Outlook Security Certificate is invalid

Outlook Security Certificate is invalid
Share on:

The following article fixes the Outlook security certificate error your users get when they connect to your exchange server internally. This is typically from installing a 3rd party SSL Certificate.

(Original Article Link: http://community.spiceworks.com/how_to/show/48384-outlook-the-name-of-the-security-certificate-is-invalid-or-does-not-match-the-name-of-the-site)

Issue: Outlook anywhere works fine with third party cert, but internal Outlook clients get cert error with NETBIOS name of Exchange server.

Example: https://NetBIOS_name.contoso.com/autodiscover/autodiscover.xml

Note: I tested this on Exchange 2010 as well.

Outlook Security Certificate Resolution

Change the URLs for the appropriate Exchange 2007 components. To do this, follow these steps:

  1. Start the Exchange Management Shell.
  2. Change the Autodiscover URL in the Service Connection Point. The Service Connection Point is stored in the Active Directory directory service. To change this URL, type the following command, and then press Enter:
`Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUri https://mail.contoso.com/autodiscover/autodiscover.xml`
  1. Change the InternalUrl attribute of the EWS. To do this, type the following command, and then press Enter:
`Set-WebServicesVirtualDirectory -Identity "CAS_Server_NameEWS (Default Web Site)" -InternalUrl https://mail.contoso.com/ews/exchange.asmx`
  1. Change the InternalUrl attribute for Web-based Offline Address Book distribution. To do this, type the following command, and then press Enter:
`Set-OABVirtualDirectory -Identity "CAS_Server_nameoab (Default Web Site)" -InternalUrl https://mail.contoso.com/oab`
  1. Change the InternalUrl attribute of the UM Web service. To do this, type the following command, and then press Enter:
`Set-UMVirtualDirectory -Identity "CAS_Server_Nameunifiedmessaging (Default Web Site)" -InternalUrl https://mail.contoso.com/unifiedmessaging/service.asmx`

 _Note: The command in step 5 is required only in an Exchange 2007 environment._ This command no longer exists in an Exchange 2010 environment. Instead, the WebServices URL is used for this purpose.
  1. Open IIS Manager.
  2. Expand the local computer, and then expand Application Pools.
  3. Right-click MSExchangeAutodiscoverAppPool, and then click Recycle.

Now that you have finished, you will not see anymore certificate popups. I highly recommend issuing a proper certificate if possible, but this typically happens when your active directory is not resolvable from the outside world. Such as contsco.local instead of microsoft.com.

I live stream on Twitch and encourage you to drop in and ask a question. I regularly publish on YouTube and christitus.com, but if you need immediate assistance, check out our discord channel at Chris Titus Tech Discord.