Single Exchange 2k7 server (not migration from 2k3) - Getting Event ID 8027?
Hi everyone,
A client is having the following error in their event log:
Event Type: Error
Event Source: MSExchangeFBPublish
Event Category: General
Event ID: 8207
Date: 9/3/2010
Time: 3:13:42 PM
User: N/A
Computer: SNAPMAIL2
Description:
Error updating public folder with free/busy information on virtual machine SNAPMAIL2. The error number is 0x8004010f.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
This is a single exchange 2007 server (no migration, first one ever) and most of the tech-articles I'm finding have to to with migrations from 2003, so I'm a bit confused as of now on this.
Get-PublicFolder -server exchsvr "\non_ipm_subtree\SCHEDULE+ FREE BUSY" results in:
Name Parent Path
---- -----------
SCHEDULE+ FREE BUSY \NON_IPM_SUBTREE
[PS] C:\Documents and Settings\ntadmin>get-publicfolder "\non_ipm_subtree\schedu
le+ free busy" -recurse | format-list
AgeLimit :
EntryId : 000000001A447390AA6611CD9BC800AA002FC45A030019
3A73FA02162847AFA7B874203563D30000000000040000
HasSubFolders : True
HiddenFromAddressListsEnabled : False
LocalReplicaAgeLimit :
MailEnabled : False
MaxItemSize :
Name : SCHEDULE+ FREE BUSY
ParentPath : \NON_IPM_SUBTREE
PerUserReadStateEnabled : True
PostStorageQuota :
Replicas : {}
ReplicationSchedule : {}
RetainDeletedItemsFor :
StorageQuota :
UseDatabaseAgeDefaults : True
UseDatabaseQuotaDefaults : True
UseDatabaseReplicationSchedule : True
UseDatabaseRetentionDefaults : True
Identity : \NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY
IsValid : True
OriginatingServer : snapmail2.snap-tite.com
AgeLimit : 100.00:00:00
EntryId : 000000001A447390AA6611CD9BC800AA002FC45A03003C
1F6986AF3DC74394E2DCFCC4B43B130000000000070000
HasSubFolders : False
HiddenFromAddressListsEnabled : True
LocalReplicaAgeLimit :
MailEnabled : False
MaxItemSize :
Name : EX:/o=Snap-tite/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)
ParentPath : \NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY
PerUserReadStateEnabled : True
PostStorageQuota :
Replicas : {Public Folder Database}
ReplicationSchedule : {}
RetainDeletedItemsFor :
StorageQuota :
UseDatabaseAgeDefaults : False
UseDatabaseQuotaDefaults : True
UseDatabaseReplicationSchedule : True
UseDatabaseRetentionDefaults : True
Identity : \NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY\EX:/o=Snap-tite/ou=Exchange Administrative Group (FYDIB
OHF23SPDLT)
IsValid : True
OriginatingServer : snapmail2.snap-tite.com
Also, when outlook 2010 client tries to set out of office reply's they get the following error message: "Your automatic reply settings cannot be displayed because the server is currently unavailable. Try again later."
They also had a TLS certificate expire a long time ago and are getting errors related to this as well (separate issue I think) but I am still researching to see if the FreeBusy issue may be linked to the TLS Certificate issue.
Everything else (that I know of so far ) and transport, delivery, etc. are working fine despite the App log being plagued by 8207 and 12016 errors..
Anything that could help get us started in the correct path to resolve these issues would be greatly appreciated.
Thanks everyone
Jim
September 3rd, 2010 10:42pm
Outlook 2007 and higher will want to use the availability service. Therefore you really need to get the SSL certificate corrected.
Ensure that there is a public folder store set on the mailbox database, it doesn't always set when databases are created.
The error means cannot find, usually means the folder isn't there, or doesn't have the server listed as a replica.
However, you have queried the wrong folder to check for the replica. The free/busy information is stored in a subfolder.
I would check through the Public Folder Management Console that the sub folder under Schedule + Free Busy has the server set as a replica.
Simon.
