Exchange 2007 ISA 2006 (bin am verzweifeln please help)

1. offizieller Beitrag

    Hallo Kollegen


    Leider habe ich folgendes Problem, ich habe einen ISA 2006 Server der auf Unser CAS Server verweist,
    nun jedoch habe ich jetzt das bekannte Zertifikat Problem, mit den mehreren Domänen Namen problem,
    (http://msexchangeteam.com/archive/2007/02/19/435472.aspx)
    (also das traurige ist das dies durch einen externen Experten installierte wurde) also ich habe extern
    die mail Adresse webmail.unserdomain.com und intern ist casserver.unserdomain.net.


    Ich habe ein Zertifikat erstellet mit der folgender Lösung, jedoch sobald ich dieses Zertifikat aktiviere geht's intern jedoch extern dann nichts mehr, kann ich den nicht intern mein Zertifikat verwenden und extern auf dem ISA VeriSign?


    There is a work around. I have deployed OWA with ISA 2006. I had already a 3rd party certificate. The certificate was issued on the following address webmail.domain.com. I could not use this certificate on the new exchange 2007 server. To get rid of the certificate error on outlook users internally i have created a certifcate request on exchange 2007 server with the powershell commandlet

    New-ExchangeCertificate -generaterequest -subjectname "C=NL,DC=Organisationname,O=Org description,CN=domain.com" -domainname webmail.domain.com,autodiscover.domain.com, cas1.domain.local, cas1 -path c:\certrequest_cas01.txt

    This is a certificate request with multiple host and domain names. There is external domian name and also the local domain name on the certificate.

    After creating the request, I opened from IE my DC certificate services http://192.168.0.1/certsrv
    select the Request a certificate and then advanced certificate request.</LOCID< Font> then Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.

    Paste the csr that is creaated with the exchange cmdlet in to the field and select the Web server certificate template. Than
    submit the request. The certificate will be created download it and place it some where.

    Import the created certificate in to exhcange server with the cmdlet and not with de certificate mmc snapin. After importing the certificate change the certificate on the IIS to the new created certificate. The clients must have the certificate autohoruty root cert in the client pc's. That is achived when you already did deploy the certificate services on your network. The certificate error must disappeer and OWA will also work just fine. This is only to fix internally the cert problems. If you want to deploy autodiscover.domain.com on external side of your network than you must buy a 3rd party UC with multiple hostnames.

    I have put the following host and domainnames in the cert request.

    - domain.com (external domain)
    - webmail.domain.com
    - autodiscover.domain.com
    - cas1 (exchange server name)
    - cas.domain.local
    - domain.local (internal domain)

    I hope that will solve your problem.


    Gruss
    Jahn :pint:

    Hallo MAJO


    Ja der Experte ist der meinung das es seit ISA 2006 möglich sei, nun mit folgendener KB konte ich das problem lösen....



    Warning message when you start Outlook 2007 and then connect to a mailbox that is hosted on an Exchange 2007-based server: "The name of the security certificate is invalid or does not match the name of the site"With the following steps I think we can solve this problem, but please check first this solution, I am not the expert..
    (http://support.microsoft.com/kb/940726/en-us)


    Gruss
    Jahn