Last Friday I installed a new domain controller, and everything seemed to have went smoothly. Removed the old DC and everyone can still login and stuff like that. But since I have setup the new DC there seems to be a problem with the exchange 2010 server. It keeps giving me a certificate error when I try to do a lot of things such as repair an email account, set out of office messages, and a few others.
I get this error for the mailserver.local.company name.com and autodiscover.company name.com
Was there something I was suppose to do on the Exchange Server when I changed DC?
I also noticed that when I start to get this error, I can no longer remote into the servers on the network and I have to restart my computer. I'm not sure if that is related or if I should start a new question on that.
Any help or a link to an article on this would be very appreciated.
Well, the dialog box tells you exactly what's wrong - your computer doesn't trust the certificate which it is being presented.
The reason your computer doesn't trust the certificate might be related to your old Domain Controller, but it might not. I suspect your old Domain Controller was hosting Certificate Services and was a trusted Certificate Authority for your company and it issued a certificate for Exchange services, and when you removed the old DC you removed a root or intermediate certificate in the process.
You need to look at the certificate being presented and see where in the chain the trust is broken. Like I said, I suspect a missing intermediate or root certificate issued by your old Certificate Authority on the Domain Controller you removed.
If that's the case, you can Install the Active Directory Certificate Services role on your new Domain Controller and create a new CA to replace the old one. Next, run through the Exchange certificate wizard and generate a CSR for your Exchange server. Give this to your CA on your Domain Controller, issue a certificate, import it into Exchange and assign it to Exchange services.
Alternatively, shell out a few hundred quid and get a certificate signed by a trusted authority like DigiCert and you won't have to worry about the hassle of managing your own Certificate Authority. The added bonus of this option is that if you have mobile devices using ActiveSync, they won't have to import your certificate because DigiCert's (or whoever you choose) certificate will likely already be installed on the device.