The name of the security certificate is invalid or does not match the name of the site

KB ID 0000036

Problem

Seen in Outlook when connecting to a mailbox on an Exchange Server, its caused by using a self signed certificate OR a purchased certificate, where the internal and external names are different.

The name of the security certificate is invalid or does not match the name of the site

The name of the security certificate is invalid or does not match the name of the site.

Solution

Before proceeding if you have an A or CNAME record in your DNS for autodiscover  then DELETE it and setup an SRV record!

Exchange AutoDiscover Errors – Creating an AutoDiscover SRV Record

1. On the Exchange Server > Start > All Programs > Microsoft Exchange Server {version} > Exchange Management Console. Issue the following four commands;

Exchange 2019 and 2016 (change the values in red)

Note: This uses the new Set-ClientAccessService commandlet, for older versions of Exchange use Set-ClientAccessServer.

Get-WebServicesVirtualDirectory -Server EXCHANGE-MAIL | Set-WebServicesVirtualDirectory -InternalUrl https://mail.publicdomain.co.uk/ews/exchange.asmx -ExternalURL https://mail.publicdomain.co.uk/ews/exchange.asmx

Set-OWAVirtualDirectory -identity "EXCHANGE-MAIL\owa (Default Web Site)" -InternalURL https://mail.publicdomain.co.uk/owa -ExternalURL https://mail.publicdomain.co.uk/owa

Get-OABVirtualDirectory -Server EXCHANGE-MAIL | Set-OABVirtualDirectory -InternalURL https://mail.publicdomain.co.uk/OAB -ExternalURL https://mail.publicdomain.co.uk/OAB

Get-ECPVirtualDirectory -Server EXCHANGE-MAIL | Set-ECPVirtualDirectory -InternalURL https://mail.publicdomain.co.uk/ECP -ExternalURL https://mail.publicdomain.co.uk/ECP

Get-MAPIVirtualDirectory -Server EXCHANGE-MAIL | Set-MAPIVirtualDirectory -InternalURL https://mail.publicdomain.co.uk/MAPI -ExternalURL https://mail.publicdomain.co.uk/MAPI -IISAuthenticationMethods NTLM,Negotiate

Get-ActiveSyncVirtualDirectory -Server EXCHANGE-MAIL | Set-ActiveSyncVirtualDirectory -InternalURL https://mail.publicdomain.co.uk/Microsoft-Server-ActiveSync -ExternalURL https://mail.publicdomain.co.uk/Microsoft-Server-ActiveSync

Set-OutlookAnywhere -identity "EXCHANGE-MAIL\RPC (Default Web Site)" -ExternalHostname mail.publicdomain.co.uk -InternalHostname mail.publicdomain.co.uk -InternalClientsRequireSSL $true -ExternalClientsRequireSsl $true -ExternalClientAuthenticationMethod:NTLM

Set-ClientAccessService -Identity EXCHANGE-MAIL -AutoDiscoverServiceInternalUri https://mail.publicdomain.co.uk/Autodiscover/Autodiscover.xml

Exchange 2013 (change the values in red)

Set-ClientAccessServer -Identity EXCHANGE-MAIL -AutodiscoverServiceInternalUri https://mail.publicdomain.co.uk/autodiscover/autodiscover.xml
 
Get-WebServicesVirtualDirectory -Server EXCHANGE-MAIL | Set-WebServicesVirtualDirectory -InternalUrl https://mail.publicdomain.co.uk/ews/exchange.asmx -ExternalURL https://mail.publicdomain.co.uk/ews/exchange.asmx
 
Set-OWAVirtualDirectory -identity "EXCHANGE-MAIL\owa (Default Web Site)" -InternalURL https://mail.publicdomain.co.uk/owa -ExternalURL https://mail.publicdomain.co.uk/owa
 
Get-OABVirtualDirectory -Server EXCHANGE-MAIL | Set-OABVirtualDirectory -InternalURL https://mail.publicdomain.co.uk/OAB -ExternalURL https://mail.publicdomain.co.uk/OAB
 
Get-ECPVirtualDirectory -Server EXCHANGE-MAIL | Set-ECPVirtualDirectory -InternalURL https://mail.publicdomain.co.uk/ECP -ExternalURL https://mail.publicdomain.co.uk/ECP
 
Get-MAPIVirtualDirectory -Server EXCHANGE-MAIL | Set-MAPIVirtualDirectory -InternalURL https://mail.publicdomain.co.uk/MAPI -ExternalURL https://mail.publicdomain.co.uk/MAPI -IISAuthenticationMethods NTLM,Negotiate
 
