Certificate warning message

Brass Contributor

We have an issue with outlook client starting showing the "certificate invalid" message while connecting via VPN.

The environment is an exchange 2010 DAG with CAS enabled.

Outlook Anywhere IS NOT enabled.

Each server is configured as follows
2024-02-12 09_46_58-SRVWEXP01.png

 

We recently introduced exchange 2016, which is currently not used, in the environment to make the migration.

Since then the users accessing exchange via VPN are presented the "certificate" warning for

owa.xxx.local/owa

 

How can this change in behavior would happen without changing any configuration.

Is the mere introduction of exchange 2016 causing this?

 

What if we configure the "external" url to something like OWA.xxx.COM/owa leaving the internal URL the same ?

Will it impact in any way the "internal" accessibility since we'll need to bind the *.com certificate ?

 

2 Replies
You need to install the SSL certificate on the new Exchange server and update all the virtual directories and Autodiscover SCP records on the new server to match the name in the certificate.

Domain joined machines (VPN connectivity probably mimics the machine being on the local LAN) will automatically try and use the SCP of the latest Exchange server, so they are probably trying to connect to the new Exchange server. You can control client access via DNS when the autodiscover SCP record is updated
Hi Dan,
sure I did it on the new servers. I immediately changed the autodiscover and all other url to point to the Url we selected to be used and solved by the certificate we installed.
The strange thing is that client started to use the "external" url setting on the old server, which by the way was incorrectly set.