Tick - The security certificate is from a trusted certifying authority.
Tick - The security certificate date is valid.
Cross - The name on the security certificate is invalid or does not match the name of the site.
If you press "Proceed", everything runs as normal. This is an annoying message that is caused by some improperly configured Exchange settings (normally caused by initially using a self-signed cert, then later replacing it with a purchased one), all of which are easily rectified after following KB940726, however below I've included the modified instructions for this to apply to an SBS installation.
In the following instructions, "CAS_Server_Name" should be replaced with your internal SBS name, such as "SBS2008" and "office.example.com" should be replaced with the URL you use to gain access to the SBS from the Internet. Also, all lines beginning with [PS] are single lines - everything in bold is the one command and there are no spaces between the minus signs (-) and the property names immediately after them.
- Start the Exchange Management Shell.
- To check the current settings of the ClientAccessServer property, enter the following command:
[PS] Get-ClientAccessServer | FL
If AutoDiscoverServiceInternalUri is not set to your external Uri (such as https://office.example.com/autodiscover/autodiscover.xml), then
- Modify the Autodiscover URL in the Service Connection Point. The Service Connection Point is stored in the Active Directory directory service. To modify this URL, enter the following command:
[PS] Set-ClientAccessServer -Identity "CAS_Server_Name" -AutodiscoverServiceInternalUri https://office.example.com/autodiscover/autodiscover.xml
- Modify the Autodiscover URL in the Service Connection Point. The Service Connection Point is stored in the Active Directory directory service. To modify this URL, enter the following command:
- To check the current setting of the WebServicesVirtualDirectory property, enter the following command:
[PS] Get-WebServicesVirtualDirectory
If the InternalUrl of EWS (SBS Web Applications) is not set to your external Uri (such as https://office.example.com/ews/exchange.asmx), then- Modify the InternalUrl attribute of the EWS. To do this, enter the following command:
[PS] Set-WebServicesVirtualDirectory -Identity "CAS_Server_Name\EWS (SBS Web Applications)" -InternalUrl https://office.example.com/ews/exchange.asmx
- Modify the InternalUrl attribute of the EWS. To do this, enter the following command:
- To check the current setting of the OABVirtualDirectory property, enter the following command:
[PS] Get-OABVirtualDirectory
If the InternalUrl is not set to your external Uri (such as https://office.example.com/oab), then
- Modify the InternalUrl attribute for Web-based Offline Address Book distribution. To do this, enter the following command:
[PS] Set-OABVirtualDirectory -Identity "CAS_Server_name\oab (SBS Web Applications)" -InternalUrl https://office.example.com/oab
- Modify the InternalUrl attribute for Web-based Offline Address Book distribution. To do this, enter the following command:
- To check the current setting of the UMVirtualDirectory property, enter the following command:
[PS] Get-UMVirtualDirectory
If the InternalUrl of UnifiedMessaging (SBS Web Applications) is not set to your external Uri (such as https://office.example.com/unifiedmessaging/service.asmx), then
- Modify the InternalUrl attribute of the UM Web service. To do this, enter the following command:
[PS] Set-UMVirtualDirectory -Identity "CAS_Server_Name\unifiedmessaging (SBS Web Applications)" -InternalUrl https://office.example.com/unifiedmessaging/service.asmx
Note This command is required only in an Exchange 2007 (SBS 2008) environment. This command no longer exists in an Exchange 2010 (SBS 2011) environment. Instead, the WebServices URL is used for this purpose.
- Modify the InternalUrl attribute of the UM Web service. To do this, enter the following command:
- Open IIS Manager, expand the local computer, and then in Application Pools, right-click MSExchangeAutodiscoverAppPool and click Recycle.
Next time anyone on the LAN opens Outlook and connects to your Exchange Server, the error message will not appear as we've configured the settings in Exchange Server correctly.
Update: Mark Wilton mentioned the following links to me also regarding this same issue:
A script to fix this issue from VirtualBarryMartin.me
Some PowerShell commands to fix the issue from Daniel Kenyon-Smith
Regards,
The Outspoken Wookie
13 comments:
It can also be from when the domain has wildcard DNS enabled (I have it alot over here - and its my only criticism of Heart Internet's hosting in that it's turned on by default...)
By far the clearest and easiest instructions to follow I have seen and I’ve been looking for the last 4 hours! Excellent, many thanks.
Thank sweet Jesus for people like you.
Many thanks!!
Thanks! :)
Thank you!
Great steps
Thank you so much!! I was looking for this.
Can I add something: in the command Set-WebServicesVirtualDirectory -Identity Contoso\EWS* -ExternalUrl https://www.contoso.com/ews/exchange.asmx it worked with the * added. Perhaps handy for other users as well to know.
Your steps were really easy to follow!!
Hello, I had followed all the steps but i still getting the warning message. Any thing else that can be done? Thank you
Thanks for this great Instruction!!! :-**
For those who have trouble using the Get-UMVirtualDirectory CMDlet:
In Exchange Server 2010, all the Web services required by the UM server will be hosted by the CAS server. In fact, the specific UM Web service is merged into the EWS Web service. That means no separated authentication or separated virtual directory for Exchange UM Web Service
Source: http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/36cc46bf-b78f-41af-839f-92c60e9576d0/
I had been trying to get this resolved all day - until I found your post. These are the first complete instructions I have found written specifically for SBS 2008.
Many thanks. May God bless you, and I mean it, for taking the time to write this!
WOOKIE...
You da man!
Thanks for the complete info/commands on this issue.
*S*alute
Hi Hilton,
I would just like to confirm. Changes in the URLs can make an impact to the email flow and could result into an issue, are the steps reversible? Can we use the same steps to revert the changes?
Thank You,
Arnel
Thank you so so much, i have been looking everywhere to solve this issue. God bless!
Post a Comment