Sir, I have a problem to migrate POP3 linux server to Exchagne 2007 Server, standalone outlook client can access POP3 properly. But if I use the Microsoft Transport Suite to transfer email, it shows error: ============================================= Summary: 1 item(s). 1 succeeded, 0 failed. Elapsed time: 00:00:21 poperic@domain1.net Completed Warning: SSL certificate error(s) were found and ignored. Error source: E=postmaster@example.com, CN=imap.example.com, OU=IMAP server Subject distinguished name: E=postmaster@example.com, CN=imap.example.com, OU=IMAP server Serial number: 008B94443D0E82F82F Effective from: 5/15/2006 1:57:29 AM Expires on: 5/15/2007 1:57:29 AM Certificate issuer: E=postmaster@example.com, CN=imap.example.com, OU=IMAP server A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Exchange Management Shell command completed: 'Microsoft.Exchange.Transporter.Provider.PopImap.InternetMailboxMeta' | Move-POPMailboxToExchange -AllowUnsecureConnection $true -TargetClientAccessServer 'exch2007.domain1.net' -MaxThreadCount '0' -GlobalCatalog 'exch2007.domain1.net' -Quiet Elapsed Time: 00:00:21 I have tried to post for Exchange support, their support mentions that it should be secuirty issue. I haven't found any Event 4107 error in the system of Microsoft Transporter server. Any suggestion? Regards, Joe ============================================================ All Replies 13 minutes agoJames-Luo<abbr class="affil">Microsoft</abbr><abbr class="affil">, Moderator</abbr> 0 Vote As Helpful Error: “A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider” The error appears if CA certificate was not in the LocalMachine "Trusted Root Certification Authorities" Error: “A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file” Event ID 4107 or Event ID 11 is logged in the Application log in Windows and in Windows Server Please also check the related error event when the issue appears for more details Notes: According to the error information, the issue is more related to certificate configuration on the machine, please use the “Security” forum on the platform where you can get more certificate related advice about these errors James Luo TechNet Subscriber Support in forum ============================================================

Hi, According to the output of the command, it seems that: 1. The certificate is expired. Effective from: 5/15/2006 1:57:29 AM Expires on: 5/15/2007 1:57:29 AM A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. 2. The root CA certificate is not trusted. Certificate issuer: E=postmaster@example.com, CN=imap.example.com, OU=IMAP server A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. Please ensure that the root CA certificate has been imported into the Trusted Root Certification Authorities store. This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Dear Joson, The exchange server is using Private CA and install SSL to server, so the date of server certificate is in Year 2012, I have also checked all certificate in Exchange 2007 server are in valid date and time. As the Exchagne 2007 server are installed with CA authoritoies component, so it should be a trusted root certificate authorites. I have installed component to server: Computer name: Windows 2008 R2 + Exchagne 2007 with SP3 Domain: Single domain and Single AD. Component installed: CA certificate authority, Exchagne 2007 and Microsoft Transporter suite. Now it is planning to perform POP3 migration to Exchange 2007 server, but it shows such message of it. Do you think it is caused by Exchange AD or Qmail Server? Any information I can collect for your evaluation? Joe

Hi, Is the certificate that you mentioned the same as the one mentioned in the command? Please confirm it with the serial number, 008B94443D0E82F82F. Meanwhile, please run certutil -verify -urlfetch against the certificate file on the computer and share the result output here. Thanks.This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

On Fri, 15 Apr 2011 06:29:41 +0000, Joe Tam wrote: Dear Joson, ???? The exchange server is using Private CA and install SSL to server, so the date of server certificate is in Year 2012, I have also checked all certificate in Exchange 2007 server are in valid date and time. ???? As the Exchagne 2007 server are installed with CA authoritoies component, so it should be a trusted root certificate authorites. I have installed component to server: Computer name: Windows 2008 R2 + Exchagne 2007 with SP3 Domain: Single domain and Single AD. Component installed: CA certificate authority, Exchagne 2007 and Microsoft Transporter suite. ??? Now it is planning to perform POP3 migration to Exchange 2007 server, but it shows such message of it. Do you think it is caused by Exchange AD or Qmail Server? Any information I can collect for your evaluation? So first of all, you're getting a warning and not an error and even with the warning the operation in question was a success so I'm really having a hard time figuring out exactly what the problem here is. Secondly, you're not looking at the correct certificate. From your original post, notice this line: *Certificate issuer: E=postmaster@example.com <mailto:E=postmaster@example.com>, CN=imap.example.com, OU=IMAP server * I can assure you that certificate was not issued by a Microsoft Certification authority, if it were, it would have the DNS name of the CA listed as the issuer. BTW - the certificate in question is most definitely expired and has been expired for nearly 4 years now. As I said, according to the message you posted, the mailbox was moved correctly so I fail to see what the issue is, in addition, this is definitely not an issue for this forum as the certificate warning has nothing at all to do with a certificate issued by a Microsoft CA. Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca Chip: Any number of small crunchy objects often served with onion dip.