This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 82%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAB%3C/text%3E%3C/svg%3E)
Hi, I have deployed Exchange 2019 in our environment, two servers, Mail-1 and Mail-2 in primary site and one, Mail-3 on secondary site, in DAG configuration and site resilience. They are all deployed with PKI certificate (ex: mail."company".com). Internal domain is company.local. I have problem with Outlook 2016, although its connected successfully with Exchange and mail can be sent and receive, on every Outlook start, I have certificate error and sometimes its ask me for credential. ![58781-1.jpg][1] All the time is pointing me to servers with local suffix. On Exchange servers, I did configure virtual directories, for OWA, ECP and MAPI with public url: ![58674-2.jpg][2] I did consult a lot of forum, but nothing helps. Anyone? Best regards, [1]: /api/attachments/58781-1.jpg?platform=QnA [2]: /api/attachments/58674-2.jpg?platform=QnA
Hi,
Please check the Autodiscoverserviceinternaluri value. Get-ClientAccessService | select name,autodiscoverserviceinternaluri
Set it to autodiscover.domain.com and make sure that entry is added in the certificate.
Also check OAB, EWS virtual directory URL’s and Outlook Anywhere host name.
If still prompt appears, please share the screenshot by removing the personal information.
For credential prompt, it’s a different issue and we need to identify when it occurs. Make sure to check the Authentication settings in the virtual directories.
If the above suggestion helps, please click on “Accept Answer” and upvote it.
Get-ClientAccessService | select name,autodiscoverserviceinternaluri:
Certificate is with *.company.com, so its contain mail.company.com.
I did additional changes to virtual directories, as suggested. All url, public and internal, are set with https://mail.company.com/.....
Same thin again. Now only receive cert error for Mail-1.company.local and mail.company.local.
Do I need to make restart on the Exchange servers, after making this changes?
Best regards,
Aleksandar B.
You can do IISReset and check again. Restart the outlook or configure a new outlook profile to verify.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 67%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Is there any update about your issue? Have you tried running the iisreset command in your environment and verify the result again?
Yes we should use the external name as well for internal urls, since .local cannot be added to a certificate
Here is also a related thread for your reference, which lists all the configuration we need to check in detail: security warning on SSL certificate displaying internal server name
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Yes, I already did the suggestion included for url, similar as AshokM-8240 suggested.
When I made the changes, for newly created users it was working fine.
Now after day and so, works fine for everyone.
I hope it will stay like this.
Thanks everyone.
Glad to know the suggestion helped.