none
MSExchange Unified Messaging - Fehler 1423 - TLS-API-Fehler RRS feed

  • Frage

  • Hallo

    (Exchange 2010 SP2 RU5v2)

    mit der UM Rolle (Anrufbeantworter) habe ich gelegentlich Diverses getestet, jetzt nach ca. 6 Wochen möchte ich die UM Rolle wieder aktivieren, der Anrufbeantworter eines Benutzer nimmt auch ein Gespräch an, jedoch erhält der Benutzer eine EMail mit der Voicemail.

    Die Voicemail beim im Ordner c:\prog\exch\v14\unfiedmessaging\voicemail .... hängen

    Das Ereignisprotokoll sagt:

    Protokollname: Application
    Quelle:        MSExchange Unified Messaging
    Datum:         30.12.2012 13:30:47
    Ereignis-ID:   1423
    Aufgabenkategorie:(2)
    Ebene:         Fehler
    Schlüsselwörter:Klassisch
    Benutzer:      Nicht zutreffend
    Computer:      mail.meinedomain.tls
    Beschreibung:
    The Unified Messaging server encountered an error while trying to process the message with header file "C:\Program Files\Microsoft\Exchange Server\V14\UnifiedMessaging\voicemail\c26076c3-6920-438a-be24-2973121805f0.txt". Error details: "Microsoft.Exchange.Net.ExSmtpClient.TlsApiFailureException: TLS-API-Fehler: 0x80090301

    was könnte denn der Fehler sein??

    (es wurde eigentlich nichts geändert, RU5v2 wurde installiert und auch Win Updates aber sonst nichts ; auch das "gekaufte" Zertifikat ist gültig !!)

    unter Server-Konfig / HUB-Transport / Empf.Connector / Default MAIL ... hier steht auch alles unverändert ; FQDN steht richtig ; Authentifizierung ist auch "Exchange-Server-Authentifizierung" aktiv

    Danke

    mfg

    Mario

    Sonntag, 30. Dezember 2012 13:07

Antworten

Alle Antworten

  • Hallo Mario,

    poste bitte mal die Konfiguration Deiner Empfangskonnektoren und Deine Zertifikate:

    Get-Receiveconnector | FL
    Get-ExchangeCertificate | FL

    Hast Du evtl. mal Deine Root Zertifikate aktualisiert? Falls ja, schau mal hier: http://social.technet.microsoft.com/Forums/zh/exchange2010/thread/c76f51fc-3d4f-48a9-b79d-2a472f8d8cd7

    Viele Grüße
    Timo

    Sonntag, 30. Dezember 2012 16:45
    Moderator
  • Hallo Timo,

    >Get-Receiveconnector | FL

     

