Tuesday, 19 August 2014

Outlook 2010 Clients connecting to Exchange 2013 "Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the site's security certificate. The name on the security certificate is invalid or does not match the name of the site."

When you launch Outlook it throws the following error "Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the site's security certificate. The name on the security certificate is invalid or does not match the name of the site." I noticed from the error message that the Outlook client was trying to connect to mail.domain.local which I was surprised to see as all of the Virtual Directories should have been configured to use the mail.domain.com address. The Exchange 2013 certificate currently being used was sourced from a Public Certificate Authority and therefore did not have the .local suffix within it, therefore the error made perfect sense.

 

The first step was to reconfigure the Virtual Directories for AutoDiscover and Outlook Anywhere to confirm they were using the mail.domain.com FQDN. The following PowerShell command can be used to set the Internal AutoDiscover URL;


Set-ClientAccessServer -Identity CAS01 –AutoDiscoverServiceInternalUri https://mail.domain.com/Autodiscover/Autodiscover.xml
 

The Outlook Anywhere directories can be configured using the ECP, click on Servers and then Servers again click the Client Access (CAS) servers and use the Pencil tool to open the configuration window. Click Outlook Anywhere and ensure the directories are set to mail.domain.com.
 

I then created an SVR DNS Records for AutoDiscover, this is done using DNS Manager. Right click on the Forward Lookup Zone for your domain and select Other Resource Record, scroll down and select Service Location (SRV)  and click Create Record...
 
Fill in the New Resource Record details as shown below.
 

Expand you domain and then _tcp and you should see an SVR Record for _autodiscover.

 
Now if you re-launch Outlook there are no certificate errors. Although this worked for me in this instance due to the broad nature of this error this may not off course resolve the issue in your environment.

Comments system

Disqus Shortname