Exchange Server Forums

Certificate Errors

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [Microsoft Exchange 2007] >> Installation >> Certificate Errors

Page: [1] 2 3 next > >>

Message

<< Older Topic Newer Topic >>

Certificate Errors - 21.Dec.2009 3:19:46 PM

Gman0941

Posts: 136
Joined: 13.Oct.2004
From: Virginia
Status: offline

I have an Exchange 2007 server in a small domain. The internal domain name was in use before I got there and the users do not own the domain. So I can get the Outside cert to work wtih the correct CERT but the internal does not work because the internal domain name is not on the cert. Is there a way around this? Or do I have to change the domain name? I keep getting errors and the Office assistant does not work inside.

Post #: 1

Featured Links*

RE: Certificate Errors - 30.Dec.2009 2:20:33 AM

Gigabitz

Posts: 85
Joined: 27.May2008
Status: offline

This error is due to the misconfiguration of the web distributed services of Exchange 2007 (autodiscover, etc). It needs to be ensured that all of the internal URI's for each available service points to the CAS. If you are not using UM Role then ensure that you arent using a UM Cert or any of the verbage for the UM Cert in the IIS cert pointing to the CAS.

(in reply to Gman0941)

Post #: 2

RE: Certificate Errors - 30.Dec.2009 4:10:28 AM

Jesper Bernle

Posts: 912
Joined: 15.Oct.2007
Status: offline

You really shuld own the internal domain name otherwize you will have trouble buying a SAN certificate including the name. Obviously you can�t register a certificate for a name you don�t own. If this is your main problem I�d start thinking of correcting that issue first.

For correcting internal URLs and also configuring the domain to let Outlook to circomvent the certificate error read this:

Security warning when you start Outlook 2007 and then connect to a mailbox that is hosted on a server that is running Exchange Server 2007 or Exchange Server 2010: "The name of the security certificate is invalid or does not match the name of the site"

(in reply to Gman0941)

Post #: 3

RE: Certificate Errors - 24.Jun.2010 3:08:38 PM

rbernard

Posts: 21
Joined: 24.Jun.2010
Status: offline

Hello,

I have the same issue when I open Outlook 2007 against Exchange 2007.
I'm trying to go through the process but on the second step I get the following error in the command shell
Set-WebServicesVirtualDirectory : The operation could not be performed because
object 'HVSBS08\EWS (Default Web Site)' could not be found on domain controller
'HVSBS08.hvcpa.local'.
At line:1 char:32
+ Set-WebServicesVirtualDirectory <<<< -Identity "HVSBS08\EWS (Default Web Sit
e)" -InternalUrl https://mail.hvcpa.com/ews/exchange.asmx

Can anyone help with this?

Thanks
Rick

(in reply to Jesper Bernle)

Post #: 4

RE: Certificate Errors - 24.Jun.2010 3:14:19 PM

de.blackman

Posts: 3542
Joined: 4.Apr.2005
From: Toronto, Canada
Status: offline

How many domain controllers do you have? how many AD sites are there? How many exchange servers do you have? What roles are they running?

Please try to provide as much detail as possible when requesting assistance! It helps those who read the post get a better understanding of your environment and greatly increases time for finding a resolution!

_____________________________

Ibrahim Benna - Microsoft Exchange MVP
Forum Moderator
Navantis
@IbrahimBenna

(in reply to rbernard)

Post #: 5

RE: Certificate Errors - 24.Jun.2010 3:22:32 PM

rbernard

Posts: 21
Joined: 24.Jun.2010
Status: offline

This is a new Windows 2008 SBS box.
This is the only AD box in the domain.
The roles include AD, Cert Server, DHCP, DNS, FS, Print, IIS, Net Pol. Access, Hub Transport, UM, Client Acess.

(in reply to de.blackman)

Post #: 6

RE: Certificate Errors - 24.Jun.2010 3:26:54 PM

rbernard

Posts: 21
Joined: 24.Jun.2010
Status: offline

We just installed a 3rd party certificate for OWA this week.
OWA is up and working fine.

(in reply to de.blackman)

Post #: 7

RE: Certificate Errors - 24.Jun.2010 3:42:28 PM

de.blackman

Posts: 3542
Joined: 4.Apr.2005
From: Toronto, Canada
Status: offline

Have you tried running the same command while omitting the -Identity part so that it reads:

Set-WebServicesVirtualDirectory -InternalUrl https://mail.hvcpa.com/ews/exchange.asmx

_____________________________

Ibrahim Benna - Microsoft Exchange MVP
Forum Moderator
Navantis
@IbrahimBenna

(in reply to rbernard)

Post #: 8

RE: Certificate Errors - 24.Jun.2010 3:47:43 PM

rbernard

Posts: 21
Joined: 24.Jun.2010
Status: offline

I just tried this and it is prompting me to enter in the identity.
Should I just go with the server name only?

