Tag Archives: Warning

The name on the security certificate is invalid or does not match the name of the site

So you installed Exchange 2007 (or Exchange 2010), you have your Outlook 2007/2010 clients, Unified Communciations certificate, configured the Exchange Webservices, Autodiscover, really anything:

Set-OWAVirtualDirectory –Identity X2007SRV\OWA (default web site) -ExternalURL https://webmail.inframan.nl/OWA -InternalURL https://webmail.inframan.nl/OWA
Set-OABVirtualDirectory –Identity X2007SRV\OAB (default web site) -ExternalURL https://webmail.inframan.nl/OAB -InternalURL https://webmail.inframan.nl/OAB
Set-WebServicesVirtualDirectory –Identity X2007SRV\EWS (default web site) -ExternalURL https://webmail.inframan.nl/ews/exchange.asmx -InternalURL https://webmail.inframan.nl/ews/exchange.asmx
Set-ActiveSyncVirtualDirectory –Identity X2007SRV\Microsoft-Server-ActiveSync (default web site) -ExternalURL https://webmail.inframan.nl/Microsoft-Server-ActiveSync -InternalURL https://webmail.inframan.nl/Microsoft-Server-ActiveSync
Set-ECPVirtualDirectory –Identity 2010CAS\ECP (default web ) -ExternalURL https://webmail.inframan.nl/ECP -InternalURL https://webmail.inframan.nl/ECP

But still users get this annoying certificate warning while on the internal network :“The name on the security certificate is invalid or does not match the name of the site


Troubleshooting with Outlook (right mouse click on the Outlook icon in the task bar) but all information that Outlook reveales look good:


Using the Remote Connectivity Analyzer (www.testexchangeconnectivity.com) doesn’t show any errors whatsoever. The error message comes from IIS, do the next step is to check the IIS Log File:


When using the Get-AutodiscoverVirtualDirectory cmdlet you can check the –InternalURL and –ExternalURL properties, and these turn out to be empty, so we have to set these properties:

Get-AutodiscoverVirtualDirectory | Set-Autodiscover –InternalURL https://webmail.inframan.nl/autodiscover/autodiscover.xml -ExternalURL https://webmail.inframan.nl/autodiscover/autodiscover.xml

doesn’t give the results we want. Even worse, the –InternalURL and –ExternalURL aren’t used at all in the Client Access Server (although they are enforced by the Schema). The Client Access Server object has a property called –AutodiscoverServiceInternalUri, and this property needs the complete URL to the autodiscover XML file:

Set-ClientAccessServer –Identity X2007SRV –AutodiscoverServiceInternalUri https://autodiscover.inframan.nl/autodiscover/autodiscover.xml

Now the error message “The name on the security certificate is invalid or does not match the name of the site” won’t show up anymore on the Outlook clients.