Hi everyone, A client is having the following error in their event log: Event Type: Error Event Source: MSExchangeFBPublish Event Category: General Event ID: 8207 Date: 9/3/2010 Time: 3:13:42 PM User: N/A Computer: SNAPMAIL2 Description: Error updating public folder with free/busy information on virtual machine SNAPMAIL2. The error number is 0x8004010f. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. This is a single exchange 2007 server (no migration, first one ever) and most of the tech-articles I'm finding have to to with migrations from 2003, so I'm a bit confused as of now on this. Get-PublicFolder -server exchsvr "\non_ipm_subtree\SCHEDULE+ FREE BUSY" results in: Name Parent Path ---- ----------- SCHEDULE+ FREE BUSY \NON_IPM_SUBTREE [PS] C:\Documents and Settings\ntadmin>get-publicfolder "\non_ipm_subtree\schedu le+ free busy" -recurse | format-list AgeLimit : EntryId : 000000001A447390AA6611CD9BC800AA002FC45A030019 3A73FA02162847AFA7B874203563D30000000000040000 HasSubFolders : True HiddenFromAddressListsEnabled : False LocalReplicaAgeLimit : MailEnabled : False MaxItemSize : Name : SCHEDULE+ FREE BUSY ParentPath : \NON_IPM_SUBTREE PerUserReadStateEnabled : True PostStorageQuota : Replicas : {} ReplicationSchedule : {} RetainDeletedItemsFor : StorageQuota : UseDatabaseAgeDefaults : True UseDatabaseQuotaDefaults : True UseDatabaseReplicationSchedule : True UseDatabaseRetentionDefaults : True Identity : \NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY IsValid : True OriginatingServer : snapmail2.snap-tite.com AgeLimit : 100.00:00:00 EntryId : 000000001A447390AA6611CD9BC800AA002FC45A03003C 1F6986AF3DC74394E2DCFCC4B43B130000000000070000 HasSubFolders : False HiddenFromAddressListsEnabled : True LocalReplicaAgeLimit : MailEnabled : False MaxItemSize : Name : EX:/o=Snap-tite/ou=Exchange Administrative Group (FYDIBOHF23SPDLT) ParentPath : \NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY PerUserReadStateEnabled : True PostStorageQuota : Replicas : {Public Folder Database} ReplicationSchedule : {} RetainDeletedItemsFor : StorageQuota : UseDatabaseAgeDefaults : False UseDatabaseQuotaDefaults : True UseDatabaseReplicationSchedule : True UseDatabaseRetentionDefaults : True Identity : \NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY\EX:/o=Snap-tite/ou=Exchange Administrative Group (FYDIB OHF23SPDLT) IsValid : True OriginatingServer : snapmail2.snap-tite.com Also, when outlook 2010 client tries to set out of office reply's they get the following error message: "Your automatic reply settings cannot be displayed because the server is currently unavailable. Try again later." They also had a TLS certificate expire a long time ago and are getting errors related to this as well (separate issue I think) but I am still researching to see if the FreeBusy issue may be linked to the TLS Certificate issue. Everything else (that I know of so far ) and transport, delivery, etc. are working fine despite the App log being plagued by 8207 and 12016 errors.. Anything that could help get us started in the correct path to resolve these issues would be greatly appreciated. Thanks everyone Jim

Outlook 2007 and higher will want to use the availability service. Therefore you really need to get the SSL certificate corrected. Ensure that there is a public folder store set on the mailbox database, it doesn't always set when databases are created. The error means cannot find, usually means the folder isn't there, or doesn't have the server listed as a replica. However, you have queried the wrong folder to check for the replica. The free/busy information is stored in a subfolder. I would check through the Public Folder Management Console that the sub folder under Schedule + Free Busy has the server set as a replica. Simon. Simon Butler, Exchange MVP. http://blog.sembee.co.uk , http://exbpa.com/

