Outlook security alert - the name is invalid..., where find it?
Hi,
I'm receiving Security Alert every time when start Outlook 2007 (office.mail.com!!! (external owa) - it's strange, maybe should be internal Exchange server). The name on the security certificate is invalid or... View Certificate shows me
Issued to: IOS-Self-Signed-Certificate-193382
Issued by: IOS-Self-Signed-Certificate-193382
Valid from 12/05/2009 to 01/01/2020
OK. I know that the problem is incorrect certificate, because name of my Exchange Server - Exchange, and Owa's name - office.mail.com
But where I can find this certificate for delete or replace?
PDC (Server 2008) -> mmc -> certificates: Can't find IOS-Self-...
Exchange 2010 -> mmc -> certificates: Can't find IOS-Self-...
Exchange Power Shell - Get-ExchangeCertificate | fl Can't find IOS-Self-...
Exchange Management Console -> Server Configuration -> Exchange certificates Can't find IOS-Self-...
Exchange IIS Site Bindings (7.0) - Can't find IOS-Self-...
In DNS I've replaced old autodiscover Host A to SRV record _autodiscover to internal Exchange server
Thanks
July 5th, 2010 1:59am
You need to replace the self-signed cert with one from your internal CA or preferrably from a public CA. Here are some links to guide you through the process (this assumes Exchange 2010)...
http://www.digicert.com/csr-creation-microsoft-exchange-2010.htm
http://www.digicert.com/ssl-certificate-installation-microsoft-exchange-2010.htm
For Exchange 2007...
http://technet.microsoft.com/en-us/library/bb851505(EXCHG.80).aspx
Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
July 5th, 2010 2:09am
Thanks for reply.
I have created some Exchange and Domain certificates before, it's not too difficult. For me is really interesting where is this IOS-Self- from and where I can find it.
Thanks again any for suggestions.
July 5th, 2010 6:09am
The self-signed cert gets created by Exchanged during the installation and is only used by Exchange. Just created to get you going. Always should replace it with internal or public before going into production.Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
July 5th, 2010 6:58am
Ok. So I should just to create another self-Signed Certificate for my Exchange or Buy SSL Certificate, then put it to Exchange and implement via GPO.
Many thanks
July 5th, 2010 7:18am
Hi Tim,
It was my fail to close the ticket so quickly. The wrong certificate still exists, even after recreation and reassign new one.
REMARK: I've tried to implement multiply SSL certificates for local mail Exchange+Outlook and external OWA Outlook+Browser. Everything was taken from
Configure Outlook Anywhere to Use Multiple SSL Certificates
So, internal Outlook connection to Exchange OK. OWA internal shows certificate error, but works (perhaps GPO certificate distribution delay).
But Test-OutlookWebServices -ClientAccessServer exchangesrv2 still shows annoying certificate:
[PS] C:\Users\administrator.mydomain\Desktop>Test-OutlookWebServices -ClientAccessServer exchangesrv2
Creating a new session for implicit remoting of "Test-OutlookWebServices" command...
[PS] C:\Users\administrator.mydomain\Desktop>Test-OutlookWebServices -ClientAccessServer exchangesrv2
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1019
Type : Information
Message : A valid Autodiscover service connection point was found. The Autodiscover URL on this object is https://of fice.externalserver.com/autodiscover/autodiscover.xml.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1004
Type : Error
Message : The certificate for the URL https://office.externalserver.com/autodiscover/autodiscover.xml is incorrect.
