Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Outlook Anywhere Cert Problems
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Outlook Anywhere Cert Problems - 9.Feb.2007 4:55:56 PM
|
|
|
AlexPyle
Posts: 32
Joined: 15.Sep.2005
Status: offline
|
I purchased a SSL Cert from RapidSSL for the server rather than deal with the issues of self certing.
OWA works fine.
I turned on Outlook Anywhere but I'm getting event ID 12014:
Microsoft Exchange couldn't find a certificate that contains the domain name server.domain.local in the personal store on the local computer. Therefore, it is unable to offer the STARTTLS SMTP verb for any connector with a FQDN parameter of server.domain.local. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for every connector FQDN.
And event id 12013:
Microsoft Exchange couldnΓÇÖt find a certificate with a thumbprint of 16107BAF190F1A8C493F4D2318B728A4FE668691 in the personal store on the local computer. This certificate was configured for authentication with other Exchange servers. Mail flow to other Exchange servers will be affected by this error. If the certificate with this thumbprint still exists in the personal store, run Enable-ExchangeCertificate 16107BAF190F1A8C493F4D2318B728A4FE668691 ΓÇôservices SMTP to resolve the issue. If the certificate doesnΓÇÖt exist in the personal store, restore it from backup by using the Import-ExchangeCertificate cmdlet, or create a new certificate for the FQDN or the server enabled for SMTP by using New- ExchangeCertificate ΓÇôdomainname serverfqdn ΓÇôservices SMTP.
Any ideas?
|
|
|
|
|
RE: Outlook Anywhere Cert Problems - 9.Feb.2007 9:03:08 PM
|
|
|
t0ta11ed
Posts: 288
Joined: 2.Feb.2007
From: Mars
Status: offline
|
I've had the same error since I removed the installed cert and replaced it with our own from RapidSSL as well. I haven't addressed it since my server isn't in production yet. I'm assuming all of your connectors are using the FQDN the cert is configured for. So are mine, so in that case it's a matter of the cert being in the "personal store", which I've never heard of in relation to a certificate. I don't get the 12013 event. I did attempt to run the cmdlets referred to in the Post-Install page at first though, but ran into errors. After that I turned around and did it using IIS..and things like OWA,etc. are using the cert just fine.Did you remove the original cert as well? That is probably our problem if so.
|
|
|
|
|
RE: Outlook Anywhere Cert Problems - 10.Feb.2007 10:18:13 PM
|
|
|
Henrik Walther
Posts: 6928
Joined: 21.Nov.2002
From: Copenhagen, Denmark
Status: offline
|
By default the Hub Transport server uses TLS (secure SMTP) to communicate with other Hub Transport servers in the organization. In order to use TLS a certificate is required, and the Hub Transport server uses a self-signed certificate for TLS communication. If you remove this certifcate you'll get this error.
The reason why mail flow still works is because Hub Transport servers will fall back to a less secure SMTP comminication method (anonymous in this case).
_____________________________
HTH
Henrik Walther
Lead Moderator/author
MSExchange.org
Follow me on Twitter!
|
|
|
|
|
RE: Outlook Anywhere Cert Problems - 11.Feb.2007 2:41:51 AM
|
|
|
t0ta11ed
Posts: 288
Joined: 2.Feb.2007
From: Mars
Status: offline
|
Is there anyway to restore the self signed cert?
|
|
|
|
|
RE: Outlook Anywhere Cert Problems - 11.Feb.2007 2:59:09 AM
|
|
|
Henrik Walther
Posts: 6928
Joined: 21.Nov.2002
From: Copenhagen, Denmark
Status: offline
|
Well it's actually simple to create a new one, you just use the New-ExchangeCertificate cmdlet.
For steps see:
http://technet.microsoft.com/en-us/library/72048bc1-6d01-4279-8d21-4282b86b522c.aspx
But when that's said the default self-signed certificate should still be in the local store, although you removed it in the IIS Manager. So you should still be able assign it to a web site in the IIS Manager.
_____________________________
HTH
Henrik Walther
Lead Moderator/author
MSExchange.org
Follow me on Twitter!
|
|
|
|
|
RE: Outlook Anywhere Cert Problems - 11.Feb.2007 1:33:30 PM
|
|
|
t0ta11ed
Posts: 288
Joined: 2.Feb.2007
From: Mars
Status: offline
|
I ran the Get-ExchangeCertificate cmdlet, but it didn't fully display the services using the listed certs. It outputs two certs, one for mail.kobie.com and one for the server name, MX1. One is using service "...w" and the other shows "...SIP". Using the | format-list switch, I can see more info but services aren't listed. Blah. This output shows both the self-signed and the installed cert however.
I know the cert I installed is working on OWA, but in order to address the mentioned TLS issue I need to either:
A) Restore the original one so it works with TLS or
B) Get TLS to use the one I installed.
When I attempted to do Import-ExchangeCertificate on the one I installed, it of course said one with that thumbprint already exists.
That being said though, this is the only Exchange server in the organization and it will not be communicating with any other Hub Transports in the organization.However, if it is showing both certificates in use I'm not sure why I'm getting this error in the event log:
Event Type: Error
Event Source: MSExchangeTransport
Event Category: TransportService
Event ID: 12014
Date: 2/11/2007
Time: 2:17:32 PM
User: N/A
Computer: MX1
Description:
Microsoft Exchange couldn't find a certificate that contains the domain name mail.kobie.com in the personal store on the local computer. Therefore, it is unable to offer the STARTTLS SMTP verb for any connector with a FQDN parameter of mail.kobie.com. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for every connector FQDN.
Update:
Using Enable-ExchangeCertificate -Path c:/your.cert -Serivice SMTP, it would appear that Exchange has accepted this after entering the thumbprint. I haven't seen the event in the logs for the last three hours.
< Message edited by t0ta11ed -- 11.Feb.2007 5:49:23 PM >
|
|
|
|
|
RE: Outlook Anywhere Cert Problems - 12.Feb.2007 3:39:38 PM
|
|
|
AlexPyle
Posts: 32
Joined: 15.Sep.2005
Status: offline
|
So you were able to use your new self Cert or another cert for this problem (i.e. a 3rd party cert)?
|
|
|
|
|
RE: Outlook Anywhere Cert Problems - 12.Feb.2007 4:12:02 PM
|
|
|
t0ta11ed
Posts: 288
Joined: 2.Feb.2007
From: Mars
Status: offline
|
Using the Enable-ExchangeCertficate command, I was able to use my RapidSSL cert for the SMTP service. This cleared up the event error I was recieving. You should be able to run the same command for yours and apply it to the services you want.
Once this is done you can verify by telnetting to the server and sending the ehlo command. The response should include STARTTLS in the list.
< Message edited by t0ta11ed -- 13.Feb.2007 11:29:35 PM >
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
