I was recently involved in an Exchange 2013 to 2019 migration where the client had a KEMP load balancer providing load balancing services for the Exchange services. The KEMP configuration was handled by another engineer and all the internal and Test Remote Connectivity tests appeared to be in good working order after the configuration but then users started noticing certificate warnings on their smartphones:
iPhones:
Connection Warning
Your mail server certificate is invalid.
Would you like to log in anyways?
Androids:
Certificate not secure
The certificate isn’t from a trusted authority.
If you continue with this certificate, your emails and account may be at risk.
I was reluctant to reach out to the engineer who configured the KEMP load balancer since it was a weekend and I had a hunch that perhaps the intermediate certificate wasn’t installed so I logged on to the load balancer to check the configuration. The KEMP interface is much simpler than the Citrix NetScalers I’m used to and I immediately located the menu for Intermediate Certificates confirming that intermediate issuing certificate was not installed:
Proceeding to install the certificate onto the KEMP load balancer corrected the issue.