For SSL to work, the certificate needs to have a subject of office.externalserver.com, instead the subjectfound is
IOS-Self-Signed-Certificate-1933852417
. Consider correcting service discovery, or installing a correct SSL certificate.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://office.externalserver.com/autodiscover/autodiscover.xml received the error The remote server returned an error: (404) Not Found.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1023
Type : Error
Message : The Autodiscover service couldn't be contacted.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://EXCHANGESRV2.domain.local:443/autodiscover/autodiscover.xml received the error The underlying connection was closed: An unexpected error occurred on a send.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://EXCHANGESRV2.domain.local:443/autodiscover/autodiscover.xml received the error Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://EXCHANGESRV2.domain.local:443/autodiscover/autodiscover.xml received the error Anexisting connection was forcibly closed by the remote host
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1123
Type : Error
Message : The Autodiscover service couldn't be contacted.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://exchangesrv2.domain.local/EWS/Exchange.asmx received the error The underlying connection was closed: An unexpected error occurred on a send.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://exchangesrv2.domain.local/EWS/Exchange.asmx received the error Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://exchangesrv2.domain.local/EWS/Exchange.asmx received the error An existing connection was forcibly closed by the remote host
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1025
Type : Error
Message : [EXCH] Error contacting the AS service at https://exchangesrv2.domain.local/EWS/Exchange.asmx. Elapsed time was 0 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://exchangesrv2.domain.local/EWS/Exchange.asmx received the error The underlying connection was closed: An unexpected error occurred on a send.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://exchangesrv2.domain.local/EWS/Exchange.asmx received the error Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://exchangesrv2.domain.local/EWS/Exchange.asmx received the error An existing connection was forcibly closed by the remote host
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1027
Type : Error
Message : [EXCH] Error contacting the UM service at https://exchangesrv2.domain.local/EWS/Exchange.asmx. Elapsed time was 0 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://office.externalserver.com/ews/exchange.asmx received the error The request failedwith HTTP status 404: Not Found.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1025
Type : Error
Message : [EXPR] Error contacting the AS service at https://office.externalserver.com/ews/exchange.asmx. Elapsed time was 562 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://office.externalserver.com/ews/exchange.asmx received the error The remote server returned an error: (404) Not Found.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1027
Type : Error
Message : [EXPR] Error contacting the UM service at https://office.externalserver.com/ews/exchange.asmx. Elapsed time was 562 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/ews/exchange.asmx received the error The underlying connection was closed: An unexpected error occurred on a send.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/ews/exchange.asmx received the error Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/ews/exchange.asmx received the error An existing connection was forcibly closed by the remote host
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1125
Type : Error
Message : [Server] Error contacting the AS service at https://exchangesrv2.domain.local/ews/exchange.asmx. Elapsedtime was 0 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/ews/exchange.asmx received the error The underlying connection was closed: An unexpected error occurred on a send.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/ews/exchange.asmx received the error Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/ews/exchange.asmx received the error An existing connection was forcibly closed by the remote host
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1127
Type : Error
Message : [Server] Error contacting the UM service at https://exchangesrv2.domain.local/ews/exchange.asmx. Elapsedtime was 0 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://office.externalserver.com/rpc received the error The remote server returned an error: (404) Not Found.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1029
Type : Error
Message : [EXPR] Error contacting the RPC/HTTP service at https://office.externalserver.com/rpc. Elapsed time was 578 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/rpc received the error The underlying connection was closed: An unexpected error occurred on a send.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/rpc received the error Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/rpc received the error An existing connection was forcibly closed by the remote host
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1129
Type : Error
Message : [EXPR] Error contacting the RPC/HTTP service at https://exchangesrv2.domain.local/rpc. Elapsed time was 0milliseconds.
Thanks
Free Windows Admin Tool Kit Click here and download it now
July 7th, 2010 4:08am
Use Disable-ExchangeCertificate and Enable-ExchangeCertificate to replace the self-signed certificate with the valid one.
--
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
.
"vyan024" wrote in message
news:976097ea-c17f-4322-8127-59c9c1760a50...
Hi Tim,
It was my fail to close the ticket so quickly. The wrong certificate still exists, even after recreation and reassign new one.
REMARK: I've tried to implement multiply SSL certificates for local mail Exchange+Outlook and external OWA Outlook+Browser. Everything was taken from
Configure Outlook Anywhere to Use Multiple SSL Certificates
So, internal Outlook connection to Exchange OK. OWA internal shows certificate error, but works (perhaps GPO certificate distribution delay).
But Test-OutlookWebServices -ClientAccessServer exchangesrv2 still shows annoying certificate:
[PS] C:\Users\administrator.domain\Desktop>Test-OutlookWebServices -ClientAccessServer exchangesrv2
Creating a new session for implicit remoting of "Test-OutlookWebServices" command...
[PS] C:\Users\administrator.JERICHO\Desktop>Test-OutlookWebServices -ClientAccessServer exchangesrv2
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1019
Type : Information
Message : A valid Autodiscover service connection point was found. The Autodiscover URL on this object is https://of fice.externalserver.com/autodiscover/autodiscover.xml.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1004
Type : Error
Message : The certificate for the URL https://office.externalserver.com/autodiscover/autodiscover.xml is incorrect.
