Ask a question


How can we help you today?

Ask Question
Manage notifications
Subscribe to this question
Dick Summers

New public domain, can Essentials page be renamed? Certificate mismatch

My client has Windows 2016 Standard with Essentials role, and Exchange Server 2016 Standard on premise, each on their own WS2016 server, the domain name is OldDomain.local internally and OldDomain.com as the public. This has been working well for 5 months.  They have a new public domain name.

A new SSL UCC certificate NewDomain.com was generated from the Exch2016 server with friendly name of mail.newdomain.com, and subject alternative names mail.newdomain.com, www.mail.newdomain.com, and remote.newdomain.com.

The change to the new domain works fine on the Exchange 2016  after making the appropriate changes from OldDomain.com to newdomain.com.    The certificate was installed on the Exchange server 2016 and works fine.  It was then exported with the private key and imported on to the Windows 2016 Standard.  The friendly name on the [WS2016 with Essentials experience] certificate was changed from mail.newdomain.com to remote.newdomain.com.

When connecting to Anywhere Access at https://remote.newdomain.com, I see two problems:

1) browsers show security risks and recommend cancelling.  The certificate mismatch shows it is "mail.newdomain.com" instead of the expected "remote.newdomain.com"

2) the URL shows "remote.OldDomain.com"

 Questions: 1) Can the WSE be modified to accept the newdomain.com? 2) Should the UCC certificate be rekeyed or is there another solution?

asked03/31/2019 13:32
62 views
Add Comment
Dick Summers

Question 2 was resolved by creating a separate certificate.  Question 1 remains a problem.

Mariette Knap

Did you run the Access Anywhere wizard, released the old domain and installed the new domain?

replied 04/02/2019 05:25
Dick Summers

There was no documentation on the “release the domain” process, and I could find no references when searching on the Internet.

I didn’t think it would affect the Active Directory domain, but was hesitant to proceed.

After getting another domain name and certificate, I  ran the process on my test system, saw how it worked, then implemented it on the client system successfully.

replied 04/02/2019 19:02
Mariette Knap

No, the wizard in the Dashboard does not do anything with the local domain name. It is used for setting the domain for accessing Access Anywhere.

replied 04/05/2019 05:52
Dick Summers

Some desktops are getting security alert errors when starting Outlook (2013 and 2016). The certificate it is looking for is the mail.olddomain.com.  What could be causing this?

replied 04/06/2019 16:22
Mariette Knap

If you installed the new certificate on Exchange, you use only one public IP address and you use Application Request Routing as described in chapter 17 of Migrate Exchange Server 2010 to Exchange Server 2016 in a SBS 2003 migration scenario you also need to install that new certificate on the Windows Server Essentials 2016.

Another reason could be that the default address in Exchange is still @olddomain.com.

replied 04/07/2019 07:33
Dick Summers

Thanks for the suggestions.

The client has multiple IP addresses, one remote and another for mail.

I found the default domain address was @olddomain.com, and changed it to jsmith@newdomain.com.  I thought I had changed this early on, but apparently had not.

 

replied 04/07/2019 16:44
Dick Summers

Yes, the IT manager reported it is working as expected now.

replied 04/09/2019 18:22
Reply
Last Activity 04/09/2019 18:22

1 Answer(s)

  • Mariette Knap

    So, running the wizard on the WSE 2016 fixed the problems there and changing default domain on the Exchange server fixed that issue? If not, pls elaborate so we close this case?

    answered 04/08/2019 17:47
    Add Comment
Add an Answer