Get-ActiveSyncVirtualDirectory -Server EXCHANGE-MAIL | Set-ActiveSyncVirtualDirectory -InternalURL https://mail.publicdomain.co.uk/Microsoft-Server-ActiveSync -ExternalURL https://mail.publicdomain.co.uk/Microsoft-Server-ActiveSync
 
Set-OutlookAnywhere -identity "EXCHANGE-MAIL\RPC (Default Web Site)" -ExternalHostname mail.publicdomain.co.uk -InternalHostname mail.publicdomain.co.uk -InternalClientsRequireSSL $true -ExternalClientsRequireSsl $true -ExternalClientAuthenticationMethod:NTLM

 

Exchange 2010 and SBS 2011 (change the values in red)

Set-ClientAccessServer -Identity EXCHANGE-MAIL -AutodiscoverServiceInternalUri https://mail.publicdomain.co.uk/autodiscover/autodiscover.xml

Set-WebServicesVirtualDirectory -Identity "EXCHANGE-MAIL/EWS (Default Web Site)" –InternalUrl https://mail.publicdomain.co.uk/EWS/Exchange.asmx

Set-OABVirtualDirectory -Identity “EXCHANGE-MAIL/OAB (Default Web Site)” -InternalURL https://mail.publicdomain.co.uk/OAB

Set-ActiveSyncVirtualDirectory -Identity “EXCHANGE-MAIL/Microsoft-Server-ActiveSync (Default Web Site)” -InternalURL https://mail.publicdomain.co.uk/Microsoft-Server-Activesync

Note:If you get repeated certificate prompts for ‘autodiscover.domain.com’ that should be from ‘mail.domain.com’, create an SRV record (_autodiscover) to redirect to mail.domain.con

Outlook Anywhere Note

If you intend to use Outlook Anywhere, you may also want to execute the following command. Particularly if you use SBS, which has a habit of setting remote.publicdomain.com as the default outside name.

Set-WebServicesVirtualDirectory –Identity ‘EXCHANGE-MAIL/EWS (Default Web Site)’ –ExternalUrl https://mail.publicdomain.co.uk/ews/exchange.asmx

Exchange 2007 (change the values in red)

Set-ClientAccessServer -Identity EXCHANGE-MAIL -AutodiscoverServiceInternalUri https://mail.publicdomain.co.uk/autodiscover/autodiscover.xml

Set-WebServicesVirtualDirectory -Identity "EXCHANGE-MAIL/EWS (Default Web Site)" -InternalUrl https://mail.publicdomain.co.uk/ews/exchange.asmx

Set-OABVirtualDirectory -Identity "EXCHANGE-MAIL/oab (Default Web Site)" -InternalUrl https://mail.publicdomain.co.uk/oab

Set-UMVirtualDirectory -Identity "EXCHANGE-MAIL/unifiedmessaging (Default Web Site)" -InternalUrl https://mail.publicdomain.co.uk/unifiedmessaging/service.asmx

For Small Business Server 2008

For SBS 2008 the commands are Different! (the following commands are for Exchange 2007 on SBS 2008 ONLY;

Set-ClientAccessServer -Identity EXCHANGE-MAIL -AutodiscoverServiceInternalUri https://mail.publicdomain.co.uk/autodiscover/autodiscover.xml

Set-WebServicesVirtualDirectory -Identity "EXCHANGE-MAIL/EWS (SBS Web Applications)" -InternalUrl https://mail.publicdomain.co.uk/ews/exchange.asmx

Set-OABVirtualDirectory -Identity "EXCHANGE-MAIL/oab (SBS Web Applications)" -InternalUrl https://mail.publicdomain.co.uk/oab

et-UMVirtualDirectory -Identity "EXCHANGE-MAIL/unifiedmessaging (SBS Web Applications)" -InternalUrl https://mail.publicdomain.co.uk/unifiedmessaging/service.asmx

Note: where EXCHANGE-MAIL is internal and mail.publicdomain.co.uk is external name

2. Then open the IIS Manager Expand Application Pools > MSExchangeAutodiscoverAppPool > Right Click > Recycle.

Note: You may have to enter the FQDN of the server rather than its Netbios name!!

Related Articles, References, Credits, or External Links

Original article written 04/11/11 – Updated 07/03/13

Author: Migrated

Share This Post On