For SSL to work, the certificate needs to have a subject of office.externalserver.com, instead the subjectfound is
IOS-Self-Signed-Certificate-1933852417
. Consider correcting service discovery, or installing a correct SSL certificate.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://office.externalserver.com/autodiscover/autodiscover.xml received the error The remote server returned an error: (404) Not Found.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1023
Type : Error
Message : The Autodiscover service couldn't be contacted.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://EXCHANGESRV2.domain.local:443/autodiscover/autodiscover.xml received the error The underlying connection was closed: An unexpected error occurred on a send.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://EXCHANGESRV2.domain.local:443/autodiscover/autodiscover.xml received the error Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://EXCHANGESRV2.domain.local:443/autodiscover/autodiscover.xml received the error Anexisting connection was forcibly closed by the remote host
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1123
Type : Error
Message : The Autodiscover service couldn't be contacted.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://exchangesrv2.domain.local/EWS/Exchange.asmx received the error The underlying connection was closed: An unexpected error occurred on a send.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://exchangesrv2.domain.local/EWS/Exchange.asmx received the error Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://exchangesrv2.domain.local/EWS/Exchange.asmx received the error An existing connection was forcibly closed by the remote host
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1025
Type : Error
Message : [EXCH] Error contacting the AS service at https://exchangesrv2.domain.local/EWS/Exchange.asmx. Elapsed time was 0 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://exchangesrv2.domain.local/EWS/Exchange.asmx received the error The underlying connection was closed: An unexpected error occurred on a send.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://exchangesrv2.domain.local/EWS/Exchange.asmx received the error Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://exchangesrv2.domain.local/EWS/Exchange.asmx received the error An existing connection was forcibly closed by the remote host
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1027
Type : Error
Message : [EXCH] Error contacting the UM service at https://exchangesrv2.domain.local/EWS/Exchange.asmx. Elapsed time was 0 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://office.externalserver.com/ews/exchange.asmx received the error The request failedwith HTTP status 404: Not Found.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1025
Type : Error
Message : [EXPR] Error contacting the AS service at https://office.externalserver.com/ews/exchange.asmx. Elapsed time was 562 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://office.externalserver.com/ews/exchange.asmx received the error The remote server returned an error: (404) Not Found.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1027
Type : Error
Message : [EXPR] Error contacting the UM service at https://office.externalserver.com/ews/exchange.asmx. Elapsed time was 562 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/ews/exchange.asmx received the error The underlying connection was closed: An unexpected error occurred on a send.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/ews/exchange.asmx received the error Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/ews/exchange.asmx received the error An existing connection was forcibly closed by the remote host
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1125
Type : Error
Message : [Server] Error contacting the AS service at https://exchangesrv2.domain.local/ews/exchange.asmx. Elapsedtime was 0 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/ews/exchange.asmx received the error The underlying connection was closed: An unexpected error occurred on a send.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/ews/exchange.asmx received the error Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/ews/exchange.asmx received the error An existing connection was forcibly closed by the remote host
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1127
Type : Error
Message : [Server] Error contacting the UM service at https://exchangesrv2.domain.local/ews/exchange.asmx. Elapsedtime was 0 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://office.externalserver.com/rpc received the error The remote server returned an error: (404) Not Found.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1029
Type : Error
Message : [EXPR] Error contacting the RPC/HTTP service at https://office.externalserver.com/rpc. Elapsed time was 578 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/rpc received the error The underlying connection was closed: An unexpected error occurred on a send.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/rpc received the error Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/rpc received the error An existing connection was forcibly closed by the remote host
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1129
Type : Error
Message : [EXPR] Error contacting the RPC/HTTP service at https://exchangesrv2.domain.local/rpc. Elapsed time was 0milliseconds.
Thanks
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
July 7th, 2010 6:44am
Hi Ed,
Thanks for reply.
Not sure about Disable-ExchangeCertificate
The term 'Disable-ExchangeCertificate' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try
again.
