Skip to main content
Domain.local error

Exchange SSL Certificate .local Error in Outlook

Exchange SSL Certificate .local Error in Outlook

Problem:

Recently, one of my friend implemented exchange in his environment. He purchased SSL certificate and installed in his Servers. Every thing is working, except one small problem. All users connecting through Outlook locally, are getting the following error:

Domain.local error

Outlook is giving error because the SSL Certificate does not have local name of the Client Access Servers in the “Subject Alternative Names”. Cas1.domain.local in our case is a .local name, as a result it cannot be added to the SSL SAN name.

Solution:

The solution is to change the Autodisocver internal .local names to the external name that is already listed in Subject alternative names. For that we need to change few settings through Powershell on both of the Client Access Servers.
Modify the Autodiscover URL in service connection point on Client Access Servers (Cas1 and Cas2 in our case).

Step 1:

Set-ClientAccessServer -Identity CAS1 -AutodiscoverServiceInternalUri https://mail.contoso.com/autodiscover/autodiscover.xml
Set-ClientAccessServer -Identity CAS2 -AutodiscoverServiceInternalUri https://mail.contoso.com/autodiscover/autodiscover.xml

Step 2:

Modify the internal URL in EWS.
Set-WebServicesVirtualDirectory -Identity “Cas1EWS (Default Web Site)” -InternalUrl https://mail.contoso.com/ews/exchange.asmx
Set-WebServicesVirtualDirectory -Identity “Cas2EWS (Default Web Site)” -InternalUrl https://mail.contoso.com/ews/exchange.asmx

Step 3:

Modify the internal URL of OfflineAddressBook
Set-OABVirtualDirectory -Identity “Cas1oab (Default Web Site)” -InternalUrl https://mail.contoso.com/oab
Set-OABVirtualDirectory -Identity “Cas2oab (Default Web Site)” -InternalUrl https://mail.contoso.com/oab

Finally, we need to Recycle the MSExchangeAutodiscoverAppPool to disconnect any current sessions.

  • Open IIS, expand Local Computer, then Application Pools.
  • Right Click “MSExchangeAutodiscoverAppPool” and click Recycle.
Now go to the User’s outlook, close it and open again. No more errors for .local certificate.

Exchange 2010 Update to Sp3 Outlook Anywhere not working

Exchange 2010 Update to Sp3 Outlook Anywhere not working

Problem:

One of my friend recently upgraded his Exchange 2010 from SP1 to Sp3. He also installed the latest rollup (Rollup 15). After that the Outlook anywhere stopped working.

He called me for help, and i asked for the details of the environment.

2 Exchange 2010 Mailbox Servers in a DAG
2 Exchange 2010 Hub/CAS Servers in NLB

Tested the required ports, from locally and externally, they were open.

Checked the exchange Autodiscovery settings, that was also ok.

Then i checked https://testconnectivity.microsoft.com to test autodiscovery and there was an error.

Testing Http Authentication Methods for URL  https://mail.mydomain.com/rpc/rpcproxy.dll
The HTTP authentication  test failed.

Solution:

Tried to find any solution for this problem, but none of them helped me.

Finally, i disabled the outlook anywhere in exchange, waited few minutes and then enabled again.

And wow it was working, Some how rpcproxy.dll and some other related files were not behaving normally.
Disabling and enabling outlook anywhere fixed them.