Simon Butler, Exchange MVP. http://blog.sembee.co.uk , http://exbpa.com/
Free Windows Admin Tool Kit Click here and download it now
September 3rd, 2010 11:43pm
Hi,
First, I would like to confirm which Service Pack is installed for Exchange Server 2007.
If the issue persists after updating certificate, please also refer to the following article to troubleshoot the issue.
MSExchangeFBPublish Event 8207 error
0x8004010f
Thanks.Novak Wu-MSFT
September 7th, 2010 6:08am
Thanks Novak.
It is running version 08.01.0336.000
From digging around on technet, i believe that this is SP1 + Update Rollup #5 applied, but I'm not 100%
Free Windows Admin Tool Kit Click here and download it now
September 7th, 2010 4:23pm
Thanks Sembee,
I tried to use the enable-ExchangeCertificate -Thumbprint command to renew it last week, but it gave me two 'warnings' saying that another certificate was taking priority over this one and it didnt look like it changed the properties of the certificates
when i did a get-ExchangeCertificate command..
I will check to see if the subfolder is set as a replica..
Thank you for your help!!
Jim
September 7th, 2010 4:28pm
So you aren't using a commercial SSL certificate?
The self signed certificate is not designed for production use, it is a place holder only.
However I don't think this has anything to do with certificates because the error is cannot find - not a connection error.
Any reason you haven't upgraded to at least Exchange 2007 Sp2, or preferably SP3?
Simon.Simon Butler, Exchange MVP. http://blog.sembee.co.uk , http://exbpa.com/
Free Windows Admin Tool Kit Click here and download it now
September 7th, 2010 10:00pm
I agree with Simon and you can upgrade to Exchange 2007 Service Pack 3 to check the result. If the error message persists, please perform the suggestions from the
following article:
MSExchangeFBPublish Event
8207 error 0x8004010f
Hope this helps.
Novak Wu-MSFT
September 8th, 2010 4:57am
I'm back on site with this client this afternoon, looking more into this issue. From the Outlook 2010 client PC here is the autodiscover Email Test:
Results Tab:
Autoconfiguration has started, this may take up to a minute
Autoconfiguration was unable to determine your settings!
Log Tab:
Autodiscover to
https://snap-tite.com/autodiscover/autodiscover.xml starting
Autodiscover internet timeout against URL
https://snap-tite.com/autodiscover/autodiscover.xml
AutoDiscover internet timeout against URL
https://snap-tite.com/autodiscover/autodiscover.xml
Autodiscover to https://snap-tite.com/autodiscover/autodiscover.xml Failed (0x800C8203)
Autodiscover to
https://autodiscover.snap-tite.com/autodiscover/autodiscover.xml starting
Autodiscover to
https://autodiscover.snap-tite.com/autodiscover/autodiscover.xml Failed (0x800C8203)
Local autodiscover for snap-tite.com starting
Local autodiscover for snap-tite.com Failed (0x8004010F)
Redirect check to
http://autodiscover.snap-tite.com/autodiscover/autodiscover.xml starting
Srv Record lookup for
http://autodiscover.snap-tite.com/autodiscover/autodiscover.xml Failed (0x80072EE7)
Srv Record lookup for snap-tite.com starting
Srv Record lookup for snap-tite.com Failed (0x8004010F)
Free Windows Admin Tool Kit Click here and download it now
September 10th, 2010 9:00pm
Hi Simon,
I'n not really sure on the reasoning of why they have not upgraded to SP3 yet. I am a "stand-in" at this site, covering for someone who is normally here.
I have very little understanding of the current environment in-place, let alone the reasoning behind it. This is just something that the "primary" resource at the company asked me to look into and see if we could get resolved..
the clients would like to use the autodiscover feature of Outlook/Exchange..
The events in the log may not even be related to this autodiscovery issue, that's one of the things I am trying to understand & confirm...
Thanks a lot for your input! It's very helpful to help me in resolving this in the end!