At line:1 char:28
+ Disable-ExchangeCertificate <<<<
+ CategoryInfo : ObjectNotFound: (Disable-ExchangeCertificate:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
Get-ExchangeCertificate
Thumbprint Services Subject
---------- -------- -------
B74247D60812930AE630F1A77BE3CAC669F***** IP.WS. CN=exchange
6A3C16AC3497C2077595D81BF52786121FC***** ...WS. CN=*.externaldomain.com, OU=Domain Control Validated - RapidSSL
The properties of bad certificate shows
Thumbprint de bc a8 bc 44 79 ca 95 d9 3b 3b f4 6e 75 0a c7 2e ** ** **
[PS] C:\Windows\system32>Get-ExchangeCertificate -Thumbprint DEBCA8BC4479CA95D93B3BF46E750AC72E******
The certificate with thumbprint DEBCA8BC4479CA95D93B3BF46E750AC72E****** was not found.
+ CategoryInfo : NotSpecified: (:) [Get-ExchangeCertificate], InvalidOperationException
+ FullyQualifiedErrorId : 782F9DD3,Microsoft.Exchange.Management.SystemConfigurationTasks.GetExchangeCertificate
[PS] C:\Windows\system32>Disable-ExchangeCertificate -Thumbprint DEBCA8BC4479CA95D93B3BF46E750AC72E******
The term 'Disable-ExchangeCertificate' is not recognized as the name of a cmdlet, function, script file, or operable pr
ogram. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:28
+ Disable-ExchangeCertificate <<<< -Thumbprint DEBCA8BC4479CA95D93B3BF46E750AC72E******
+ CategoryInfo : ObjectNotFound: (Disable-ExchangeCertificate:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
And [PS] C:\Windows\system32>Remove-ExchangeCertificate -Thumbprint DEBCA8BC4479CA95D93B3BF46E750AC72E******
Confirm
Are you sure you want to perform this action?
Remove certificate with thumbprint DEBCA8BC4479CA95D93B3BF46E750AC72E****** from the computer's certificate store?
[Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): Y
The certificate with thumbprint DEBCA8BC4479CA95D93B3BF46E750AC72E****** was not found.
+ CategoryInfo : ObjectNotFound: (:) [Remove-ExchangeCertificate], InvalidOperationException
+ FullyQualifiedErrorId : 782F9DD3,Microsoft.Exchange.Management.SystemConfigurationTasks.RemoveExchangeCertificate
Any suggestions?
Free Windows Admin Tool Kit Click here and download it now
July 8th, 2010 12:27am
Sorry, it's Remove-ExchangeCertificate.
Where do you get the "bad certificate" from? If it doesn't show up in Get-ExchangeCertificate, then Exchange shouldn't know about it.
--
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
.
"vyan024" wrote in message
news:ddf235b1-f3ec-43dd-acd3-f5773d4e011f...
Hi Ed,
Thanks for reply.
Not sure about Disable-ExchangeCertificate
The term 'Disable-ExchangeCertificate' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try
again.
At line:1 char:28
+ Disable-ExchangeCertificate <<<<
+ CategoryInfo : ObjectNotFound: (Disable-ExchangeCertificate:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
Get-ExchangeCertificate
Thumbprint Services Subject
---------- -------- -------
B74247D60812930AE630F1A77BE3CAC669F***** IP.WS. CN=exchange
6A3C16AC3497C2077595D81BF52786121FC***** ...WS. CN=*.externaldomain.com, OU=Domain Control Validated - RapidSSL
The properties of bad certificate shows
Thumbprint de bc a8 bc 44 79 ca 95 d9 3b 3b f4 6e 75 0a c7 2e ** ** **
[PS] C:\Windows\system32>Get-ExchangeCertificate -Thumbprint DEBCA8BC4479CA95D93B3BF46E750AC72E******
The certificate with thumbprint DEBCA8BC4479CA95D93B3BF46E750AC72E****** was not found.
+ CategoryInfo : NotSpecified: (:) [Get-ExchangeCertificate], InvalidOperationException
+ FullyQualifiedErrorId : 782F9DD3,Microsoft.Exchange.Management.SystemConfigurationTasks.GetExchangeCertificate
[PS] C:\Windows\system32>Disable-ExchangeCertificate -Thumbprint DEBCA8BC4479CA95D93B3BF46E750AC72E******
The term 'Disable-ExchangeCertificate' is not recognized as the name of a cmdlet, function, script file, or operable pr
ogram. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:28
+ Disable-ExchangeCertificate <<<< -Thumbprint DEBCA8BC4479CA95D93B3BF46E750AC72E******
+ CategoryInfo : ObjectNotFound: (Disable-ExchangeCertificate:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
And [PS] C:\Windows\system32>Remove-ExchangeCertificate -Thumbprint DEBCA8BC4479CA95D93B3BF46E750AC72E******
Confirm
Are you sure you want to perform this action?