Hi, First, I would like to confirm which Service Pack is installed for Exchange Server 2007. If the issue persists after updating certificate, please also refer to the following article to troubleshoot the issue. MSExchangeFBPublish Event 8207 error 0x8004010f Thanks.Novak Wu-MSFT

Thanks Novak. It is running version 08.01.0336.000 From digging around on technet, i believe that this is SP1 + Update Rollup #5 applied, but I'm not 100%

Thanks Sembee, I tried to use the enable-ExchangeCertificate -Thumbprint command to renew it last week, but it gave me two 'warnings' saying that another certificate was taking priority over this one and it didnt look like it changed the properties of the certificates when i did a get-ExchangeCertificate command.. I will check to see if the subfolder is set as a replica.. Thank you for your help!! Jim

So you aren't using a commercial SSL certificate? The self signed certificate is not designed for production use, it is a place holder only. However I don't think this has anything to do with certificates because the error is cannot find - not a connection error. Any reason you haven't upgraded to at least Exchange 2007 Sp2, or preferably SP3? Simon.Simon Butler, Exchange MVP. http://blog.sembee.co.uk , http://exbpa.com/

I agree with Simon and you can upgrade to Exchange 2007 Service Pack 3 to check the result. If the error message persists, please perform the suggestions from the following article: MSExchangeFBPublish Event 8207 error 0x8004010f Hope this helps. Novak Wu-MSFT

I'm back on site with this client this afternoon, looking more into this issue. From the Outlook 2010 client PC here is the autodiscover Email Test: Results Tab: Autoconfiguration has started, this may take up to a minute Autoconfiguration was unable to determine your settings! Log Tab: Autodiscover to https://snap-tite.com/autodiscover/autodiscover.xml starting Autodiscover internet timeout against URL https://snap-tite.com/autodiscover/autodiscover.xml AutoDiscover internet timeout against URL https://snap-tite.com/autodiscover/autodiscover.xml Autodiscover to https://snap-tite.com/autodiscover/autodiscover.xml Failed (0x800C8203) Autodiscover to https://autodiscover.snap-tite.com/autodiscover/autodiscover.xml starting Autodiscover to https://autodiscover.snap-tite.com/autodiscover/autodiscover.xml Failed (0x800C8203) Local autodiscover for snap-tite.com starting Local autodiscover for snap-tite.com Failed (0x8004010F) Redirect check to http://autodiscover.snap-tite.com/autodiscover/autodiscover.xml starting Srv Record lookup for http://autodiscover.snap-tite.com/autodiscover/autodiscover.xml Failed (0x80072EE7) Srv Record lookup for snap-tite.com starting Srv Record lookup for snap-tite.com Failed (0x8004010F)

Hi Simon, I'n not really sure on the reasoning of why they have not upgraded to SP3 yet. I am a "stand-in" at this site, covering for someone who is normally here. I have very little understanding of the current environment in-place, let alone the reasoning behind it. This is just something that the "primary" resource at the company asked me to look into and see if we could get resolved.. the clients would like to use the autodiscover feature of Outlook/Exchange.. The events in the log may not even be related to this autodiscovery issue, that's one of the things I am trying to understand & confirm... Thanks a lot for your input! It's very helpful to help me in resolving this in the end! Take care, Jim

That article looks like it contains a ton of good information, I need to pan through it though to work out a game plan of what to check and in what order yet. Here would be my answers to Rock Wang's very first questions: 1. Did the user who use Outlook can publish their free/busy data in Exchange Server 2007? ANS: In the user's Outlook 2010 client, they have it set to publish free/busy to the "server" but the area where it mentions "Publish Internet Free Busy" it is blank and not-checked 2. Which SP version is your Exchange server 2010 ANS: ver 08.01.0336.000 (SP1 +roll-up 5) 3. Open Event Viewer, right-click application and save it as .evt file, and send the file to v-rocwan@microsoft.com for analyze. ANS: Did not do this one, but will if someone wants to look at it 4. Did you have Exchange server 2003 or 2000 in your organization? ANS: No, my understanding is that this is a 'fresh' and 'clean' install of 2007 5. Did the Exchange Server 2007 is completey clean installation in your domain or migrate from Exchange Server 2003? ANS: Clean installation. New mailboxes. Not a migration. -Jim

