Exchange cerficaate error

anything I don't mind · 26 Aug 2015 at 12:34

I replaced the exchange cert with one that does not include the internal domain and changed all the internal url but some outlook 2010 clients are still getting site mismatch error.

I also have a lot of schannel alerts in the syslog on exchange server.

Here is a more detail post about the problem on technet.

https://social.technet.microsoft.co...local-domain-and-cas-array?forum=exchange2010

Anyone have any ideas?

anything I don't mind · 26 Aug 2015 at 17:04

I did it all through the shell. I have checked every url there is, all have been updated correctly.

Strange it has worked for my accounts and test profiles but some users still getting it even if i try repair their profile.

anything I don't mind · 26 Aug 2015 at 18:30

It is assigned correctly to all services and in iis. I didn't add the cert myself but everything seems to be fine with it. I have removed the old one. Only the self signed cert is left and the main cert.

anything I don't mind · 26 Aug 2015 at 18:32

Ploppy2k3 said:
is it the mismatch showing a .local address or a full FQDN?

The mismatch is showing the cas fqdn which is exchangeserverhostname.domain.local. This has been removed from the cert and when the problem started. I have been told the cas server fqdn and the rpccas mailboxdatabase property should not cause ssl mismatch.

anything I don't mind · 26 Aug 2015 at 19:43

Had not changed the client receiver fqdn to the external url. Think this might have been causing the problem.

anything I don't mind · 27 Aug 2015 at 10:27

Actually it is still not fixed.

I thought that would do it as its the only url that was not changed. However i have since found out that has nothing to do with outlook or ssl so wouldn't fix it even if it was wrong.

So back to investigating the problem.

I have done iisreset, recycle autodiscover pool and restart transport service.

I am out of ideas at this point.

I have since removed the dns cname and the srv records that i created in hope to fix the problem.

anything I don't mind · 27 Aug 2015 at 16:31

[PS] C:\Windows\system32>Get-OutlookProvider
Creating a new session for implicit remoting of "Get-OutlookProvider" command...

Name Server CertPrincipalName TTL
---- ------ ----------------- ---
EXCH 1
EXPR 1
WEB 1

Looks like its not even set...?

Set-OutlookProvider EXPR -CertPrincipalName msstd:mail.contoso.com
Set-OutlookProvider EXCH -CertPrincipalName msstd:mail.contoso.com

I should run this is that right?

If i do get-outlookprivder | fl

it all looks fine apart from the server and CertPrincipalName being blank.

I have another site that i manage exchange on and get-outlookprovider is also blank there, but they don't have any problems.