Remove certificate with thumbprint DEBCA8BC4479CA95D93B3BF46E750AC72E****** from the computer's certificate store?
[Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): Y
The certificate with thumbprint DEBCA8BC4479CA95D93B3BF46E750AC72E****** was not found.
+ CategoryInfo : ObjectNotFound: (:) [Remove-ExchangeCertificate], InvalidOperationException
+ FullyQualifiedErrorId : 782F9DD3,Microsoft.Exchange.Management.SystemConfigurationTasks.RemoveExchangeCertificate
Any suggestions?
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
July 8th, 2010 8:04am
Hi Ed,
That's right Exchange shouldn't use wrong certificate, because it isn't in the list of certificates :(
Another few facts: wrong certificate appears with every time when Outlook is starting and I'm unable to View Certificate (button unclickable), also header of cert. - office.externaldomain.com??? But internal OWA use correct certificate issued by Exchangesrv2
(one from Exchange list).
External OWA use correct certificate too (*.externaldomain.com), but with 500 - Internal server error. External HTTP\HTTPS Outlook connection unable, because it's error 500.
Free Windows Admin Tool Kit Click here and download it now
July 9th, 2010 1:17am
How is IIS configured?
--
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
.
"vyan024" wrote in message
news:b933a0ab-2b45-4311-a0de-ad5013e1a32a...
Hi Ed,
That's right Exchange shouldn't use wrong certificate, because it isn't in the list of certificates :(
Another few facts: wrong certificate appears with every time when Outlook is starting and I'm unable to View Certificate (button unclickable), also header of cert. - office.externaldomain.com??? But internal OWA use correct certificate issued by Exchangesrv2
(one from Exchange list).
External OWA use correct certificate too (*.externaldomain.com), but with 500 - Internal server error. External HTTP\HTTPS Outlook connection unable, because it's error 500.
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
July 10th, 2010 8:16am
IIS has 2 sites:
-Autodiscover.externaldomain Anonymous+Windows Auth., SSL - no req.+ignore
-Default Web Site
* aspnet_client
* ecp
* EWS
* Exchange
* Exchweb
* Microsoft-Server-ActiveSync
* OAB
* owa Basic+Windows Auth., SSL req+ignore
* PowerShell
* Public
* Rdc
* RpcWithCert
I have installed Rollup 4, so now external OWA shows error 404
<fieldset>
404 - File or directory not found.
The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.
</fieldset>
After some reboots external OWA replies: Outlook Web App didn't initialize. If the problem continues, please contact your helpdesk.
Internal OWA works ok. Microsoft Exchange Attentant service unable to start.
Unexpected error No authority could be contacted for authentication. ID no: 80090311 Microsoft Exchange System Attendant occurred.
My present state error 404 in IE and in Firefox at the same time
Server Error in '/' Application.
The resource cannot be found.
Description:
HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested URL: /owa/auth/logon.aspx
In addition: it's strange (at least for me), but I was able to connect to internal OWA even with disabled Outlook Anywhere.
Free Windows Admin Tool Kit Click here and download it now
July 10th, 2010 2:50pm
What certificate is bound to the Default Web Site?
--
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
.
"vyan024" wrote in message
news:b27d3b79-abb8-43ec-8272-748b8382367d...
IIS has 2 sites:
-Autodiscover.externaldomain Anonymous+Windows Auth., SSL - no req.+ignore
-Default Web Site
* aspnet_client
* ecp
* EWS
* Exchange
* Exchweb
* Microsoft-Server-ActiveSync
* OAB
* owa Basic+Windows Auth., SSL req+ignore
* PowerShell
* Public
* Rdc
* RpcWithCert
I have installed Rollup 4, so now external OWA shows error 404
<fieldset>
404 - File or directory not found.
The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.
</fieldset>
After some reboots external OWA replies: Outlook Web App didn't initialize. If the problem continues, please contact your helpdesk.
Internal OWA works ok. Microsoft Exchange Attentant service unable to start.