I checked in the PF Management Console, and the subfolder underneath the SCHEDULE+ FREE BUSY folder is called: EX:/o=Snap-tite/ou=Exchange Administrative Group (FYDIBOHF23SPDLT) with a Parent Path of: \NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY Also the other properties of this sub-folder are as follows: Replicas: SNAPMAIL2\Second Storage Group\Public Folder Database Mail Enabled: False Local Replica Age Limit in Days: blank Hiden From Address List: True Age Limit in Days: 100

I checked the Mailbox Database, it appears there is a public folder store set. It is: SNAPMAIL2\Second Storage Group\Public Folder Database here are the properties of the correct folder (I think...) [PS] C:\Documents and Settings\ntadmin>get-publicfolder "\NON_IPM_SUBTREE\SCHEDU LE+ FREE BUSY\EX:/o=Snap-tite/ou=Exchange Administrative Group (FYDIBOHF23SPDLT) " -recurse | format-list AgeLimit : 100.00:00:00 EntryId : 000000001A447390AA6611CD9BC800AA002FC45A03003C 1F6986AF3DC74394E2DCFCC4B43B130000000000070000 HasSubFolders : False HiddenFromAddressListsEnabled : True LocalReplicaAgeLimit : MailEnabled : False MaxItemSize : Name : EX:/o=Snap-tite/ou=Exchange Administrative Gro up (FYDIBOHF23SPDLT) ParentPath : \NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY PerUserReadStateEnabled : True PostStorageQuota : Replicas : {Public Folder Database} ReplicationSchedule : {} RetainDeletedItemsFor : StorageQuota : UseDatabaseAgeDefaults : False UseDatabaseQuotaDefaults : True UseDatabaseReplicationSchedule : True UseDatabaseRetentionDefaults : True Identity : \NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY\EX:/o=Sna p-tite/ou=Exchange Administrative Group (FYDIB OHF23SPDLT) IsValid : True OriginatingServer : snapmail2.snap-tite.com -Jim

*** I re-read my original posting.. let me clarify. These errors are appearing on the Exchange Server's event log.. along with loads of these errors as well: Event Type: Error Event Source: MSExchangeTransport Event Category: TransportService Event ID: 12016 Date: 9/10/2010 Time: 2:30:35 PM User: N/A Computer: SNAPMAIL2 Description: There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of mail.snap-tite.com. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of mail.snap-tite.com should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. I tried to research and follow information on how to get these certificates updated but I am not sure if it worked. Apparantly it didn't cause we are still getting the errors. When I look at the certificates used by Exchange, this is what I see (it looks like there are many and im not sure if some are invalid, mistakes or just residual leftover by other administrators) I would hate to remove something and break something else in the process of trying to fix this issue.

