Article ID: 981954 - View products that this article applies to.
Consider the following scenario:
The name of the security certificate is invalid or does not match the name of the site.
This issue occurs if the following conditions are true:
Note This issue applies only to Outlook clients that connect to Exchange from inside a local network, where Exchange 2007 is installed on a Small Business Server 2008 server. This issue does not apply to remote Outlook clients that connect to Exchange by using Outlook Anywhere. By default, the URL that is stored in these objects references the NetBIOS name of the server. An example is a URL that resembles the following:
https://NetBIOS_name.contoso.com/autodiscover/autodiscover.xmlThis may differ from the host name that is used in the FQDN of the replacement certificate. For example, the replacement certificate may have an FQDN that resembles the following:
To resolve this issue, use the following methods.
Method 1: Use the Internet Address Management WizardTo resolve this issue, follow these steps:
Introducing the Internet Address Management Wizard: Part 1 of 3If you still receive the security warnings after you follow these steps, use Method 2.
Introducing the “Add a Trusted Certificate Wizard” in SBS 2008
Troubleshooting Certificate Mismatch Warnings in Outlook 2007 Clients on Small Business Server 2008
Method 2: Change the URLs for the appropriate Exchange 2007 componentsTo do this, follow these steps:
Note On Small Business Server 2008, Exchange 2007 is installed as a part of the Out of the Box Experience (OOBE) Setup. When you install, all the virtual directories that relate to Exchange are created under a Web site that is named "SBS Web Applications" instead of "Default Web Site." This Web site is configured to listen on port 443 for secure http requests and has a certificate binding that can be a self-issued certificate or public certificate.
The URL for the Autodiscover service is stored in the Service Connection Point object. By default, this URL references the internal FQDN of the CAS that is present when Autodiscover is installed. For example, the following URL is set:
https://servername.contoso.local/autodiscover/autodiscover.xmlIn this example, the FQDN references the internal namespace. Generally, this namespace differs from the externally-accessible namespace, such as mail.contoso.com.
If the internal namespace differs from the external namespace, and if you cannot use a certificate that supports Subject Alternative Names, use the Set-ClientAccessServer task in Exchange Management Shell to change the URL. In this scenario, you must change the URL to point to the new location for Autodiscover. For example, use the following command to point to the new location for Autodiscover:
Set-ClientAccessServer –AutodiscoverServiceInternalUri https://mail .contoso.com/autodiscover/autodiscover.xmlFor more information about third-party certification authorities that provide certificates that support Subject Alternative Names, click the following article number to view the article in the Microsoft Knowledge Base:
(https://support.microsoft.com/kb/929395/ )Unified Communications Certificate Partners for Exchange 2007 and for Communications Server 2007
Article ID: 981954 - Last Review: September 10, 2011 - Revision: 2.0