Take care,
Jim
September 10th, 2010 9:03pm
That article looks like it contains a ton of good information, I need to pan through it though to work out a game plan of what to check and in what order yet. Here would be my answers to Rock Wang's very first questions:
1. Did the user who use Outlook can publish their free/busy data in Exchange Server 2007?
ANS: In the user's Outlook 2010 client, they have it set to publish free/busy to the "server" but the area where it mentions "Publish Internet Free Busy" it is blank and not-checked
2. Which SP version is your Exchange server 2010
ANS: ver 08.01.0336.000 (SP1 +roll-up 5)
3. Open Event Viewer, right-click application and save it as .evt file, and send the file to
v-rocwan@microsoft.com for analyze.
ANS: Did not do this one, but will if someone wants to look at it
4. Did you have Exchange server 2003 or 2000 in your organization?
ANS: No, my understanding is that this is a 'fresh' and 'clean' install of 2007
5. Did the Exchange Server 2007 is completey clean installation in your domain or migrate from Exchange Server 2003?
ANS: Clean installation. New mailboxes. Not a migration.
-Jim
Free Windows Admin Tool Kit Click here and download it now
September 10th, 2010 9:14pm
I checked in the PF Management Console, and the subfolder underneath the SCHEDULE+ FREE BUSY folder is called:
EX:/o=Snap-tite/ou=Exchange Administrative Group (FYDIBOHF23SPDLT) with a Parent Path of: \NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY
Also the other properties of this sub-folder are as follows:
Replicas: SNAPMAIL2\Second Storage Group\Public Folder Database
Mail Enabled: False
Local Replica Age Limit in Days: blank
Hiden From Address List: True
Age Limit in Days: 100
September 10th, 2010 9:30pm
I checked the Mailbox Database, it appears there is a public folder store set. It is: SNAPMAIL2\Second Storage Group\Public Folder Database
here are the properties of the correct folder (I think...)
[PS] C:\Documents and Settings\ntadmin>get-publicfolder "\NON_IPM_SUBTREE\SCHEDU
LE+ FREE BUSY\EX:/o=Snap-tite/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)
" -recurse | format-list
AgeLimit : 100.00:00:00
EntryId : 000000001A447390AA6611CD9BC800AA002FC45A03003C
1F6986AF3DC74394E2DCFCC4B43B130000000000070000
HasSubFolders : False
HiddenFromAddressListsEnabled : True
LocalReplicaAgeLimit :
MailEnabled : False
MaxItemSize :
Name : EX:/o=Snap-tite/ou=Exchange Administrative Gro
up (FYDIBOHF23SPDLT)
ParentPath : \NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY
PerUserReadStateEnabled : True
PostStorageQuota :
Replicas : {Public Folder Database}
ReplicationSchedule : {}
RetainDeletedItemsFor :
StorageQuota :
UseDatabaseAgeDefaults : False
UseDatabaseQuotaDefaults : True
UseDatabaseReplicationSchedule : True
UseDatabaseRetentionDefaults : True
Identity : \NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY\EX:/o=Sna
p-tite/ou=Exchange Administrative Group (FYDIB
OHF23SPDLT)
IsValid : True
OriginatingServer : snapmail2.snap-tite.com
-Jim
Free Windows Admin Tool Kit Click here and download it now
September 10th, 2010 9:38pm
*** I re-read my original posting.. let me clarify. These errors are appearing on the Exchange Server's event log..
along with loads of these errors as well:
Event Type: Error
Event Source: MSExchangeTransport
Event Category: TransportService
Event ID: 12016
Date: 9/10/2010
Time: 2:30:35 PM
User: N/A
Computer: SNAPMAIL2
Description:
There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of mail.snap-tite.com. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN
of mail.snap-tite.com should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
I tried to research and follow information on how to get these certificates updated but I am not sure if it worked. Apparantly it didn't cause we are still getting the errors.
When I look at the certificates used by Exchange, this is what I see (it looks like there are many and im not sure if some are invalid, mistakes or just residual leftover by other administrators) I would hate to remove something and break something
else in the process of trying to fix this issue.
September 10th, 2010 9:49pm
This is what I see for the certificates (masking some prints and serials - but just to give you an idea)
[PS] C:\Documents and Settings\ntadmin>get-ExchangeCertificate
Thumbprint Services Subject
---------- -------- -------
306F9XXXXXXXXXXXXXXXXXXXXAE57D1 IP... CN=snapmail2.snap-tite.com
10ADXXXXXXXXXXXXXXXXXXXXBFF185 ....S CN=mail.snap-tite.com
E4523XXXXXXXXXXXXXXXXXXXX0E95C ...W. CN=mail.snap-tite.com, ...