This is what I see for the certificates (masking some prints and serials - but just to give you an idea) [PS] C:\Documents and Settings\ntadmin>get-ExchangeCertificate Thumbprint Services Subject ---------- -------- ------- 306F9XXXXXXXXXXXXXXXXXXXXAE57D1 IP... CN=snapmail2.snap-tite.com 10ADXXXXXXXXXXXXXXXXXXXXBFF185 ....S CN=mail.snap-tite.com E4523XXXXXXXXXXXXXXXXXXXX0E95C ...W. CN=mail.snap-tite.com, ... DBDCXXXXXXXXXXXXXXXXXXXX0782B4 IP..S CN=snapmail2.snap-tite.... 34882DXXXXXXXXXXXXXXXXXXXX10DCC ..... CN=Snap-tite, DC=snap-t... DCBC3XXXXXXXXXXXXXXXXXXXX253136F ..... CN=snapmail2.snap-tite.... 9D317XXXXXXXXXXXXXXXXXXXXE11032 ..... CN=mail.snap-tite.com 30E7FXXXXXXXXXXXXXXXXXXXX3D63D IP..S CN=snapmail2 58682XXXXXXXXXXXXXXXXXXXXB918D IP..S CN=snapmail2 [PS] C:\Documents and Settings\ntadmin>get-ExchangeCertificate | format-list AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule} CertificateDomains : {snapmail2.snap-tite.com} HasPrivateKey : True IsSelfSigned : False Issuer : CN=Snap-tite, DC=snap-tite, DC=com NotAfter : 12/18/2010 3:41:15 PM NotBefore : 12/18/2009 3:41:15 PM PublicKeySize : 1024 RootCAType : Registry SerialNumber : 13XXXXXXXXXXXXXXXXXXXX50D Services : IMAP, POP Status : Valid Subject : CN=snapmail2.snap-tite.com Thumbprint : 306F9XXXXXXXXXXXXXXXXXXXXAE57D1 AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule} CertificateDomains : {mail.snap-tite.com} HasPrivateKey : True IsSelfSigned : True Issuer : CN=mail.snap-tite.com NotAfter : 12/7/2010 8:33:41 AM NotBefore : 12/7/2009 8:33:41 AM PublicKeySize : 1024 RootCAType : None SerialNumber : 180XXXXXXXXXXXXXXXXXXXX02B0 Services : SMTP Status : Valid Subject : CN=mail.snap-tite.com Thumbprint : 10ADXXXXXXXXXXXXXXXXXXXXBFF185 AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule} CertificateDomains : {mail.snap-tite.com, www.mail.snap-tite.com} HasPrivateKey : True IsSelfSigned : False Issuer : SERIALNUMBER=07564327, CN=Go Daddy Secure Certification Au thority, OU=http://certificates.godaddy.com/repository, O= "GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US NotAfter : 5/7/2011 9:58:41 AM NotBefore : 5/7/2009 9:58:41 AM PublicKeySize : 1024 RootCAType : ThirdParty SerialNumber : 6XXXXXX9 Services : IIS Status : Valid Subject : CN=mail.snap-tite.com, OU=Domain Control Validated, O=mail .snap-tite.com Thumbprint : E4523XXXXXXXXXXXXXXXXXXXX0E95C AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule} CertificateDomains : {snapmail2.snap-tite.com, snapmail2, mail.snap-tite.com} HasPrivateKey : True IsSelfSigned : False Issuer : CN=Snap-tite, DC=snap-tite, DC=com NotAfter : 8/1/2009 11:41:30 AM NotBefore : 8/2/2007 11:41:30 AM PublicKeySize : 2048 RootCAType : Registry SerialNumber : 140XXXXXXXXXXXXXXXXXXXX02 Services : IMAP, POP, SMTP Status : DateInvalid Subject : CN=snapmail2.snap-tite.com, O="Snap-tite, Inc", DC=snap-ti te, DC=com Thumbprint : DBDCXXXXXXXXXXXXXXXXXXXX0782B4 AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule} CertificateDomains : {Snap-tite} HasPrivateKey : True IsSelfSigned : True Issuer : CN=Snap-tite, DC=snap-tite, DC=com NotAfter : 8/2/2022 11:46:44 AM NotBefore : 8/2/2007 11:38:14 AM PublicKeySize : 2048 RootCAType : Registry SerialNumber : 51EXXXXXXXXXXXXXXXXXXXX10CA Services : None Status : Valid Subject : CN=Snap-tite, DC=snap-tite, DC=com Thumbprint : 34882DXXXXXXXXXXXXXXXXXXXX10DCC AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule} CertificateDomains : {snapmail2.snap-tite.com} HasPrivateKey : True IsSelfSigned : True Issuer : CN=snapmail2.snap-tite.com, O="Snap-tite, Inc", DC=snap-ti te, DC=com NotAfter : 8/1/2008 5:20:22 PM NotBefore : 8/2/2007 11:20:22 AM PublicKeySize : 2048 RootCAType : Unknown SerialNumber : FA37XXXXXXXXXXXXXXXXXXXXE736 Services : None Status : Invalid Subject : CN=snapmail2.snap-tite.com, O="Snap-tite, Inc", DC=snap-ti te, DC=com Thumbprint : DCBC3XXXXXXXXXXXXXXXXXXXX253136F AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule} CertificateDomains : {mail.snap-tite.com} HasPrivateKey : True IsSelfSigned : True Issuer : CN=mail.snap-tite.com NotAfter : 7/30/2017 9:54:02 AM NotBefore : 8/2/2007 9:54:02 AM PublicKeySize : 1024 RootCAType : None SerialNumber : 5CF1XXXXXXXXXXXXXXXXXXXX22C0 Services : None Status : Valid Subject : CN=mail.snap-tite.com Thumbprint : 9D317XXXXXXXXXXXXXXXXXXXXE11032 AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule} CertificateDomains : {snapmail2, snapmail2.snap-tite.com} HasPrivateKey : True IsSelfSigned : True Issuer : CN=snapmail2 NotAfter : 8/1/2008 2:25:52 PM NotBefore : 8/1/2007 2:25:52 PM PublicKeySize : 2048 RootCAType : Unknown SerialNumber : 47EXXXXXXXXXXXXXXXXXXXXAEE3 Services : IMAP, POP, SMTP Status : Invalid Subject : CN=snapmail2 Thumbprint : 30E7FXXXXXXXXXXXXXXXXXXXX3D63D AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule} CertificateDomains : {snapmail2, snapmail2.snap-tite.com} HasPrivateKey : True IsSelfSigned : True Issuer : CN=snapmail2 NotAfter : 8/1/2008 2:18:11 PM NotBefore : 8/1/2007 2:18:11 PM PublicKeySize : 2048 RootCAType : Unknown SerialNumber : 788BXXXXXXXXXXXXXXXXXXXX31B1B Services : IMAP, POP, SMTP Status : Invalid Subject : CN=snapmail2 Thumbprint : 58682XXXXXXXXXXXXXXXXXXXXB918D