Unexpected error No authority could be contacted for authentication. ID no: 80090311 Microsoft Exchange System Attendant occurred.
My present state error 404 in IE and in Firefox at the same time
Server Error in '/' Application.
The resource cannot be found.
Description:
HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested URL: /owa/auth/logon.aspx
In addition: it's strange (at least for me), but I was able to connect to internal OWA even with disabled Outlook Anywhere.
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
July 10th, 2010 7:08pm
For Default Web site is bounded certificate which created on Exchange server in PowerShell for local exchange server:
New-ExchangeCertificate -FriendlyName "Exchangesrv Self" -SubjectName "cn=exchangesrv2" -DomainName exchangesrv2,exchangesrv2.mydomain.local,autodiscover.mydomain.local,autodiscover.exchangesrv2.mydomain.local -PrivateKeyExportable:$True
| Enable-ExchangeCertificate -Services POP,IMAP,IIS,SMTP
Default Web Site - Bindings:
http 80
*
https 443 Internal IP internal exchange cert
net.tcp 808: *
net. pipe *
net.m... localhost
msmq... localhost
Free Windows Admin Tool Kit Click here and download it now
July 11th, 2010 8:58am
Please explain how you implemented what you describe in "REMARK".
--
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
.
"vyan024" wrote in message
news:976097ea-c17f-4322-8127-59c9c1760a50...
Hi Tim,
It was my fail to close the ticket so quickly. The wrong certificate still exists, even after recreation and reassign new one.
REMARK: I've tried to implement multiply SSL certificates for local mail Exchange+Outlook and external OWA Outlook+Browser. Everything was taken from
Configure Outlook Anywhere to Use Multiple SSL Certificates
So, internal Outlook connection to Exchange OK. OWA internal shows certificate error, but works (perhaps GPO certificate distribution delay).
But Test-OutlookWebServices -ClientAccessServer exchangesrv2 still shows annoying certificate:
[PS] C:\Users\administrator.domain\Desktop>Test-OutlookWebServices -ClientAccessServer exchangesrv2
Creating a new session for implicit remoting of "Test-OutlookWebServices" command...
[PS] C:\Users\administrator.JERICHO\Desktop>Test-OutlookWebServices -ClientAccessServer exchangesrv2
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1019
Type : Information
Message : A valid Autodiscover service connection point was found. The Autodiscover URL on this object is https://of fice.externalserver.com/autodiscover/autodiscover.xml.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1004
Type : Error
Message : The certificate for the URL https://office.externalserver.com/autodiscover/autodiscover.xml is incorrect.
For SSL to work, the certificate needs to have a subject of office.externalserver.com, instead the subjectfound is
IOS-Self-Signed-Certificate-1933852417
. Consider correcting service discovery, or installing a correct SSL certificate.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://office.externalserver.com/autodiscover/autodiscover.xml received the error The remote server returned an error: (404) Not Found.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1023
Type : Error
Message : The Autodiscover service couldn't be contacted.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://EXCHANGESRV2.domain.local:443/autodiscover/autodiscover.xml received the error The underlying connection was closed: An unexpected error occurred on a send.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://EXCHANGESRV2.domain.local:443/autodiscover/autodiscover.xml received the error Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://EXCHANGESRV2.domain.local:443/autodiscover/autodiscover.xml received the error Anexisting connection was forcibly closed by the remote host
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1123
Type : Error
Message : The Autodiscover service couldn't be contacted.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://exchangesrv2.domain.local/EWS/Exchange.asmx received the error The underlying connection was closed: An unexpected error occurred on a send.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://exchangesrv2.domain.local/EWS/Exchange.asmx received the error Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://exchangesrv2.domain.local/EWS/Exchange.asmx received the error An existing connection was forcibly closed by the remote host
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1025
Type : Error
Message : [EXCH] Error contacting the AS service at https://exchangesrv2.domain.local/EWS/Exchange.asmx. Elapsed time was 0 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://exchangesrv2.domain.local/EWS/Exchange.asmx received the error The underlying connection was closed: An unexpected error occurred on a send.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://exchangesrv2.domain.local/EWS/Exchange.asmx received the error Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://exchangesrv2.domain.local/EWS/Exchange.asmx received the error An existing connection was forcibly closed by the remote host
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1027
Type : Error
Message : [EXCH] Error contacting the UM service at https://exchangesrv2.domain.local/EWS/Exchange.asmx. Elapsed time was 0 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://office.externalserver.com/ews/exchange.asmx received the error The request failedwith HTTP status 404: Not Found.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1025