DBDCXXXXXXXXXXXXXXXXXXXX0782B4 IP..S CN=snapmail2.snap-tite....
34882DXXXXXXXXXXXXXXXXXXXX10DCC ..... CN=Snap-tite, DC=snap-t...
DCBC3XXXXXXXXXXXXXXXXXXXX253136F ..... CN=snapmail2.snap-tite....
9D317XXXXXXXXXXXXXXXXXXXXE11032 ..... CN=mail.snap-tite.com
30E7FXXXXXXXXXXXXXXXXXXXX3D63D IP..S CN=snapmail2
58682XXXXXXXXXXXXXXXXXXXXB918D IP..S CN=snapmail2
[PS] C:\Documents and Settings\ntadmin>get-ExchangeCertificate | format-list
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {snapmail2.snap-tite.com}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=Snap-tite, DC=snap-tite, DC=com
NotAfter : 12/18/2010 3:41:15 PM
NotBefore : 12/18/2009 3:41:15 PM
PublicKeySize : 1024
RootCAType : Registry
SerialNumber : 13XXXXXXXXXXXXXXXXXXXX50D
Services : IMAP, POP
Status : Valid
Subject : CN=snapmail2.snap-tite.com
Thumbprint : 306F9XXXXXXXXXXXXXXXXXXXXAE57D1
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule, System.Securi
ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail.snap-tite.com}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=mail.snap-tite.com
NotAfter : 12/7/2010 8:33:41 AM
NotBefore : 12/7/2009 8:33:41 AM
PublicKeySize : 1024
RootCAType : None
SerialNumber : 180XXXXXXXXXXXXXXXXXXXX02B0
Services : SMTP
Status : Valid
Subject : CN=mail.snap-tite.com
Thumbprint : 10ADXXXXXXXXXXXXXXXXXXXXBFF185
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail.snap-tite.com,
www.mail.snap-tite.com}
HasPrivateKey : True
IsSelfSigned : False
Issuer : SERIALNUMBER=07564327, CN=Go Daddy Secure Certification Au
thority, OU=http://certificates.godaddy.com/repository, O=
"GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US
NotAfter : 5/7/2011 9:58:41 AM
NotBefore : 5/7/2009 9:58:41 AM
PublicKeySize : 1024
RootCAType : ThirdParty
SerialNumber : 6XXXXXX9
Services : IIS
Status : Valid
Subject : CN=mail.snap-tite.com, OU=Domain Control Validated, O=mail
.snap-tite.com
Thumbprint : E4523XXXXXXXXXXXXXXXXXXXX0E95C
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule, System.Securi
ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {snapmail2.snap-tite.com, snapmail2, mail.snap-tite.com}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=Snap-tite, DC=snap-tite, DC=com
NotAfter : 8/1/2009 11:41:30 AM
NotBefore : 8/2/2007 11:41:30 AM
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 140XXXXXXXXXXXXXXXXXXXX02
Services : IMAP, POP, SMTP
Status : DateInvalid
Subject : CN=snapmail2.snap-tite.com, O="Snap-tite, Inc", DC=snap-ti
te, DC=com
Thumbprint : DBDCXXXXXXXXXXXXXXXXXXXX0782B4
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {Snap-tite}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=Snap-tite, DC=snap-tite, DC=com
NotAfter : 8/2/2022 11:46:44 AM
NotBefore : 8/2/2007 11:38:14 AM
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 51EXXXXXXXXXXXXXXXXXXXX10CA
Services : None
Status : Valid
Subject : CN=Snap-tite, DC=snap-tite, DC=com
Thumbprint : 34882DXXXXXXXXXXXXXXXXXXXX10DCC
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {snapmail2.snap-tite.com}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=snapmail2.snap-tite.com, O="Snap-tite, Inc", DC=snap-ti
te, DC=com
NotAfter : 8/1/2008 5:20:22 PM
NotBefore : 8/2/2007 11:20:22 AM
PublicKeySize : 2048
RootCAType : Unknown
SerialNumber : FA37XXXXXXXXXXXXXXXXXXXXE736
Services : None
Status : Invalid
Subject : CN=snapmail2.snap-tite.com, O="Snap-tite, Inc", DC=snap-ti
te, DC=com
Thumbprint : DCBC3XXXXXXXXXXXXXXXXXXXX253136F
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail.snap-tite.com}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=mail.snap-tite.com
NotAfter : 7/30/2017 9:54:02 AM
NotBefore : 8/2/2007 9:54:02 AM
PublicKeySize : 1024
RootCAType : None
SerialNumber : 5CF1XXXXXXXXXXXXXXXXXXXX22C0
Services : None
