Skip to main content
Domain.local error

Exchange SSL Certificate .local Error in Outlook

Exchange SSL Certificate .local Error in Outlook

Problem:

Recently, one of my friend implemented exchange in his environment. He purchased SSL certificate and installed in his Servers. Every thing is working, except one small problem. All users connecting through Outlook locally, are getting the following error:

Domain.local error

Outlook is giving error because the SSL Certificate does not have local name of the Client Access Servers in the “Subject Alternative Names”. Cas1.domain.local in our case is a .local name, as a result it cannot be added to the SSL SAN name.

Solution:

The solution is to change the Autodisocver internal .local names to the external name that is already listed in Subject alternative names. For that we need to change few settings through Powershell on both of the Client Access Servers.
Modify the Autodiscover URL in service connection point on Client Access Servers (Cas1 and Cas2 in our case).

Step 1:

Set-ClientAccessServer -Identity CAS1 -AutodiscoverServiceInternalUri https://mail.contoso.com/autodiscover/autodiscover.xml
Set-ClientAccessServer -Identity CAS2 -AutodiscoverServiceInternalUri https://mail.contoso.com/autodiscover/autodiscover.xml

Step 2:

Modify the internal URL in EWS.
Set-WebServicesVirtualDirectory -Identity “Cas1EWS (Default Web Site)” -InternalUrl https://mail.contoso.com/ews/exchange.asmx
Set-WebServicesVirtualDirectory -Identity “Cas2EWS (Default Web Site)” -InternalUrl https://mail.contoso.com/ews/exchange.asmx

Step 3:

Modify the internal URL of OfflineAddressBook
Set-OABVirtualDirectory -Identity “Cas1oab (Default Web Site)” -InternalUrl https://mail.contoso.com/oab
Set-OABVirtualDirectory -Identity “Cas2oab (Default Web Site)” -InternalUrl https://mail.contoso.com/oab

Finally, we need to Recycle the MSExchangeAutodiscoverAppPool to disconnect any current sessions.

  • Open IIS, expand Local Computer, then Application Pools.
  • Right Click “MSExchangeAutodiscoverAppPool” and click Recycle.
Now go to the User’s outlook, close it and open again. No more errors for .local certificate.

Exchange 2010 Update to Sp3 Outlook Anywhere not working

Exchange 2010 Update to Sp3 Outlook Anywhere not working

Problem:

One of my friend recently upgraded his Exchange 2010 from SP1 to Sp3. He also installed the latest rollup (Rollup 15). After that the Outlook anywhere stopped working.

He called me for help, and i asked for the details of the environment.

2 Exchange 2010 Mailbox Servers in a DAG
2 Exchange 2010 Hub/CAS Servers in NLB

Tested the required ports, from locally and externally, they were open.

Checked the exchange Autodiscovery settings, that was also ok.

Then i checked https://testconnectivity.microsoft.com to test autodiscovery and there was an error.

Testing Http Authentication Methods for URL  https://mail.mydomain.com/rpc/rpcproxy.dll
The HTTP authentication  test failed.

Solution:

Tried to find any solution for this problem, but none of them helped me.

Finally, i disabled the outlook anywhere in exchange, waited few minutes and then enabled again.

And wow it was working, Some how rpcproxy.dll and some other related files were not behaving normally.
Disabling and enabling outlook anywhere fixed them.

Email Sharing

SMTP Sharing after Two Companies Merged Part1

SMTP Sharing after Two Companies Merged Part1

Scenario:

Few months ago, our company (CompanyA) merged with another company (CompanyB). Both of them had separate domain forests and exchange environments.The requirement was to have a new company name ComapnyC.com registered and configure the users at both companies to send and receive emails through CompanyC.com domain while keeping their existing domains and exchange functional.
Additionally, only CompanyB should receive emails from the internet, while both CompanyA and CompanyB should be allowed to send emails externally using CompanyC domain in additional to their own domain names while using their existing domains. Finally, they should also be configured to send emails internally. Details about both environments are as follows:
CompanyA
Domain: CompanyA.com
Domain Controllers: Dc1.CompanyA.com, Dc2.CompanyA.com
Exchange Servers
2 Exchange 2013 Mailbox Servers DAG
2 Exchange 2013 CAS Servers NLB
CompanyB
Domain: CompanyB.com
Domain Controllers: Dc1.CompanyB.com, Dc2.CompanyB.com
Exchange Servers
2 Exchange 2010 Mailbox Servers DAG
2 Exchange 2010 Hub/CAS Servers NLB

The solution to the above requirement is to have SMTP sharing, where Domains/Exchange at both companies can share emails for a third domain.

We followed the following steps:

Step by step: 

1. Network connectivity between both sites
2. DNS registration and MX records for new domain (DomainC.com)
3. Configure Accepted Domain for DomainC.com in both environments
4. Create Send and Receive connectors at both sites
5. Work Around for Routing Loops6. Creating Email address policies

In the next article, i will go in the details about each step.

You can check the next article here: SMTP Sharing after Two Companies Merged Part2