3 of those certs that i posted earlier have status of Invalid and 1 has a status of DateInvalid I would be interested in cleaning these out (deleting them) if I knew 100% it wouldnt cause anything else to break. When I go back in the event log back in time, the original problem seemed to (to the best of my knowledge) stem back from a certificate expiring without them knowing about it until it was too late. Here is the "filtered down" "edited by me" history of the event log that I compiled to show some of the errors we are getting: Event Type: Error Event Source: MSExchangeTransport Event Category: TransportService Event ID: 12016 Date: 9/3/2010 Time: 6:32:08 AM User: N/A Computer: SNAPMAIL2 Description: There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of mail.snap-tite.com. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of mail.snap-tite.com should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. ---- Event Type: Error Event Source: MSExchangeTransport Event Category: TransportService Event ID: 12014 Date: 3/3/2009 Time: 12:13:05 PM User: N/A Computer: SNAPMAIL2 Description: Microsoft Exchange couldn't find a certificate that contains the domain name mail.snap-tite.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Unix Server with a FQDN parameter of mail.snap-tite.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. ---- Event Type: Error Event Source: MSExchangeTransport Event Category: TransportService Event ID: 12014 Date: 3/2/2009 Time: 12:33:33 AM User: N/A Computer: SNAPMAIL2 Description: Microsoft Exchange couldn't find a certificate that contains the domain name mail.snap-tite.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Internet Mail SMTP Connector with a FQDN parameter of mail.snap-tite.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. ---- Event Type: Error Event Source: MSExchangeFBPublish Event Category: General Event ID: 8207 Date: 3/2/2009 Time: 8:48:16 AM User: N/A Computer: SNAPMAIL2 Description: Error updating public folder with free/busy information on virtual machine SNAPMAIL2. The error number is 0x8004010f. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. ---- Event Type: Error Event Source: MSExchangeIS Event Category: General Event ID: 9667 Date: 3/2/2009 Time: 11:01:10 AM User: N/A Computer: SNAPMAIL2 Description: Failed to create a new named property for database "First Storage Group\Mailbox Database" because the number of named properties reached the quota limit (8192). User attempting to create the named property: "NETWORK SERVICE" Named property GUID: 00020386-0000-0000-c000-000000000046 Named property name/id: "x-adr-ij" For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 5b 44 49 41 47 5f 43 54 [DIAG_CT 0008: 58 5d 00 00 6e 00 00 00 X]..n... 0010: ff 5c 06 00 00 00 00 00 ÿ\...... 0018: 00 02 60 00 00 00 3a 67 ..`...:g 0020: f0 1f 56 00 00 00 db 18 ð.V...Û. 0028: 40 10 0f 01 04 80 fd 79 @....?ýy 0030: 20 10 00 00 00 00 db 18 .....Û. 0038: 40 10 0f 01 04 80 bd 44 @....?½D 0040: 20 10 00 00 00 00 03 59 ......Y 0048: 20 10 00 00 00 00 03 59 ......Y 0050: 20 10 00 00 00 00 ad 59 .....­Y 0058: 20 10 00 00 00 00 ed 4c .....íL 0060: 20 10 00 00 00 00 fd 45 .....ýE 0068: 20 10 00 00 00 00 cd 6a .....Íj 0070: 20 10 00 00 00 00 03 59 ......Y 0078: 20 10 00 00 00 00 ..... ---- Event Type: Warning Event Source: MSExchange ADAccess Event Category: Configuration Event ID: 2089 Date: 3/2/2009 Time: 12:53:06 PM User: N/A Computer: SNAPMAIL2 Description: Process MAD.EXE (PID=2136). The configuration domain controller specified in the registry (snapmail.snap-tite.com) was not found in the Sites container in the Active Directory. Exchange Active Directory Provider will select the configuration domain controller from the list of available domain controllers. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. ---- Event Type: Information Event Source: MSExchange ADAccess Event Category: Topology Event ID: 2080 Date: 3/3/2009 Time: 12:31:26 AM User: N/A Computer: SNAPMAIL2 Description: Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1380). Exchange Active Directory Provider has discovered the following servers with the following characteristics: (Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version) In-site: snapdc02.snap-tite.com CDG 1 7 7 1 0 1 1 7 1 snapdc01.snap-tite.com CDG 1 7 7 1 0 1 1 7 1 Out-of-site: ponn.snap-tite.com CDG 1 7 7 1 0 1 1 7 1 ireland.snap-tite.com CDG 1 7 7 1 0 1 1 7 1 For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. ---- Event Type: Information Event Source: MSExchange ADAccess Event Category: Topology Event ID: 2081 Date: 3/3/2009 Time: 1:42:32 AM User: N/A Computer: SNAPMAIL2 Description: Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1404). Exchange Active Directory Provider will use the servers from the following list: Domain Controllers: snapdc02.snap-tite.com snapdc01.snap-tite.com Global Catalogs: snapdc02.snap-tite.com snapdc01.snap-tite.com The Configuration Domain Controller is set to snapdc01.snap-tite.com. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. ---- Event Type: Warning Event Source: MSExchangeTransport Event Category: TransportService Event ID: 12018 Date: 7/4/2009 Time: 11:13:39 PM User: N/A Computer: SNAPMAIL2 Description: The STARTTLS certificate will expire soon: subject: mail.snap-tite.com, hours remaining: DBDCXXXXXXXXXXXXXXXXXXXXXXXX0782B4. Run the New-ExchangeCertificate cmdlet to create a new certificate. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. ---- Event Type: Warning Event Source: MSExchangeTransport Event Category: TransportService Event ID: 12017 Date: 7/6/2009 Time: 6:42:01 PM User: N/A Computer: SNAPMAIL2 Description: An internal transport certificate will expire soon. Thumbprint:DBDCXXXXXXXXXXXXXXXXXXXXX0782B4, hours remaining: 613 For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. ---- Event Type: Warning Event Source: MSExchangeTransport Event Category: TransportService Event ID: 12018 Date: 8/1/2009 Time: 7:40:36 AM User: N/A Computer: SNAPMAIL2 Description: The STARTTLS certificate will expire soon: subject: mail.snap-tite.com, hours remaining: DBDCXXXXXXXXXXXXXXXXXXXXX0782B4. Run the New-ExchangeCertificate cmdlet to create a new certificate. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. -- Event Type: Error Event Source: MSExchangeTransport Event Category: TransportService Event ID: 12016 Date: 8/1/2009 Time: 7:41:45 AM User: N/A Computer: SNAPMAIL2 Description: There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of mail.snap-tite.com. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of mail.snap-tite.com should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. ----