    RunspaceId                              : 9783ec79-26a4-46a0-9713-f1f99b81c2a3
    AuthMechanism                           : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
    Banner                                  :
    BinaryMimeEnabled                       : True
    Bindings                                : {[::]:25, 0.0.0.0:25}
    ChunkingEnabled                         : True
    DefaultDomain                           :
    DeliveryStatusNotificationEnabled       : True
    EightBitMimeEnabled                     : True
    BareLinefeedRejectionEnabled            : False
    DomainSecureEnabled                     : False
    EnhancedStatusCodesEnabled              : True
    LongAddressesEnabled                    : False
    OrarEnabled                             : False
    SuppressXAnonymousTls                   : False
    AdvertiseClientSettings                 : False
    Fqdn                                    : mail.meinedomain.de
    Comment                                 :
    Enabled                                 : True
    ConnectionTimeout                       : 00:10:00
    ConnectionInactivityTimeout             : 00:05:00
    MessageRateLimit                        : unlimited
    MessageRateSource                       : IPAddress
    MaxInboundConnection                    : 5000
    MaxInboundConnectionPerSource           : unlimited
    MaxInboundConnectionPercentagePerSource : 100
    MaxHeaderSize                           : 64 KB (65,536 bytes)
    MaxHopCount                             : 30
    MaxLocalHopCount                        : 8
    MaxLogonFailures                        : 3
    MaxMessageSize                          : 20 MB (20,971,520 bytes)
    MaxProtocolErrors                       : 5
    MaxRecipientsPerMessage                 : 5000
    PermissionGroups                        : ExchangeUsers, ExchangeServers, ExchangeLegacyServers
    PipeliningEnabled                       : True
    ProtocolLoggingLevel                    : None
    RemoteIPRanges                          : {10.10.10.1-10.10.10.254, ::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff}
    RequireEHLODomain                       : False
    RequireTLS                              : False
    EnableAuthGSSAPI                        : False
    ExtendedProtectionPolicy                : None
    LiveCredentialEnabled                   : False
    TlsDomainCapabilities                   : {}
    Server                                  : MAIL
    SizeEnabled                             : EnabledWithoutValue
    TarpitInterval                          : 00:00:05
    MaxAcknowledgementDelay                 : 00:00:30
    AdminDisplayName                        :
    ExchangeVersion                         : 0.1 (8.0.535.0)
    Name                                    : Default MAIL
    DistinguishedName                       : CN=Default MAIL,CN=SMTP Receive
                                              Connectors,CN=Protocols,CN=MAIL,CN=Servers,CN=Exchange Administrative Group
                                              (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First
                                              Organization,CN=Microsoft
                                              Exchange,CN=Services,CN=Configuration,DC=meinedomain,DC=de
    Identity                                : MAIL\Default MAIL
    Guid                                    : 71ea1d30-be6a-4b6c-97ba-4d46dfe7150b
    ObjectCategory                          : meinedomain.de/Configuration/Schema/ms-Exch-Smtp-Receive-Connector
    ObjectClass                             : {top, msExchSmtpReceiveConnector}
    WhenChanged                             : 03.08.2010 11:42:07
    WhenCreated                             : 21.01.2010 10:35:44
    WhenChangedUTC                          : 03.08.2010 09:42:07
    WhenCreatedUTC                          : 21.01.2010 09:35:44
    OrganizationId                          :
    OriginatingServer                       : Server.meinedomain.de
    IsValid                                 : True
    ObjectState                             : Unchanged

    RunspaceId                              : 9783ec79-26a4-46a0-9713-f1f99b81c2a3
    AuthMechanism                           : Tls, Integrated, BasicAuth, BasicAuthRequireTLS
    Banner                                  :
    BinaryMimeEnabled                       : True
    Bindings                                : {[::]:587, 0.0.0.0:587}
    ChunkingEnabled                         : True
    DefaultDomain                           :
    DeliveryStatusNotificationEnabled       : True
    EightBitMimeEnabled                     : True
    BareLinefeedRejectionEnabled            : False
    DomainSecureEnabled                     : False
    EnhancedStatusCodesEnabled              : True
    LongAddressesEnabled                    : False
    OrarEnabled                             : False
    SuppressXAnonymousTls                   : False
    AdvertiseClientSettings                 : False
    Fqdn                                    : mail.meinedomain.de
    Comment                                 :
    Enabled                                 : True
    ConnectionTimeout                       : 00:10:00
    ConnectionInactivityTimeout             : 00:05:00
    MessageRateLimit                        : 5
    MessageRateSource                       : User
    MaxInboundConnection                    : 5000
    MaxInboundConnectionPerSource           : 20
    MaxInboundConnectionPercentagePerSource : 2
    MaxHeaderSize                           : 64 KB (65,536 bytes)
    MaxHopCount                             : 30
    MaxLocalHopCount                        : 8
    MaxLogonFailures                        : 3
    MaxMessageSize                          : 20 MB (20,971,520 bytes)
    MaxProtocolErrors                       : 5
    MaxRecipientsPerMessage                 : 200
    PermissionGroups                        : ExchangeUsers
    PipeliningEnabled                       : True
    ProtocolLoggingLevel                    : None
    RemoteIPRanges                          : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
    RequireEHLODomain                       : False
    RequireTLS                              : False
    EnableAuthGSSAPI                        : True
    ExtendedProtectionPolicy                : None
    LiveCredentialEnabled                   : False
    TlsDomainCapabilities                   : {}
    Server                                  : MAIL
    SizeEnabled                             : Enabled
    TarpitInterval                          : 00:00:05
    MaxAcknowledgementDelay                 : 00:00:30
    AdminDisplayName                        :
    ExchangeVersion                         : 0.1 (8.0.535.0)
    Name                                    : Client MAIL
    DistinguishedName                       : CN=Client MAIL,CN=SMTP Receive
                                              Connectors,CN=Protocols,CN=MAIL,CN=Servers,CN=Exchange Administrative Group
                                              (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First
                                              Organization,CN=Microsoft
                                              Exchange,CN=Services,CN=Configuration,DC=meinedomain,DC=de
    Identity                                : MAIL\Client MAIL
    Guid                                    : 4779e3e4-0580-4a28-94e2-23bbbb8d091c
    ObjectCategory                          : meinedomain.de/Configuration/Schema/ms-Exch-Smtp-Receive-Connector
    ObjectClass                             : {top, msExchSmtpReceiveConnector}
    WhenChanged                             : 03.08.2010 11:42:22
    WhenCreated                             : 21.01.2010 10:35:44
    WhenChangedUTC                          : 03.08.2010 09:42:22
    WhenCreatedUTC                          : 21.01.2010 09:35:44
    OrganizationId                          :
    OriginatingServer                       : Server.meinedomain.de
    IsValid                                 : True
    ObjectState                             : Unchanged

