Hello.I applied Microsoft Updates from last Tuesday (10/13/09)over the weekend and now all internal Mac Entourage 2008 clients are getting a certificate error (ip address doesn't match the certificate). All Outlook, winmo, iphone, and external Entourage 2008 clients work fine. Users inside the business (either at the primary location or through VPN) get the error - and not right away, could work fine for 2 hours before seeing the certificate error. It is almost like the DNS server is slow to respond during the FQDN lookup by Entourage??? Any help is appreciated.

Hi Billz89,Thank you for posting in windows forumi would appreciate if you could let us know your CA structure and the configuration. What is the error users are experiencing and the event log information would be helpful.sainath !analyze

The SBS2k3 server has certificate services installed and wehave a self-signed cert.There are no event log errors.

Something I forgot to mention:I've tried clearing the keychain out on the Mac's and re-installing the P7B certificate. When that didn't work I went into terminal on the mac's o be sure I could actually ping my FQDN and get a response. It worked fine, however during the day the response was slower than during night. To rule out DNS reponse time I edited the local host file on one of the mac's so that the local ip of the FQDN was in it. I also flushed the dns cache on the mac and restarted it.Once the mac was restarted, I opened Entourage 2008 and it accessed all the folders/sync'd properly, no certificate error message. I manually started a send/receive process and still no error. E-mails were arriving into the inbox just fine.It wasn't until about 11:30 CST this morning that the user got another certificate error message on their Mac. I would think if this was a Mac issue that the error message would happen every time their was a sync. But since it isn't happening that way, and since this started after the server updates, I believe that something at the server is not properly responding. If the certificate was truly wrong, then Entourage would do this always, especially when it was first launched and tried to connect to the Exchange server, right? That has been my past experience with certificates.Thanks again for the help.Bill

Hi Thanks for the detailed description If the certificate is encrypted/ private key then i would have suggested the below command for vista clients because importing a certificate from GUI doesnt import private key.certreq -accept Certificate.p7bBut you are trying to install this certificate on a MAC client so my expertise on mac is limited. I would suggest you to check the following-- check if the certificate chain is properly installed -- Please verify the same under the keychain-- Check the state of newly installed certificate under "Apple trusted Root Certificate Authorities" and verfiy for the certificate validity.-- Follow the below link which might be useful http://support.microsoft.com/kb/887413Your issue falls under 2 distinctions a) SBS server and b) Entourage There is a dedicated forum for handling SBS related queries, i would encourage you to post your query in SBS forum where engineers might have dealt with the similar issue. Discussions in Windows Small Business Server Generalhttp://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.windows.server.sbs SBS08 Public Newsgroupshttps://connect.microsoft.com/cougar/content/content.aspx?ContentID=8333 sainath !analyze

As I said earlier, the problem didn't start until *after* the server updates. No mac updates were installed, well, one system had an imovie update, but other than that nothing. The week before all Mac's worked perfectly. And as I said, remote Mac's don't get the error, and they use the same SSL connectivity and certificates. The only difference is the remote mac's use their ISP DNS servers and obviously access the server via the public IP.I'll check out the other forum you mentioned. Thanks.

I tried posting the problem in the SBS General news group, but so far no response. Also, the error has not cropped up at all today, and we're about 6 hours into the business day.I did notice that OWA seems slow to respond. I type in https://owa.yourdomainnamehere.com/exchange and press enter then wait about 10 - 15 seconds before I see the logon screen. Could be the internet, but I'm leaning toward a process on the server getting bogged down. My guess would be IIS. What can I do to improve the performance of IIS?As a side note,Igot a Dell PE R710 a month ago that I'm adding 12 gig of ram to and 6 2 TB drives to with SBS 2k8 Premium, so I think that will help *substantially*. But I have yet to finish the build and test it.