< Message edited by rbernard -- 24.Jun.2010 3:51:25 PM >

(in reply to de.blackman)

Post #: 9

RE: Certificate Errors - 24.Jun.2010 3:51:17 PM

de.blackman

Posts: 3542
Joined: 4.Apr.2005
From: Toronto, Canada
Status: offline

For identity, go ahead and enter "FQDN_of_Server\EWS (default web site)" and make sure it is in quotes.

_____________________________

Ibrahim Benna - Microsoft Exchange MVP
Forum Moderator
Navantis
@IbrahimBenna

(in reply to rbernard)

Post #: 10

RE: Certificate Errors - 24.Jun.2010 3:54:13 PM

rbernard

Posts: 21
Joined: 24.Jun.2010
Status: offline

I got this back

[PS] C:\Windows\System32>Set-WebServicesVirtualDirectory -InternalUrl https://ma
il.hvcpa.com/ews/exchange.asmx
cmdlet Set-WebServicesVirtualDirectory at command pipeline position 1
Supply values for the following parameters:
Identity: "HVSBS08.HVCPA.local\EWS (default web site)"
Set-WebServicesVirtualDirectory : The operation could not be performed because
object '"HVSBS08.HVCPA.local\EWS (default web site)" ' could not be found on do
main controller 'HVSBS08.hvcpa.local'.
At line:1 char:32
+ Set-WebServicesVirtualDirectory <<<< -InternalUrl https://mail.hvcpa.com/ews
/exchange.asmx

(in reply to de.blackman)

Post #: 11

RE: Certificate Errors - 25.Jun.2010 7:46:32 AM

rbernard

Posts: 21
Joined: 24.Jun.2010
Status: offline

Hello,

I have a windows 2008 SBS server with Exchange 2007.
We just installed a third party UC and OWA is working fine but we have created two issues.
1. On the local LAN users launching outlook 2007 get a certificate alert about a mismatch in the cert name.
2. Users can only open OOF from OWA. If we try to use OOF from Outlook 2007 it tells is the server is unavailable and try later.

I tried a bounch of things yesterday working with BE Blackman but we stopped at this error below and I need to fix this today if at all possible.
Here is the latest problem

I got this back

[PS] C:\Windows\System32>Set-WebServicesVirtualDirectory -InternalUrl https://ma
il.hvcpa.com/ews/exchange.asmx
cmdlet Set-WebServicesVirtualDirectory at command pipeline position 1
Supply values for the following parameters:
Identity: "HVSBS08.HVCPA.local\EWS (default web site)"
Set-WebServicesVirtualDirectory : The operation could not be performed because
object '"HVSBS08.HVCPA.local\EWS (default web site)" ' could not be found on do
main controller 'HVSBS08.hvcpa.local'.
At line:1 char:32
+ Set-WebServicesVirtualDirectory <<<< -InternalUrl https://mail.hvcpa.com/ews
/exchange.asmx

Thank you

(in reply to Gman0941)

Post #: 12

RE: Certificate Errors - 25.Jun.2010 8:19:28 AM

de.blackman

Posts: 3542
Joined: 4.Apr.2005
From: Toronto, Canada
Status: offline

Lets try running the command a different way now:

Set-WebServicesVirtualDirectory -Identity HVSBS08\EWS* -InternalURL https://mail.hvcpa.com/ews/exchange.asmx

Also Check What the value of Get-AutoDiscoverVirtualDirectory | FL command gives for the InternalURL and ExternalURL. Where was the certificate purchased from?

_____________________________

Ibrahim Benna - Microsoft Exchange MVP
Forum Moderator
Navantis
@IbrahimBenna

(in reply to rbernard)

Post #: 13

RE: Certificate Errors - 25.Jun.2010 9:06:23 AM

rbernard

Posts: 21
Joined: 24.Jun.2010
Status: offline

This command worked
We purchased teh UC from Starfield

Here is a copy of the get cert command we just ran
I noticed the External URL is blank, is this part of the problem as well?

[PS] C:\Windows\System32>Get-AutoDiscoverVirtualDirectory | FL

Name : Autodiscover (SBS Web Applications)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
BasicAuthentication : True
DigestAuthentication : False
WindowsAuthentication : True
MetabasePath : IIS://HVSBS08.hvcpa.local/W3SVC/3/ROOT/Autodisc
over
Path : C:\Program Files\Microsoft\Exchange Server\Clie
ntAccess\Autodiscover
Server : HVSBS08
InternalUrl : https://sites/Autodiscover/Autodiscover.xml
ExternalUrl :
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=Autodiscover (SBS Web Applications),CN=HTTP,
CN=Protocols,CN=HVSBS08,CN=Servers,CN=Exchange
Administrative Group (FYDIBOHF23SPDLT),CN=Admin
istrative Groups,CN=First Organization,CN=Micro
soft Exchange,CN=Services,CN=Configuration,DC=h
vcpa,DC=local
Identity : HVSBS08\Autodiscover (SBS Web Applications)
Guid : 328a41f1-a88f-4963-830a-184ed26646d6
ObjectCategory : hvcpa.local/Configuration/Schema/ms-Exch-Auto-D
iscover-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchAutoDiscove
rVirtualDirectory}
WhenChanged : 5/26/2010 1:06:50 PM
WhenCreated : 5/26/2010 1:06:50 PM
OriginatingServer : HVSBS08.hvcpa.local
IsValid : True

