Archives for category: Exchange

When using a wildcard certificate for Exchange 2010 and Exchange 2013 you might run into an error in outlook using autodiscover that states ” the name of security certificate invalid”. To address this issue you must change the URLs by running the Exchange Shell as administrator and typing in the following.

Then run IISreset and test again.


Today I ran into an issue with an exchange 2013 server and windows XP outlook clients. When doing the Autodiscover and configure on a Windows 7 workstation, everything worked fine. No password prompts and all the appropriate sections filled in correctly. However the windows XP machines would fail to authenticate and kept prompting for a username and password. No matter which combination I used ( E-mail address, domain\username , username ) none would authenticate. After searching for a while I came across this thread

The reason was the certificates primary name was and when outlook autoconfigured the outlook over http settings it was putting in the exchange servers internal name because that was a valid SAN. Windows 7 is fine with SANs but XP is not. In resolution I opened the Exchange Shell and ran this command

Set-OutlookProvider EXPR -CertPrincipalName:””

Set-OutlookProvider -Identity EXCH -CertPrincipalName


After that everything was working perfectly for both Windows 7 and XP Users.


For Wildcards run

Set-OutlookProvider -Identity EXCH -CertPrincipalName msstd:*

Set-OutlookProvider EXPR -CertPrincipalName msstd:*



Note – The EXCH is for Internal users and EXPR is for External Users. Also Once the change was made and IISRESET was run. I got one more failed login when opening outlook. I closed and reopened again the second time without any error.

Change User Principal Name for Email Addresses

To fix E-mail authentication in situations where the domain name is and the email account is

Create a new OU named test and new user named Joe User then place him in that new OU

Open Exchange management shell and follow the below steps

1)      Get-ADServersettings

2)      Change the Recipient view root to the New OU created above

3)      Set a variable for the users

  1. Get-mailbox
  2. $users = Get-Mailbox
  3. $users | ForEach {Set-User –Identity $_.Identity –UserPrincipalName $_.WindowsEmailAddress –Whatif}
  4. If all completes successfully then remove the –WhatIf statement and run again

4)      Check their AD account properties and click on account then see if it has been changed to their email address. If so then you are safe to do it to either more OU’s or then entire forest.

5)      To change the entire forest do the following

  1. Set-ADServersettings – RecipientViewRoot “”
  2. Set-ADServersettings –ViewEntireForest $true
  3. Get-Mailbox
  4. $users = Get-Mailbox
  5. $users | ForEach {Set-User –Identity $_.Identity –UserPrincipalName $_.WindowsEmailAddress –Whatif}
  6. If all completes successfully then remove the –WhatIf statement and rerun

6)      Verify everything has been modified correctlyImageImageImage