Status : Valid
Subject : CN=mail.snap-tite.com
Thumbprint : 9D317XXXXXXXXXXXXXXXXXXXXE11032
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule, System.Securi
ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {snapmail2, snapmail2.snap-tite.com}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=snapmail2
NotAfter : 8/1/2008 2:25:52 PM
NotBefore : 8/1/2007 2:25:52 PM
PublicKeySize : 2048
RootCAType : Unknown
SerialNumber : 47EXXXXXXXXXXXXXXXXXXXXAEE3
Services : IMAP, POP, SMTP
Status : Invalid
Subject : CN=snapmail2
Thumbprint : 30E7FXXXXXXXXXXXXXXXXXXXX3D63D
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule, System.Securi
ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {snapmail2, snapmail2.snap-tite.com}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=snapmail2
NotAfter : 8/1/2008 2:18:11 PM
NotBefore : 8/1/2007 2:18:11 PM
PublicKeySize : 2048
RootCAType : Unknown
SerialNumber : 788BXXXXXXXXXXXXXXXXXXXX31B1B
Services : IMAP, POP, SMTP
Status : Invalid
Subject : CN=snapmail2
Thumbprint : 58682XXXXXXXXXXXXXXXXXXXXB918D
Free Windows Admin Tool Kit Click here and download it now
September 10th, 2010 10:02pm
3 of those certs that i posted earlier have status of Invalid and 1 has a status of DateInvalid
I would be interested in cleaning these out (deleting them) if I knew 100% it wouldnt cause anything else to break.
When I go back in the event log back in time, the original problem seemed to (to the best of my knowledge) stem back from a certificate expiring without them knowing about it until it was too late.
Here is the "filtered down" "edited by me" history of the event log that I compiled to show some of the errors we are getting:
Event Type: Error
Event Source: MSExchangeTransport
Event Category: TransportService
Event ID: 12016
Date: 9/3/2010
Time: 6:32:08 AM
User: N/A
Computer: SNAPMAIL2
Description:
There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of mail.snap-tite.com. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN
of mail.snap-tite.com should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
----
Event Type: Error
Event Source: MSExchangeTransport
Event Category: TransportService
Event ID: 12014
Date: 3/3/2009
Time: 12:13:05 PM
User: N/A
Computer: SNAPMAIL2
Description:
Microsoft Exchange couldn't find a certificate that contains the domain name mail.snap-tite.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Unix Server with a FQDN parameter of mail.snap-tite.com.
If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate
-Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
----
Event Type: Error
Event Source: MSExchangeTransport
Event Category: TransportService
Event ID: 12014
Date: 3/2/2009
Time: 12:33:33 AM
User: N/A
Computer: SNAPMAIL2
Description:
Microsoft Exchange couldn't find a certificate that contains the domain name mail.snap-tite.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Internet Mail SMTP Connector with a FQDN
parameter of mail.snap-tite.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate
exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
----
Event Type: Error
Event Source: MSExchangeFBPublish
Event Category: General
Event ID: 8207
Date: 3/2/2009
Time: 8:48:16 AM
User: N/A
Computer: SNAPMAIL2
Description:
Error updating public folder with free/busy information on virtual machine SNAPMAIL2. The error number is 0x8004010f.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
----
Event Type: Error
Event Source: MSExchangeIS
Event Category: General
Event ID: 9667
Date: 3/2/2009
Time: 11:01:10 AM
User: N/A
Computer: SNAPMAIL2
Description:
Failed to create a new named property for database "First Storage Group\Mailbox Database" because the number of named properties reached the quota limit (8192).