(in reply to de.blackman)

Post #: 14

RE: Certificate Errors - 25.Jun.2010 9:19:38 AM

de.blackman

Posts: 3542
Joined: 4.Apr.2005
From: Toronto, Canada
Status: offline

Can you confirm that the certificate is trusted all the way to the root when opening OWA? Also go ahead and complete the externalURL for the autodiscover section. I had an issue yesterday whereby OWA was working fine when connecting from anywhere internal or external (no certificate errors!) and also Outlook AnyWhere was working fine except that out of office (OOF) was not working and I was unable to downlaod the address book! It turned out that one of the root certificates from Entrust was not on my machine but I couldnt find out until I compared all Entrust trusted root certificates between my machine and the exchaneg server.

_____________________________

Ibrahim Benna - Microsoft Exchange MVP
Forum Moderator
Navantis
@IbrahimBenna

(in reply to rbernard)

Post #: 15

RE: Certificate Errors - 25.Jun.2010 9:31:48 AM

rbernard

Posts: 21
Joined: 24.Jun.2010
Status: offline

Sorry, I'm not familiar with how to verify the root cert for OWA. I know from the outside the cert looks to be ok. There is no warnings on it.
Can you direct me on how to verify this?
Can I use this same command to install the external url?

(in reply to de.blackman)

Post #: 16

RE: Certificate Errors - 25.Jun.2010 9:47:17 AM

rbernard

Posts: 21
Joined: 24.Jun.2010
Status: offline

I ran this command in the EMS without a problem but the ExternalUrl is still blank

Set-WebServicesVirtualDirectory -Identity HVSBS08\EWS* -ExternalURL https://mail.hvcpa.com/ews/exchange.asmx

(in reply to de.blackman)

Post #: 17

RE: Certificate Errors - 25.Jun.2010 9:52:37 AM

Marc.dekeyser

Posts: 225
Joined: 19.Apr.2010
Status: offline

Hi,

SInce you are running a SBS server the EWS is not listed under the Default web site but under SBS Web Applications....

Hence try running the command as following:
Set-WebServicesVirtualDirectory -Identity "HVSBS08\EWS (SBS Web Applications)" -ExternalURL https://mail.hvcpa.com/ews/exchange.asmx

_____________________________

* No rights or priviliges can be taken from my posts.
* Always make a backup!
* http://kb.geminon.be

(in reply to rbernard)

Post #: 18

RE: Certificate Errors - 25.Jun.2010 10:00:35 AM

rbernard

Posts: 21
Joined: 24.Jun.2010
Status: offline

Thanks for all your help Marc

I just ran this and this is the result.
Do I need the * after the EWS?

[PS] C:\Windows\System32>Set-WebServicesVirtualDirectory -Identity "HVSBS08\EWS
(SBS Web Applications)" -ExternalURL https://mail.hvcpa.com/ews/exchange.asmx
WARNING: The command completed successfully but no settings of 'HVSBS08\EWS
(SBS Web Applications)' have been modified.
[PS] C:\Windows\System32>Get-AutoDiscoverVirtualDirectory | FL

Name : Autodiscover (SBS Web Applications)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
BasicAuthentication : True
DigestAuthentication : False
WindowsAuthentication : True
MetabasePath : IIS://HVSBS08.hvcpa.local/W3SVC/3/ROOT/Autodisc
over
Path : C:\Program Files\Microsoft\Exchange Server\Clie
ntAccess\Autodiscover
Server : HVSBS08
InternalUrl : https://sites/Autodiscover/Autodiscover.xml
ExternalUrl :
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)

(in reply to Marc.dekeyser)

Post #: 19

RE: Certificate Errors - 25.Jun.2010 10:41:08 AM

Marc.dekeyser

Posts: 225
Joined: 19.Apr.2010
Status: offline

No, that * is not required.

If the command reports no settings have been changed this would mean it has been set properly. Your get command shows it to be empty tho... I think I'be seen an issue like this in the past, let me look up if I can find it!

In the meantime, do post what the result of a test-outlookwebservices | fl command is...

_____________________________

* No rights or priviliges can be taken from my posts.
* Always make a backup!
* http://kb.geminon.be

(in reply to rbernard)

Post #: 20