    RunspaceId                              : 9783ec79-26a4-46a0-9713-f1f99b81c2a3
    AuthMechanism                           : None
    Banner                                  :
    BinaryMimeEnabled                       : True
    Bindings                                : {0.0.0.0:25}
    ChunkingEnabled                         : True
    DefaultDomain                           :
    DeliveryStatusNotificationEnabled       : True
    EightBitMimeEnabled                     : True
    BareLinefeedRejectionEnabled            : False
    DomainSecureEnabled                     : False
    EnhancedStatusCodesEnabled              : True
    LongAddressesEnabled                    : False
    OrarEnabled                             : False
    SuppressXAnonymousTls                   : False
    AdvertiseClientSettings                 : False
    Fqdn                                    : mail.meinedomain.de
    Comment                                 :
    Enabled                                 : True
    ConnectionTimeout                       : 00:10:00
    ConnectionInactivityTimeout             : 00:05:00
    MessageRateLimit                        : unlimited
    MessageRateSource                       : IPAddress
    MaxInboundConnection                    : 5000
    MaxInboundConnectionPerSource           : 20
    MaxInboundConnectionPercentagePerSource : 2
    MaxHeaderSize                           : 64 KB (65,536 bytes)
    MaxHopCount                             : 30
    MaxLocalHopCount                        : 8
    MaxLogonFailures                        : 3
    MaxMessageSize                          : 20 MB (20,971,520 bytes)
    MaxProtocolErrors                       : 5
    MaxRecipientsPerMessage                 : 200
    PermissionGroups                        : AnonymousUsers
    PipeliningEnabled                       : True
    ProtocolLoggingLevel                    : None
    RemoteIPRanges                          : {10.10.10.56-10.10.10.56}
    RequireEHLODomain                       : False
    RequireTLS                              : False
    EnableAuthGSSAPI                        : False
    ExtendedProtectionPolicy                : None
    LiveCredentialEnabled                   : False
    TlsDomainCapabilities                   : {}
    Server                                  : MAIL
    SizeEnabled                             : Enabled
    TarpitInterval                          : 00:00:05
    MaxAcknowledgementDelay                 : 00:00:30
    AdminDisplayName                        :
    ExchangeVersion                         : 0.1 (8.0.535.0)
    Name                                    : InternetGFI
    DistinguishedName                       : CN=InternetGFI,CN=SMTP Receive
                                              Connectors,CN=Protocols,CN=MAIL,CN=Servers,CN=Exchange Administrative Group
                                              (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First
                                              Organization,CN=Microsoft
                                              Exchange,CN=Services,CN=Configuration,DC=meinedomain,DC=de
    Identity                                : MAIL\InternetGFI
    Guid                                    : 3da7559e-486d-495a-bea7-8f3237dbc313
    ObjectCategory                          : meinedomain.de/Configuration/Schema/ms-Exch-Smtp-Receive-Connector
    ObjectClass                             : {top, msExchSmtpReceiveConnector}
    WhenChanged                             : 03.08.2010 11:42:31
    WhenCreated                             : 21.01.2010 14:37:25
    WhenChangedUTC                          : 03.08.2010 09:42:31
    WhenCreatedUTC                          : 21.01.2010 13:37:25
    OrganizationId                          :
    OriginatingServer                       : Server.meinedomain.de
    IsValid                                 : True
    ObjectState                             : Unchanged

