locked
Event ID: 9323 OAL Generator - Invalid or Expired Email Certificates RRS feed

  • Question

  • Hello,

    I get these warnings on my Active Node SCC - Exchange 2007 SP2.

    Event Type: Warning
    Event Source: MSExchangeSA
    Event Category: OAL Generator
    Event ID: 9323
    Date:  8/16/2011
    Time:  6:10:13 PM
    User:  N/A
    Computer: SCC-1
    Description:
    Entry 'Smith Hang' has invalid or expired e-mail certificates.  These certificates will not be included in the offline address list for '\Global Address List'.  
    - OAB1 Offline Address Book

    There are loads of users which have expired certificate, I cannot manualy visit each user in AD and remove the expired certificates.  There must be a way to remove automatically or some regedit!!!!  I am also looking to remove expired certificates from my CA Admin Console to see if this will fix this issue too.

    Advise is appreciated.

    Thanks!!!

    Wednesday, August 17, 2011 2:41 PM

Answers

  • On Wed, 17 Aug 2011 14:41:57 +0000, WildPacket wrote:
     
    >I get these warnings on my Active Node SCC - Exchange 2007 SP2.
    >
    >Event Type: Warning Event Source: MSExchangeSA Event Category: OAL Generator Event ID: 9323 Date: 8/16/2011 Time: 6:10:13 PM User: N/A Computer: SCC-1 Description: Entry 'Smith Hang' has invalid or expired e-mail certificates. These certificates will not be included in the offline address list for '\Global Address List'. - OAB1 Offline Address Book
    >
    >There are loads of users which have expired certificate, I cannot manualy visit each user in AD and remove the expired certificates. There must be a way to remove automatically or some regedit!!!! I am also looking to remove expired certificates from my CA Admin Console to see if this will fix this issue too.
    >
    >Advise is appreciated.
     
    Either remove them or ignore the events.
     
    This might be a place to start if you want to try your hand ad
    scripting a way to deal with them (or searching further to se of
    some's already written something):
    http://blogs.technet.com/b/exchange/archive/2005/07/25/408188.aspx
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    • Proposed as answer by Terence Yu Thursday, August 18, 2011 7:32 AM
    • Marked as answer by Terence Yu Thursday, August 25, 2011 5:56 AM
    Thursday, August 18, 2011 1:40 AM

All replies

  • What did you use to put those certificates in originally?

    You can write a script that clears that certificate property in AD for all users, but I don't have a sample, sorry.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Thursday, August 18, 2011 1:19 AM
  • On Wed, 17 Aug 2011 14:41:57 +0000, WildPacket wrote:
     
    >I get these warnings on my Active Node SCC - Exchange 2007 SP2.
    >
    >Event Type: Warning Event Source: MSExchangeSA Event Category: OAL Generator Event ID: 9323 Date: 8/16/2011 Time: 6:10:13 PM User: N/A Computer: SCC-1 Description: Entry 'Smith Hang' has invalid or expired e-mail certificates. These certificates will not be included in the offline address list for '\Global Address List'. - OAB1 Offline Address Book
    >
    >There are loads of users which have expired certificate, I cannot manualy visit each user in AD and remove the expired certificates. There must be a way to remove automatically or some regedit!!!! I am also looking to remove expired certificates from my CA Admin Console to see if this will fix this issue too.
    >
    >Advise is appreciated.
     
    Either remove them or ignore the events.
     
    This might be a place to start if you want to try your hand ad
    scripting a way to deal with them (or searching further to se of
    some's already written something):
    http://blogs.technet.com/b/exchange/archive/2005/07/25/408188.aspx
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    • Proposed as answer by Terence Yu Thursday, August 18, 2011 7:32 AM
    • Marked as answer by Terence Yu Thursday, August 25, 2011 5:56 AM
    Thursday, August 18, 2011 1:40 AM
  • Rich,

    What if the user in question is Domain/Ent. Admin and certificate do required for various reasons "ex. Client Authentication, Secure Email, Encrypting File system, etc"?

    Please advise. Thanks

    Monday, February 20, 2012 5:00 PM