Here is the output of test-outlookwebservices run on the exchange server... I see now where it might be an issue of not being able to find it like Simon mentioned [PS] C:\Documents and Settings\ntadmin>test-outlookwebservices | format-list Id : 1003 Type : Information Message : About to test AutoDiscover with the e-mail address ntadmin@snap-tite. com. Id : 1007 Type : Information Message : Testing server snapmail2.snap-tite.com with the published name https: //mail.snap-tite.com/ews/exchange.asmx & . Id : 1019 Type : Information Message : Found a valid AutoDiscover service connection point. The AutoDiscover URL on this object is https://mail.snap-tite.com/autodiscover/autodi scover.xml. Id : 1013 Type : Error Message : When contacting https://mail.snap-tite.com/autodiscover/autodiscover. xml received the error The remote server returned an error: (401) Una uthorized. Id : 1006 Type : Error Message : The Autodiscover service could not be contacted.

Here is the warning I got when I tried to run enable-ExchangeCertificate - Thumbprint on the cert that had the DateInvalid status [PS] C:\Documents and Settings\ntadmin>Enable-ExchangeCertificate -Thumbprint DB DC25XXXXXXXXXXXXXXXXXXXXXXXXXXX782B4 -Services "IMAP, POP, SMTP" WARNING: This certificate will not be used for external TLS connections with an FQDN of 'snapmail2.snap-tite.com' because the CA-signed certificate with thumbprint '306F9XXXXXXXXXXXXXXXXXXXXXXXXXXXE57D1' takes precedence. The following connectors match that FQDN: Client SNAPMAIL2, Default SNAPMAIL2. WARNING: This certificate will not be used for external TLS connections with an FQDN of 'mail.snap-tite.com' because the CA-signed certificate with thumbprint 'E4523XXXXXXXXXXXXXXXXXXXXXXXXXXX0E95C' takes precedence. The following connectors match that FQDN: Unix Server. I think I've uncovered a can of worms... lol

Simon, yes they are using a third-party certificate from godaddy for https OWA I believe: AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule} CertificateDomains : {mail.snap-tite.com, www.mail.snap-tite.com} HasPrivateKey : True IsSelfSigned : False Issuer : SERIALNUMBER=07564327, CN=Go Daddy Secure Certification Au thority, OU=http://certificates.godaddy.com/repository, O= "GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US NotAfter : 5/7/2011 9:58:41 AM NotBefore : 5/7/2009 9:58:41 AM PublicKeySize : 1024 RootCAType : ThirdParty SerialNumber : 6XXXXXX9 Services : IIS Status : Valid Subject : CN=mail.snap-tite.com, OU=Domain Control Validated, O=mail .snap-tite.com Thumbprint : E4523XXXXXXXXXXXXXXXXXXXX0E95C

Novak, Do you have any more good feedback in lieu of the additional data I was able to collect and post? I am going to suggest to the client that we upgrade to Exchange 2007 SP3. Is there an easy way for me to clear up the exchange certificates issues? Thanks for your help!