1

hello and thanks in advance, following problem: we installed a second exchange 2019 server in a network to slowly migrate mailboxes etc. as of know it is just a blank installation. after said installation clients connecting in the local network via outlook get a certificate warning containing the local fqdn of the new server since the local fqdn is not contained within the certificate.

i did some research and adjusted the Set-ClientAccessServer for the new exchange to the same autodiscover as the old one. still i get the certificate warning with the local fqdn of the new server.

so i assume somewhere in ad or whatever there is, after the isntallation now, a reference that tells outlook to connect to the new server via the local fqdn instead of the proper dns name set in the certificate. this also implies that even after switching over the same process continues and the certificate warning will still pop up.

outlook can connect fine after accepting so it pulls the right information once it reached the new exchange.

can anyone tell where i can configure that reference so that it wont try to connect to the local fqdn anymore? iv'e been searching far and wide and just cant find it...

thank you very much

all the best

max

edit: after faerys answer i set the InternalServiceUri to null, the certificate warning still pops up. before it was configured to the same as the old server. same url

now it is null: new server 0

i would have expected that after the change it either works without warning or not at all but curiously outlook still connects normally after accepting the certificat. maybe it needs time to propagate or something needs to be restarted? (i restarted iis on both servers after changing it)

max
  • 11

1 Answers1

0

The issue you're experiencing is due to the Service Connection Point (SCP) in Active Directory. During the Exchange Server setup, a new SCP is created in Active Directory (AD). An Outlook client will accidentally discover the unconfigured SCP and will try to connect to the new Exchange Server instead of the Autodiscover FQDN. This is why you're seeing a certificate warning in Outlook.

To resolve this issue, you need to configure the Autodiscover URL in Exchange with PowerShell. Here are the steps:

  1. Find the Autodiscover URL in Exchange with PowerShell.
  2. Configure the Autodiscover URL in Exchange with PowerShell.

After these steps, an Outlook client can safely discover this SCP record. Outlook will automatically connect to the correct Autodiscover URL, and therefore, the SSL Certificate warning will not appear.

If you still encounter the issue, you can try to set the AutoDiscoverServiceInternalUri to null. You can verify that the value is gone by running this command:

Get-ClientAccessServer | select Identity,AutoDiscoverServiceInternalUri.

Here are addtional articles for your reference:

https://learn.microsoft.com/en-us/exchange/architecture/client-access/assign-certificates-to-services?view=exchserver-2019

https://support.microsoft.com/en-us/topic/outlook-2016-displays-a-prompt-that-lets-you-connect-to-an-exchange-server-if-a-certificate-issue-occurs-027cfd0b-83f8-bc85-9ab1-8152f36dea80

Faery
  • 964
  • 4
  • 6