# Monday, August 17, 2009

Exchange 2007 and Certificate Security Alert when using External name vs Internal name

We recently moved to Exchange 2007 and are using our public certificate (which is different from our internal server name). Because of this we get the popup that informs us that our certificate name is different from the site that we are trying to contact.



This can cause issues if the people click "No" as opposed to "Yes" (more on this blog). There are a couple of solutions - change the certificate (if the CA will let you) to have an alternate name; or do the steps listed below.
  1. Open the Exchange Management Shell on the hub server.

  2. Take a looksee at your ClientAccessServer (CAS) settings -> at the shell window type:

    Get-ClientAccessServer | fl

    You should see the following. What you are looking for is the "AutoDiscoverServiceInternalUri". As you will note it is different than what is on your certificate. We are going to change it to match. Note that the "fl" portion gives you a nice flowing perspective.



  3. Backup your current CAS setting because we do work in IT and are therefore rightfully paranoid. Hey, it never hurts. I always append the date but the naming is up to you. At the shell window type:

    Get-ClientAccessServer <your x07 hub server's net bios name here> | fl > <filename>



  4. Now, take a looksee at the "InternalUrl" of the WebServicesVirtualDirectory settings -> at the shell window type:

    Get-WebServicesVirtualDirectory | fl Identity,InternalUrl



    Note that in this case, adding the "Identity,InternalUrl" after the "fl" filters what information will be displayed to only the Identity and the InternalUrl (which are are going to use). If you do not include anything after the "fl" it will show you all the information. You can specify what particular pieces you want displayed by listing them after it, separated by commas. Also note that for this command YOU DO NOT SPECIFY THE SERVER.

  5. Again, let's back this up ->

    Get-WebServicesVirtualDirectory | fl > "c:\wsvdInfo081709.txt"

  6. Set the internal name by typing at the command shell window:

    Set-ClientAccessServer <your x07 hub server's net bios name here> -AutoDiscoverServiceInternalUri https://<the Issue TO name on the Certificate such as www.mydomain.com>/Autodiscover/Autodiscover.xml



  7. Set the WebServicesVirtualDirectory appropriately

    Set-WebServicesVirtualDirectory "<your x07 hub server's net bios name here>\EWS (Default Web Site)" -InternalUrl https://<the Issue TO name on the Certificate such as www.mydomain.com>/EWS/Exchange.asmx


And you should be good to go...
Exchange 2007
#    Comments [0] | Trackback
Comments are closed.