Monday, February 14, 2011

"The name of the security certificate is invalid or does not match the name of the site" when check Free/Busy calendar availability or OOF message

OOF and Free/Busy calendar availability depends on Autodiscovery Service.

First of all to get this availability for Outlook anywhere the /Autodiscover folder should be published form ISA server , and configuring the External URL in CAS servers.

Enable-OutlookAnywhere -Server CAS01 -ExternalHostname "" -ExternalAuthenticationMethod "Basic" -SSLOffloading:$False

Set-OABVirtualDirectory -identity "CAS01\OAB (Default Web Site)" -externalurl -RequireSSL:$true

Set-WebServicesVirtualDirectory -identity "CAS01\EWS (Default Web Site)" -externalurl -BasicAuthentication:$True

The access to this service could be trough URL's: or

1.Case with a certificate with only one name
1.1 You should update the Autodiscover URL in the AD object  SCP(Service Connection Point) and the Internal URL to avoid this message in Outlook Client:

"The name of the security certificate is invalid or does not match the name of the site"

Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUri

Set-WebServicesVirtualDirectory -Identity "CAS_Server_Name\EWS (Default Web Site)" -InternalUrl

Set-OABVirtualDirectory -Identity "CAS_Server_name\oab (Default Web Site)" -InternalUrl

Open IIS Manager.
Expand the local computer, and then expand Application Pools.
Right-click MSExchangeAutodiscoverAppPool, and then click Recycle.

1.2  Beside this change we shoud modify the external DNS entry (SRV records should be supported by the DNS server)
Create the SRV record Autodiscover in the external DNS zone
In the external zone DNS , delete any  record HOST(A) or CNAME for Autodiscover
Service: _autodiscover
Protocol: _tcp
Port Number: 443
The Autodiscover Service do the following when the client will try to contact:
Autodiscover posts to This fails.
Autodiscover posts to This fails.
Autodiscover performs the following redirect check:
This fails.
Autodiscover usa DNS SRV lookup para, and then "" is returned.
Outlook asks permission from the user to continue with Autodiscover to post to
Autodiscover's POST request is successfully posted to

2. Case certificate with SAN (subject Alternative Name) with the names : y

This is the recommended case and easier to the configuration
For further information, please see the links below:


No comments:

Post a Comment

Note: Only a member of this blog may post a comment.