RE: Tales of woe featuring Exchange 2007, Macs and Certs
You may be able to get a modified cert with a SAN (Subject Alternative Name) pointing to corp-exchange07.wrightbg.com so that either name would work w/o warning. From: Steve Hart [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 23, 2008 3:20 PM To: MS-Exchange Admin Issues Subject: Tales of woe featuring Exchange 2007, Macs and Certs I've just moved 10 Mac users from Exchange 2000 to Exchange 2007. They are using Apple's "Mail" to connect to email. After a morning of fiddling and reconfiguring client programs, I have them successfully moving mail. I'm left with two difficulties. The first involves a purchased cert. The cert is in the name mail.wrightbg.com, which is our "external" DNS name for the server. There is also a CNAME record set up in our internal DNS pointing "mail" to the server's real name, "corp-exchange07". I have the Macs configured to go to mail.wrightbg.com and they find the server OK, but they report a certificate error, stating that the cert is mail.wrightbg.com, but the server is corp-exchange07.wrightbg.com. The second problem that they're encountering is that when they try to send an email after being idle for a bit, the server is prompting them for a password. They can log in OK, but the extra typing is a bit much to ask. Ideas? Thanks in advance, Steve ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Tales of woe featuring Exchange 2007, Macs and Certs
I'm not a Mac person - doesn't it have an option to save passwords? As to the other issue, either assign a second IP address and separate certificate or use a "UCC Certificate" that supports multiple common names (also known as SAN - Subject Alternative Names). An inexpensive source for those are http://certificatesforexchange.com (I am not affiliated.) Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Steve Hart [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 23, 2008 6:20 PM To: MS-Exchange Admin Issues Subject: Tales of woe featuring Exchange 2007, Macs and Certs I've just moved 10 Mac users from Exchange 2000 to Exchange 2007. They are using Apple's "Mail" to connect to email. After a morning of fiddling and reconfiguring client programs, I have them successfully moving mail. I'm left with two difficulties. The first involves a purchased cert. The cert is in the name mail.wrightbg.com, which is our "external" DNS name for the server. There is also a CNAME record set up in our internal DNS pointing "mail" to the server's real name, "corp-exchange07". I have the Macs configured to go to mail.wrightbg.com and they find the server OK, but they report a certificate error, stating that the cert is mail.wrightbg.com, but the server is corp-exchange07.wrightbg.com. The second problem that they're encountering is that when they try to send an email after being idle for a bit, the server is prompting them for a password. They can log in OK, but the extra typing is a bit much to ask. Ideas? Thanks in advance, Steve ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Tales of woe featuring Exchange 2007, Macs and Certs
What happens if you create an A record for mail.wrightbg.com in the internal DNS rather than using a CNAME? From: Steve Hart [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 23, 2008 6:20 PM To: MS-Exchange Admin Issues Subject: Tales of woe featuring Exchange 2007, Macs and Certs I've just moved 10 Mac users from Exchange 2000 to Exchange 2007. They are using Apple's "Mail" to connect to email. After a morning of fiddling and reconfiguring client programs, I have them successfully moving mail. I'm left with two difficulties. The first involves a purchased cert. The cert is in the name mail.wrightbg.com, which is our "external" DNS name for the server. There is also a CNAME record set up in our internal DNS pointing "mail" to the server's real name, "corp-exchange07". I have the Macs configured to go to mail.wrightbg.com and they find the server OK, but they report a certificate error, stating that the cert is mail.wrightbg.com, but the server is corp-exchange07.wrightbg.com. The second problem that they're encountering is that when they try to send an email after being idle for a bit, the server is prompting them for a password. They can log in OK, but the extra typing is a bit much to ask. Ideas? Thanks in advance, Steve ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
