-ActiveSync (default web site) -ExternalURL -InternalURL
Set-ECPVirtualDirectory –Identity 2010CAS\ECP (default web ) -ExternalURL -InternalURL

But still users get this annoying certificate warning while on the internal network :“The name on the security certificate is invalid or does not match the name of the site


Troubleshooting with Outlook (right mouse click on the Outlook icon in the task bar) but all information that Outlook reveales look good:


Using the Remote Connectivity Analyzer ( doesn’t show any errors whatsoever. The error message comes from IIS, do the next step is to check the IIS Log File:


When using the Get-AutodiscoverVirtualDirectory cmdlet you can check the –InternalURL and –ExternalURL properties, and these turn out to be empty, so we have to set these properties:

Get-AutodiscoverVirtualDirectory | Set-Autodiscover –InternalURL -ExternalURL

doesn’t give the results we want. Even worse, the –InternalURL and –ExternalURL aren’t used at all in the Client Access Server (although they are enforced by the Schema). The Client Access Server object has a property called –AutodiscoverServiceInternalUri, and this property needs the complete URL to the autodiscover XML file:

Set-ClientAccessServer –Identity X2007SRV –AutodiscoverServiceInternalUri

Now the error message “The name on the security certificate is invalid or does not match the name of the site” won’t show up anymore on the Outlook clients.

Exchange Schema Versies

Every Exchange version comes with its own Active Directory Schema updates, even Cumulative Updates come with Schema updates these days. To determin the version of the Schema when it comes to Exchange you can verify the rangeUpper property of the ms-Exch-Schema-Version-Pt object in the Schema Partition as shown in the following figure (for Exchange 2013 CU8).


You can also use the following PowerShell commands to retrieve the Schema version:

$root = [ADSI]"LDAP://RootDSE"
$m = [ADSI]("LDAP://" + "CN=ms-Exch-Schema-Version-Pt," + $root.schemaNamingContext)


The following table lists all (or most) Schema versions of Exchange Server:

Exchange version Schema version
Exchange 2007 RTM 10637
Exchange 2007 SP1 1116
Exchange 2007 SP2 14622
Exchange 2007 SP3 14625
Exchange 2010 RTM 14622
Exchange 2010 SP1 14726
Exchange 2010 SP2 14732
Exchange 2010 SP3 14734
Exchange 2013 RTM 15137
Exchange 2013 CU1 15254
Exchange 2013 CU2 15281
Exchange 2013 CU3 15283
Exchange 2013 SP1 15292
Exchange 2013 CU5 15300
Exchange 2013 CU6 15303
Exchange 2013 CU7 15312
Exchange 2013 CU8 15312
Exchange 2013 CU9 15312

Page last modified: June 17, 2015