SBS 2008, Exchange 2007, Certificate error


there's an sbs2008&exchange2007, client is Outlook2010

It's all running with a subdomain (ex.

so the "sites" are reachable under

the certificate is selfsigned.

Active Sync with mobile devices is working. autodiscover is working. is working (without certificate issues)

only Problem is a PopUp when starting Outlook2010 -> the third point is a red Cross:

It simplified says "Sites" is not… Any ideas? (I think i have to change Sites to, but i dont know where)

(In Exchange, internal and external url is

Thanks alot!


This is not a problem of autodiscover. In "debug"mode from Outlook, i've found this:

same for EwsUrl, OOFUrl and UMUrl

where can i change this "sites" to


to change the EWS:

[PS] C:\Windows\system32>Set-WebServicesVirtualDirectory -Identity "EWS (SBS Web Applications)" -InternalUrl:
[PS] C:\Windows\system32>Set-WebServicesVirtualDirectory -Identity "EWS (SBS Web Applications)" -ExternalUrl:


also important:

[PS] C:\Windows\system32>Set-AutodiscoverVirtualDirectory -Identity "SERVER\Autodiscover (SBS Web Applications)" -ExternalUrl:
[PS] C:\Windows\system32>Set-AutodiscoverVirtualDirectory -Identity "SERVER\Autodiscover (SBS Web Applications)" -InternalUrl:


as hint: may be dns takes more than 24-48h for beeing updated in every client

Best Answer

Did you also modify the autodiscover settings? Outlook makes extensive use of Autodiscover, if that is not configured correctly you get those warnings when starting Outlook. Microsoft has a Knowledge-Base article concerning this issue. Also, if your internal Domain is different from your external Domain you might need to add the external Domain zone to your internal DNS server with internal IPs so the certificate you created is valid for internal and external clients.

To check the autodiscover settings use the DNS Manager. Goto Forward-Lookupzones select your (local) domain, select _tcp there. You should have an SRV-Record (Service Location) in there called _autodiscover. In properties under host it should have a hostname that is in the certificate ( on SBS i think by default), if that is not the case Outlook will complain about that by telling you that there is a problem with your certificate, if you set it to you should be fine and the certificate-warnings should disappear. For clients pre Outlook 2007 SP1 SRV-records are not used, instead they would use in your case, which should be in the certificate.

To modify the URLs you pointed out you can use two Powershell cmdlets from Exchange Management Shell:

Set-WebServicesVirtualDirectory -Identity "EWS (SBS Web Applications)" -InternalUrl:
Set-UmVirtualDirectory -Identity "UnifiedMessaging (SBS Web Applications)" -InternalUrl:

The identities should be correct for SBS 2008 default settings, but you should check that it really is in your case. The Set-WebServicesVirtualDirectory cmdlet will take care of EwsUrl and OOFUrl.

Related Topic