Share via

Certificate name mismatch error in Outlook after changing certificate

Cristian Ruiz 191 Reputation points
2022-03-27T00:25:16.607+00:00

Hi!
Iam in a middle of a testing phase for a migration of an exchange 2010 up to Exchange 2019, with a temporal migration to Exchange 2016. Ok, the customer is using a public certificate in Exchange 2010 with a name like whatever.domain.com. I have already migrated to Exchange 2016, and I have changed the default certificate to the public one, so I configured all virtual directories from servername.domain.local name to whatever.domain.com name for both external and internal URLs. And the problem is that Oulook clients are reporting the certificate name mismatch error even I have already changed all virtual directories name configurations. Is like still there is some configuration that makes outlook clients look for the previous name.

Does someone know what can be the cause?
thanks

Exchange | Exchange Server | Management
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Kael Yao 37,746 Reputation points Moderator
    2022-03-28T06:04:04.57+00:00

    Hi anonymous user

    Does this issue only occur on domain-joined clients?
    If yes, have you configured the autodiscover SCP record to be autodiscover.whatever.domain.com? (By default it would be the server FQDN: serverame.domain.local)

    You may use this commend in Exchange Management Shell to check the setting on Exchange 2016: 

    Get-ClientAccessService -identity <Exchange 2016> | Select AutodiscoverServiceInternalUri

    If it shows the server FQDN, you may use the following commend to change it to autodiscover.whatever.domain.com (which should be included in the public certificate): 

    Set-ClientAccessService -Identity <Exchange 2016> -AutoDiscoverServiceInternalUri https://autodiscover.whatever.domain.com/Autodiscover/Autodiscover.xml

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  2. Cristian Ruiz 191 Reputation points
    2022-03-28T12:50:53.11+00:00

    Hi! thanks for your reply.
    I have already configured the AutodiscoverServiceInternalUri value. But, now I realized that I configured using the name "whatever.domain.com" and not "autodiscover.whatever.domain.com". The certificate has the *.domain.com name. May be the correct name for the AutodiscoverServiceInternalUri needs to start with the "autodiscover" name.
    I will test it.

    0 comments
  3. Cristian Ruiz 191 Reputation points
    2022-03-28T13:04:19.477+00:00

    But the weird think is that the AutodiscoverServiceInternalUri is already configured with the "whatever.domain.com" name, and outlook keeps warning about a name mismatch reporting the old name with the servername.domain.local name. I will try it using the autodiscover.domain.com name to see if somehing change.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.