Type : Error
Message : [EXPR] Error contacting the AS service at https://office.externalserver.com/ews/exchange.asmx. Elapsed time was 562 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://office.externalserver.com/ews/exchange.asmx received the error The remote server returned an error: (404) Not Found.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1027
Type : Error
Message : [EXPR] Error contacting the UM service at https://office.externalserver.com/ews/exchange.asmx. Elapsed time was 562 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/ews/exchange.asmx received the error The underlying connection was closed: An unexpected error occurred on a send.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/ews/exchange.asmx received the error Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/ews/exchange.asmx received the error An existing connection was forcibly closed by the remote host
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1125
Type : Error
Message : [Server] Error contacting the AS service at https://exchangesrv2.domain.local/ews/exchange.asmx. Elapsedtime was 0 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/ews/exchange.asmx received the error The underlying connection was closed: An unexpected error occurred on a send.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/ews/exchange.asmx received the error Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/ews/exchange.asmx received the error An existing connection was forcibly closed by the remote host
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1127
Type : Error
Message : [Server] Error contacting the UM service at https://exchangesrv2.domain.local/ews/exchange.asmx. Elapsedtime was 0 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://office.externalserver.com/rpc received the error The remote server returned an error: (404) Not Found.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1029
Type : Error
Message : [EXPR] Error contacting the RPC/HTTP service at https://office.externalserver.com/rpc. Elapsed time was 578 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/rpc received the error The underlying connection was closed: An unexpected error occurred on a send.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/rpc received the error Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/rpc received the error An existing connection was forcibly closed by the remote host
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1129
Type : Error
Message : [EXPR] Error contacting the RPC/HTTP service at https://exchangesrv2.domain.local/rpc. Elapsed time was 0milliseconds.
Thanks
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
July 11th, 2010 8:08pm
Sorry, my fault. The correct link is http://technet.microsoft.com/en-us/library/bb310762.aspx and I have implemented
Configure Outlook Anywhere to Use Multiple SSL Certificates
Free Windows Admin Tool Kit Click here and download it now
July 12th, 2010 1:01am
Sorry, I've never implemented that method. Every Exchange installation I've done uses the same web site for everything with a UCC certificate.
--
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
.
"vyan024" wrote in message
news:9bf02a1a-a9d0-4286-a21b-aada17d5102d...
Sorry, my fault. The correct link is http://technet.microsoft.com/en-us/library/bb310762.aspx and I have implemented
Configure Outlook Anywhere to Use Multiple SSL Certificates
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
July 12th, 2010 4:55am
Same web site - ok. Have you experienced with different Exchange server IPs. I mean: 1 IP for local network, 2 for external OWA or HTTP\HTTPS connection. I have used to this configuration before Exchange owa broke. I have always seen how Exchange server
use different IP address. How I can assign 1 constant IP forever, if network card has 2 IPs?
Free Windows Admin Tool Kit Click here and download it now
July 13th, 2010 1:11am
You can create new virtual directories in PowerShell, but I've never specifically done what you're trying to do.
--
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
.
"vyan024" wrote in message
news:2a171862-d94e-40d0-bf6f-e0ddd5e7346b...
Same web site - ok. Have you experienced with different Exchange server IPs. I mean: 1 IP for local network, 2 for external OWA or HTTP\HTTPS connection. I have used to this configuration before Exchange owa broke. I have always seen how Exchange server use
different IP address. How I can assign 1 constant IP forever, if network card has 2 IPs?Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
July 14th, 2010 7:25am
Hi,
In conclusion:
1. The wrong certificate Issued to: IOS-Self-Signed-Certificate-193382... comes from my
Cisco router
2. This certificate stopped appear after changes in exchange IIS. I have performed rollback of instructions from this article
Configure Outlook Anywhere to Use Multiple SSL Certificates
In my opinion, exactly actions from this article provoke most of my troubles with exchange :(
3. RPC over HTTP\HTTPS works perfect after disabling IPv6 and
rejoin to domain Exchange server.
4. All tests via Microsoft Exchange Server Remote Connectivity Analyzer passed fine
Thanks to all
July 29th, 2010 2:17am