Error – “The Specified Target Common Name Of The Certificate Is Invalid” While Publishing OWA 2010 Using UAG 2010
I got an email today with a UAG error while publishing OWA 2010 without using a portal. When the user hits the OWA 2010 url, the following error is displayed. The screenshot says that it is an issue with the certificate. Regarding the UAG certificate setup, the clients using the OWA 2010 (external or internal)…
I got an email today with a UAG error while publishing OWA 2010 without using a portal.
When the user hits the OWA 2010 url, the following error is displayed.
The screenshot says that it is an issue with the certificate. Regarding the UAG certificate setup, the clients using the OWA 2010 (external or internal) should trust the UAG certificate which is exposed out to the internet. In addition to that, the UAG server should trust the certificate on the CAS server in the internal network. If you are deploying UAG according to the MS recommended way of joining it to the domain, the cert trust won’t be an issue, as the internal PKI cert will be automatically trusted by all domain joined machines including the UAG server.
In the above scenario, the UAG was part of the domain and the CAS server had a 3rd party certificate. The same certificate was used on the UAG server as well, which says that the company has split-DNS configured. No problems there.
Looking more into the trunk configured, it turns out that the internal server in the application (OWA 2010) properties is specified as the internal AD fqdn of the server (server.domain.local) which is not part of the 3rd party certificate on the CAS server. Hence the UAG server is saying that the url is not a valid one.
Changing the server name fqdn to the load balanced fqdn (mail.domain.com) as they have split-DNS solved the issue. The place to change it is in the Web Server tab of the application properties in UAG.
Great explanation Rajith!
Rajith, is it possible to receive emails by creating a policy in the TMG portion of the UAG product?
I have done so, I have created an external and internal policy in the TMG but the emails don’t come through. In other words does it function the same way as if it was the TMG only?
Thanks a lot!