The following article fixes the Outlook security certificate error your users get when they connect to your exchange server internally. This is typically from installing a 3rd party SSL Certificate.
Issue: Outlook anywhere works fine with third party cert, but internal Outlook clients get cert error with NETBIOS name of Exchange server.
Note: I tested this on Exchange 2010 as well.
Outlook Security Certificate Resolution
Change the URLs for the appropriate Exchange 2007 components. To do this, follow these steps:
- Start the Exchange Management Shell.
- Change the Autodiscover URL in the Service Connection Point. The Service Connection Point is stored in the Active Directory directory service. To change this URL, type the following command, and then press Enter:
Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUri https://mail.contoso.com/autodiscover/autodiscover.xml
- Change the InternalUrl attribute of the EWS. To do this, type the following command, and then press Enter:
Set-WebServicesVirtualDirectory -Identity "CAS_Server_NameEWS (Default Web Site)" -InternalUrl https://mail.contoso.com/ews/exchange.asmx
- Change the InternalUrl attribute for Web-based Offline Address Book distribution. To do this, type the following command, and then press Enter:
Set-OABVirtualDirectory -Identity "CAS_Server_nameoab (Default Web Site)" -InternalUrl https://mail.contoso.com/oab
- Change the InternalUrl attribute of the UM Web service. To do this, type the following command, and then press Enter:
Set-UMVirtualDirectory -Identity "CAS_Server_Nameunifiedmessaging (Default Web Site)" -InternalUrl https://mail.contoso.com/unifiedmessaging/service.asmx
Note: The command in step 5 is required only in an Exchange 2007 environment. This command no longer exists in an Exchange 2010 environment. Instead, the WebServices URL is used for this purpose.
- Open IIS Manager.
- Expand the local computer, and then expand Application Pools.
- Right-click MSExchangeAutodiscoverAppPool, and then click Recycle.
Now that you have finished, you will not see anymore certificate popups. I highly recommend issuing a proper certificate if possible, but this typically happens when your active directory is not resolvable from the outside world. Such as
contsco.local instead of
Leave any Questions and Comments below and I will get back to you. I regularly publish on YouTube, Steemit, and christitus.com so if you’d like to see more videos and articles click the subscribe button in the top right.