User attempting to create the named property: "NETWORK SERVICE"
Named property GUID: 00020386-0000-0000-c000-000000000046
Named property name/id: "x-adr-ij"
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 5b 44 49 41 47 5f 43 54 [DIAG_CT
0008: 58 5d 00 00 6e 00 00 00 X]..n...
0010: ff 5c 06 00 00 00 00 00 ÿ\......
0018: 00 02 60 00 00 00 3a 67 ..`...:g
0020: f0 1f 56 00 00 00 db 18 ð.V...Û.
0028: 40 10 0f 01 04 80 fd 79 @....?ýy
0030: 20 10 00 00 00 00 db 18 .....Û.
0038: 40 10 0f 01 04 80 bd 44 @....?½D
0040: 20 10 00 00 00 00 03 59 ......Y
0048: 20 10 00 00 00 00 03 59 ......Y
0050: 20 10 00 00 00 00 ad 59 .....Y
0058: 20 10 00 00 00 00 ed 4c .....íL
0060: 20 10 00 00 00 00 fd 45 .....ýE
0068: 20 10 00 00 00 00 cd 6a .....Íj
0070: 20 10 00 00 00 00 03 59 ......Y
0078: 20 10 00 00 00 00 .....
----
Event Type: Warning
Event Source: MSExchange ADAccess
Event Category: Configuration
Event ID: 2089
Date: 3/2/2009
Time: 12:53:06 PM
User: N/A
Computer: SNAPMAIL2
Description:
Process MAD.EXE (PID=2136). The configuration domain controller specified in the registry (snapmail.snap-tite.com) was not found in the Sites container in the Active Directory. Exchange Active Directory Provider will select the configuration domain controller
from the list of available domain controllers.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
----
Event Type: Information
Event Source: MSExchange ADAccess
Event Category: Topology
Event ID: 2080
Date: 3/3/2009
Time: 12:31:26 AM
User: N/A
Computer: SNAPMAIL2
Description:
Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1380). Exchange Active Directory Provider has discovered the following servers with the following characteristics:
(Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)
In-site:
snapdc02.snap-tite.com CDG 1 7 7 1 0 1 1 7 1
snapdc01.snap-tite.com CDG 1 7 7 1 0 1 1 7 1
Out-of-site:
ponn.snap-tite.com CDG 1 7 7 1 0 1 1 7 1
ireland.snap-tite.com CDG 1 7 7 1 0 1 1 7 1
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
----
Event Type: Information
Event Source: MSExchange ADAccess
Event Category: Topology
Event ID: 2081
Date: 3/3/2009
Time: 1:42:32 AM
User: N/A
Computer: SNAPMAIL2
Description:
Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1404). Exchange Active Directory Provider will use the servers from the following list:
Domain Controllers:
snapdc02.snap-tite.com
snapdc01.snap-tite.com
Global Catalogs:
snapdc02.snap-tite.com
snapdc01.snap-tite.com
The Configuration Domain Controller is set to snapdc01.snap-tite.com.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
----
Event Type: Warning
Event Source: MSExchangeTransport
Event Category: TransportService
Event ID: 12018
Date: 7/4/2009
Time: 11:13:39 PM
User: N/A
Computer: SNAPMAIL2
Description:
The STARTTLS certificate will expire soon: subject: mail.snap-tite.com, hours remaining: DBDCXXXXXXXXXXXXXXXXXXXXXXXX0782B4. Run the New-ExchangeCertificate cmdlet to create a new certificate.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
----
Event Type: Warning
Event Source: MSExchangeTransport
Event Category: TransportService
Event ID: 12017
Date: 7/6/2009
Time: 6:42:01 PM
User: N/A
Computer: SNAPMAIL2
Description:
An internal transport certificate will expire soon. Thumbprint:DBDCXXXXXXXXXXXXXXXXXXXXX0782B4, hours remaining: 613
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
----
Event Type: Warning
Event Source: MSExchangeTransport
Event Category: TransportService
Event ID: 12018
Date: 8/1/2009
Time: 7:40:36 AM
User: N/A
Computer: SNAPMAIL2
Description:
The STARTTLS certificate will expire soon: subject: mail.snap-tite.com, hours remaining: DBDCXXXXXXXXXXXXXXXXXXXXX0782B4. Run the New-ExchangeCertificate cmdlet to create a new certificate.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
--
Event Type: Error
Event Source: MSExchangeTransport
Event Category: TransportService
Event ID: 12016
Date: 8/1/2009
Time: 7:41:45 AM
User: N/A
Computer: SNAPMAIL2
Description:
There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of mail.snap-tite.com. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN
of mail.snap-tite.com should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
----
September 10th, 2010 10:50pm
Here is the output of test-outlookwebservices run on the exchange server... I see now where it might be an issue of not being able to find it like Simon mentioned
[PS] C:\Documents and Settings\ntadmin>test-outlookwebservices | format-list
Id : 1003
Type : Information
Message : About to test AutoDiscover with the e-mail address
ntadmin@snap-tite.
