none
This organization's certificate has been revoked

    Question

  • We are running Windows Server 2008 with Exchange 2010 and a self signed certificate. For some reason we have one Windows XP sytem running IE8 and Outlook 2007 that will not function with Outloo Anywhere. When trying to get Outlook Anywhere working, we came to realize it won't connect because of the certificate. If we attempt to connect to OWA from this XP computer, we get the error 'This organization's certificate has been revoked'. From this error page you cannot even proceed to OWA. Outlook Anywhere works from any other computer, be it XP or Windows 7 after adding the cert. Likewise OWA works from any other computer. I've searched for possible resolutions, like turning off in IE8 advanced settings the check for revoked certs, running all updates including root cert updates, etc, and nothing has seemed to work. I also ran a reset of IE and even a reinstallation.

    Does anyone have any other suggestions on what I might try next other than upgrade this computer to W7. This computer ironically belongs to the CEO at his home.

    Thanks in advance.

    Max

    Tuesday, February 14, 2012 3:19 AM

Answers

  •  

    Hi Max,

    The issue might be caused by both incorrect configuration on the server side and the client side. So, in the server side, please check the authentication on the root path /Default Web Site, and make sure it is Anonymous.

    Besides, under SSL Settings of /RPC virtual directory in IIS manager, selected Ignore Client Certificates.

    Note that, you need to run IISreset if there is any change.

    Refer to:

    Default settings for Exchange-related virtual directories in Exchange Server 2010

    http://blogs.technet.com/b/exchange/archive/2010/09/23/3411146.aspx

    On the client side, please create a new Windows profile and test again. If the issue continues, you may:

    1. Installed Root CA certificate on client computer;
    2. Clear the "Check for server certificate revocation" checkbox in IE\Tool\Options.

    Hope it is helpful.


    Fiona Liao

    TechNet Community Support

    Wednesday, February 15, 2012 5:49 AM
    Moderator

All replies

  • Hi inMIND;

    Please try to check if URLScan has been listed as an ISAPI filter which would prevent Server headers and keep-alives from passing to the Windows XP client RPC Proxy connection and ultimately preventing NTLM Authentication.

    If yes, then please try to modify the RemoveServerHeader was set from 1 to 0 from URLScan.ini. After that, please run IISreset.

    Also we may try to temporally tick Basic Authentication from EMS and then force outlook use this authentication to logon.

    After that, please un-tick Basic Authentication from EMS and tick “Windows Integrated” authentication and then check the issue again.

    Regards.......

    Remember to vote help ............

    Tuesday, February 14, 2012 8:59 AM
  • Thanks for the response.

    The URLScan ISAPI filter is not listed. Plus, this is the only XP system outside (or inside) that has this problem. Everyone else works fine after installing the cert. Of course this system won't get past the 'revoke' screen, so the cert cannot be installed.

    Max

    Tuesday, February 14, 2012 7:34 PM
  •  

    Hi Max,

    The issue might be caused by both incorrect configuration on the server side and the client side. So, in the server side, please check the authentication on the root path /Default Web Site, and make sure it is Anonymous.

    Besides, under SSL Settings of /RPC virtual directory in IIS manager, selected Ignore Client Certificates.

    Note that, you need to run IISreset if there is any change.

    Refer to:

    Default settings for Exchange-related virtual directories in Exchange Server 2010

    http://blogs.technet.com/b/exchange/archive/2010/09/23/3411146.aspx

    On the client side, please create a new Windows profile and test again. If the issue continues, you may:

    1. Installed Root CA certificate on client computer;
    2. Clear the "Check for server certificate revocation" checkbox in IE\Tool\Options.

    Hope it is helpful.


    Fiona Liao

    TechNet Community Support

    Wednesday, February 15, 2012 5:49 AM
    Moderator