No announcement yet.

RPC over HTTPs Certificate security alert

  • Filter
  • Time
  • Show
Clear All
new posts

  • RPC over HTTPs Certificate security alert

    Hi Guys I am currently running Exchange 2010 with many mailboxes over 6 databases. I am using a CASarray and have had no reports of any issues with internal users using outlook to connect to their mailboxes.

    I now have a bunch of 20 users who have no mailboxes on our domain and are configuring outlook to connect to a cloud exchange environment. Strangely enough when the complete the outlook profile they get a security alert "the name on the security certificate in invalid and does not match the name of the site" this alert is coming from our cas host server1.internaldomain.local where our certificate is configured for *

    Firstly I can not get my head around why the profile needs to attempt to use or certificate as the mailbox is on a 3rd party cloud. Secondly I am not sure why it is sending data back on the local server record and not the record on the certificate.

    Any help will be appreciated

  • #2
    Re: RPC over HTTPs Certificate security alert

    is it the same domain as the internal domain?
    is it actually connecting to the cloud hosted service ?
    Please do show your appreciation to those who assist you by leaving Rep Point


    • #3
      Re: RPC over HTTPs Certificate security alert

      The outlook client does connect to the external cloud service yes but I get the security alert box popup twice saying the certificate name is not the same as the server responding.

      Here are the details:

      * is being used to set up the user to access cloud email
      * certificate warning coming from server1.domain.local & server2.domain.local. These are my internal CAS/HUB/MBX servers

      Thanks in advance


      • #4
        Re: RPC over HTTPs Certificate security alert

        Outlook will query the Windows domain for Autodiscover information first. Always does. Therefore if the client is a member of your domain and you have Exchange installed, then it will ask your server for the information. Only if that fails will the client move on to external queries.

        You also need to check how DNS is resolving internally. It may well be that the host name that they are trying to connect to externally resolves internally. There isn't enough information in your post to know if that is the case or not.

        Furthermore, with the changes to the SSL rules, you should really be using an external host name internally for everything - no .locals in any of the Exchange URLs.

        Simon Butler
        Exchange MVP

        More Exchange Content:
        Exchange Resources List:
        In the UK? Hire me:

        Sembee is a registered trademark, used here with permission.