    >Get-ExchangeCertificate | FL

     AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule,
                         System.Security.AccessControl.CryptoKeyAccessRule,
                         System.Security.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {mail.meinedomain.de}
    HasPrivateKey      : True
    IsSelfSigned       : False
    Issuer             : CN=Thawte DV SSL CA, OU=Domain Validated SSL, O="Thawte, Inc.", C=US
    NotAfter           : 24.06.2015 01:59:59
    NotBefore          : 25.05.2011 02:00:00
    PublicKeySize      : 2048
    RootCAType         : ThirdParty
    SerialNumber       : 2E3EFDF815EF59D9F566FB2303AE3DD0
    Services           : IMAP, POP, UM, IIS, SMTP
    Status             : Valid
    Subject            : CN=mail.meinedomain.de, OU=Domain Validated, OU=Thawte SSL123 certificate, OU=Go to
                         https://www.thawte.com/repository/index.html, O=mail.meinedomain.de
    Thumbprint         : 721F52E7E50408E10939E11A52285B00A6DC0992

    AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule,
                         System.Security.AccessControl.CryptoKeyAccessRule,
                         System.Security.AccessControl.CryptoKeyAccessRule,
                         System.Security.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {mail, mail.meinedomain.de}
    HasPrivateKey      : True
    IsSelfSigned       : True
    Issuer             : CN=mail
    NotAfter           : 03.08.2015 09:18:47
    NotBefore          : 03.08.2010 09:18:47
    PublicKeySize      : 2048
    RootCAType         : Registry
    SerialNumber       : 2306F8BB6E4B569E495137EC18CF2D1E
    Services           : IMAP, POP, SMTP
    Status             : Valid
    Subject            : CN=mail
    Thumbprint         : 95353FD035BC935A27F5C8F7033D97C5E94C2551

     

     

     

    Ich habe ein Zertifikat von http://www.psw.net/ (über Thawte) "Limitbreaker" ; das Zert. besteht aus Zertifikat + Zwischen-Zert. Thawte DV SSL CA + Zwischen-Zert. Thawte Primary Root CA.

    Am Zert. und Zwischen-Zert. habe ich nichts geändert!

    Danke

    Gruß Mario

    Montag, 31. Dezember 2012 11:34
  • ich habe noch ein bisschen im Netz gesucht und folg. gefunden

    https://blog.blackseals.net/2012/12/19/liste-der-vertrauenswuerdigen-stamm-zertifizierungsstellen-ist-zu-lang/

    ich habe den Reg. Schlüssel SendTrustedIssuerList erstellt und sofort sind alle Voicemails in den Postfächern geladet :-)

    Gruss Mario

    • Als Antwort markiert Hoesel, Mario Mittwoch, 2. Januar 2013 16:26
    Mittwoch, 2. Januar 2013 16:26