com.
Id : 1007
Type : Information
Message : Testing server snapmail2.snap-tite.com with the published name https:
//mail.snap-tite.com/ews/exchange.asmx & .
Id : 1019
Type : Information
Message : Found a valid AutoDiscover service connection point. The AutoDiscover
URL on this object is
https://mail.snap-tite.com/autodiscover/autodi
scover.xml.
Id : 1013
Type : Error
Message : When contacting
https://mail.snap-tite.com/autodiscover/autodiscover.
xml received the error The remote server returned an error: (401) Una
uthorized.
Id : 1006
Type : Error
Message : The Autodiscover service could not be contacted.
Free Windows Admin Tool Kit Click here and download it now
September 10th, 2010 10:57pm
Here is the warning I got when I tried to run enable-ExchangeCertificate - Thumbprint on the cert that had the DateInvalid status
[PS] C:\Documents and Settings\ntadmin>Enable-ExchangeCertificate -Thumbprint DB
DC25XXXXXXXXXXXXXXXXXXXXXXXXXXX782B4 -Services "IMAP, POP, SMTP"
WARNING: This certificate will not be used for external TLS connections with an
FQDN of 'snapmail2.snap-tite.com' because the CA-signed certificate with
thumbprint '306F9XXXXXXXXXXXXXXXXXXXXXXXXXXXE57D1' takes precedence. The
following connectors match that FQDN: Client SNAPMAIL2, Default SNAPMAIL2.
WARNING: This certificate will not be used for external TLS connections with an
FQDN of 'mail.snap-tite.com' because the CA-signed certificate with thumbprint
'E4523XXXXXXXXXXXXXXXXXXXXXXXXXXX0E95C' takes precedence. The following
connectors match that FQDN: Unix Server.
I think I've uncovered a can of worms... lol
September 10th, 2010 11:13pm
Simon, yes they are using a third-party certificate from godaddy for https OWA I believe:
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail.snap-tite.com,
www.mail.snap-tite.com}
HasPrivateKey : True
IsSelfSigned : False
Issuer : SERIALNUMBER=07564327, CN=Go Daddy Secure Certification Au
thority, OU=http://certificates.godaddy.com/repository, O=
"GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US
NotAfter : 5/7/2011 9:58:41 AM
NotBefore : 5/7/2009 9:58:41 AM
PublicKeySize : 1024
RootCAType : ThirdParty
SerialNumber : 6XXXXXX9
Services : IIS
Status : Valid
Subject : CN=mail.snap-tite.com, OU=Domain Control Validated, O=mail
.snap-tite.com
Thumbprint : E4523XXXXXXXXXXXXXXXXXXXX0E95C
Free Windows Admin Tool Kit Click here and download it now
September 10th, 2010 11:17pm
Novak,
Do you have any more good feedback in lieu of the additional data I was able to collect and post?
I am going to suggest to the client that we upgrade to Exchange 2007 SP3.
Is there an easy way for me to clear up the exchange certificates issues?
Thanks for your help!
September 14th, 2010 7:32pm