<originally posted in sbs forum, but as it is exchange having the issue, posting here> Hello, I've inherited a problem which I'm not quite sure how to fix. A customer of ours has a SBS 2008 server which was not properly setup (ie: the original tech did not run the wizards, but manually configured a bunch of the options). We are running Vipre Email Security for antivirus and antispam. We've found that the antispam isn't actually stopping spam the way it should, so contacted GFI for support. They had me run a few commands and said that there is a problem with the autodiscovery. Vipre logs: Info 3228 44 2011-07-07T22:38:26 1188995861048 [Autodiscovery] !! SSL policy error: RemoteCertificateNameMismatch Info 3228 44 2011-07-07T22:38:26 1188995917687 [Autodiscovery] !! Error: System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure. It appears there is an issue with the remote certificate. This could cause the issues you are facing with Vipre Email Security. Here's an output of test-outlookwebservices | fl (domain name changed for privacy): [PS] C:\Windows\system32>test-outlookwebservices | fl Id : 1003 Type : Information Message : About to test AutoDiscover with the e-mail address administrator@customerllc.com. Id : 1007 Type : Information Message : Testing server SERVER.customer.local with the published name https:/ /sites/EWS/Exchange.asmx & . Id : 1019 Type : Information Message : Found a valid AutoDiscover service connection point. The AutoDiscover URL on this object ishttps://sites/Autodiscover/Autodiscover.xml. Id :1005 Type : Error Message : When accessing https://sites/Autodiscover/Autodiscover.xml the error "RemoteCertificateNameMismatch:CN=customerllc.com, OU=Domain Control Validated, O=customerllc.com" was reported. Id : 1006 Type : Information Message : The Autodiscover service was contacted at https://sites/Autodiscover/ Autodiscover.xml. Id : 1016 Type : Success Message : [EXCH]-Successfully contacted the AS service at https://sites/EWS/Exc hange.asmx. The elapsed time was 329 milliseconds. Id : 1015 Type : Success Message : [EXCH]-Successfully contacted the OAB service at https://sites/EWS/Ex change.asmx. The elapsed time was 0 milliseconds. Id : 1014 Type : Success Message : [EXCH]-Successfully contacted the UM service at https://sites/Unified Messaging/Service.asmx. The elapsed time was 657 milliseconds. Id : 1016 Type : Information Message : [EXPR]-The AS is not configured for this user. Id : 1015 Type : Information Message : [EXPR]-The OAB is not configured for this user. Id : 1014 Type : Information Message : [EXPR]-The UM is not configured for this user. Id : 1017 Type : Success Message : [EXPR]-Successfully contacted the RPC/HTTP service at https://mail.customerllc.com/Rpc. The elapsed time was 584 milliseconds. Id : 1006 Type : Success Message : The Autodiscover service was tested successfully. GFI is saying the problem lies with id 1005 where an externally trusted cert isn't matching something. I've noticed that the internet connection wizard was never ran on the server, which means the cert wizard won't run. Any help would be much appreciated! Here's the get-certificate output if that's helpful: [PS] C:\Windows\system32>get-exchangecertificate | fl AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule} CertificateDomains : {SERVER.customer.local} HasPrivateKey : True IsSelfSigned : False Issuer : CN=customer-SERVER-CA NotAfter : 6/7/2012 5:54:40 PM NotBefore : 6/8/2011 5:54:40 PM PublicKeySize : 2048 RootCAType : Registry SerialNumber : 584EF805000000000009 Services : POP Status : Valid Subject : CN=SERVER.customer.local Thumbprint : DD4AA8E745F3130DB34E001EE5F48FB929C6C325 AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule} CertificateDomains : {customerllc.com, www.customerllc.com, mail.customerllc .com, autodiscover.customerllc.com, server.customerllc.c om, server.customer.local} HasPrivateKey : True IsSelfSigned : False Issuer : SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Au thority, OU=http://certificates.godaddy.com/repository, O= "GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US NotAfter : 9/21/2012 8:07:44 AM NotBefore : 9/21/2009 8:07:44 AM PublicKeySize : 2048 RootCAType : ThirdParty SerialNumber : 00B5ADF4795B0E Services : IMAP, POP, IIS, SMTP Status : Valid Subject : CN=customerllc.com, OU=Domain Control Validated, O=tradew indllc.com Thumbprint : C0A9B380B37023683BA608822026702148E6A301 AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule} CertificateDomains : {Sites, SERVER.customer.local} HasPrivateKey : True IsSelfSigned : False Issuer : CN=customer-SERVER-CA NotAfter : 8/31/2011 10:31:58 AM NotBefore : 8/31/2009 10:31:58 AM PublicKeySize : 2048 RootCAType : Registry SerialNumber : 61069387000000000002 Services : POP, IIS, SMTP Status : Valid Subject : CN=Sites Thumbprint : 40FEF6A08DF05396C8491C0C0CC33CBEC0E06247 AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule} CertificateDomains : {customer-SERVER-CA} HasPrivateKey : True IsSelfSigned : True Issuer : CN=customer-SERVER-CA NotAfter : 8/31/2014 10:41:15 AM NotBefore : 8/31/2009 10:31:16 AM PublicKeySize : 2048 RootCAType : Registry SerialNumber : 04C5F07EC998988B434183A0E69A3F40 Services : None Status : Valid Subject : CN=customer-SERVER-CA Thumbprint : 4A349C81DE68D2E83A10A473E0F4DDC465EF30A1 AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule} CertificateDomains : {WMSvc-WIN-GP4LAC309SP} HasPrivateKey : True IsSelfSigned : True Issuer : CN=WMSvc-WIN-GP4LAC309SP NotAfter : 8/22/2019 10:32:26 PM NotBefore : 8/24/2009 10:32:26 PM PublicKeySize : 2048 RootCAType : Registry SerialNumber : 90846D8CE7DB9A8644FD7A5B05F02F76 Services : None Status : Valid Subject : CN=WMSvc-WIN-GP4LAC309SP Thumbprint : 4B0824259DF18799E453AE16EAF2DE5FDCFA2B22 Thanks! Joe

Hi Joe, Per your description, you are using the software Vipre Email Security for antivirus and antispam. I do not know how the software configure on the SBS server. And in my opinion, the email security for antivirus and antispam has no related with the autodiscover service for the exchange server. Per the information you get, the error show that the CERT has no proper name for the sites contained in the autodiscover url, and it is totally noe affect the other software. You also could run the EXBPA to get some information. Above all, it is a cert issue, you could refer to below information: http://technet.microsoft.com/en-us/library/bb851505(EXCHG.80).aspx Regards! Gavin TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

I can only guess that the vipre product is trying to use autodiscover for some reason. Autodiscover is on the "Sites" site. I have seen that more than once. There are some questions on this very forum about it as well. Running the wizards to configure the server may well resolve some of the issues, as would the Fix My Network wizard. The server basically needs a complete overhaul. You may also want to install the SBS BPA on to the server, and see what that flags. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.