Exchange server 2010 Sp3 CU2
Issue : Outlook users are getting message when starting outlook "There is a problem with the Proxy servers certificate The name on the security certificate is invalid or does not match the name of the target site "error 10""
There is a problem with the Proxy servers certificate The name on the security certificate is invalid or does not match the name of the target site "error 10"
Resolution : From the services console, Check the "MS Exchange RPC Client Access", if it is stopped, Set it to Start
2. Repair Outlook Profile or create a new Profile for Outlook
3. Check the EXPR value from shell
Get-OutlookProvider | FL
to set the value if you found Empty, then value using set-outlookprovider
What and why we run the Set-OutlookProvider
The OutlookProvider is the simple "RPC over HTTP" and so what it means that "RPC over HTTP" protocol allows Outlook Mapi clients to connect Exchange server using HTTP or most of the time when Internal users are connected from home or from Outside LAN connected through Internet so another words MAPI packets are encapsulated into HTTP and the cmdlet Set-OutlookProvider allows modifying related settings. As we can see in the table below, the parameters Server and CertPrincName only apply to Outlook EXPR provider - Outlook Anywhere clients. By default both values are set to $null.
the syntex for Outlook Provider is
Set-outlookProvider EXPR -CertPrincipalName msstd:*.domain.com -Server mail.domain.com
where msstd stands for Microsoft Standard Format and in code and it is only there to increase security by telling Outlook to only connect to the server is the "Subject Name" and "Principal Name" mentioned in the Certificate and if you have wildcard certificate, autodiscover will not set msstd value automatically for you and you need to set the value by running the command
Set-Outlookprovider EXPR -CertPrincipalName msstd:*.domain.com
how to find value for OutlookProvider MSSTD and "CertPrincipalName"
If the setup was working then you can go to the Outlook > Tools > Settings > Email > properties of the Email > More settings > Connection > "Exchange Proxy Settings"
"Use this URL to connect to my proxy server for Exchange" value goes into "Server"
and Under "Connect using SSL only" option "Only connect to Proxy servers that have this Principal Name in their Certificate" value goes to "CertPrincipalName" and value should correctSubjectName.domainname.com
So considering the same example for few options
Set-outlookProvider EXPR -CertPrincipalName msstd:Subjectname.domain.com -Server mail.domain.com
set connection to the server without looking at the Certificate value
Set-outlookProvider EXPR -CertPrincipalName $null -Server mail.domain.com will
On Fast networks, connect using HTTP then connect using TCP/IP (always HTTP)
set-OutlookProvider EXPR -OutlookProviderFlags:ServerExclusiveConnect
On Slow Networks, Connect using HTTP first, User TCP/IP first then HTTP (default):