locked
exchange 2003 owa and activesync is now not working...urgent help! RRS feed

  • Question

  • the exch 2003 server had a certificate which has company.com and www.company.com for dns names.

    i bought a godaddy UC cert for an exch 2010 server that we are implementing.  In order to include company.com and www.company.com with the new UC cert, I had to remove the cert on exch 2003 server and revoke the cert in cert manager on godaddy.  I also included autodiscover.company.com and mail.company.com on this new UC cert.

    Exch 2010 owa and activesync is workign fien with the new cert.

    But after importing the new cert to exch 2003, activesync and owa on it doesn't work anymore.  Browsing to https://company.com/exchange gets me a "page cannot be displayed".  It's probably something specific I have to set or reset in IIS on exch 2003 but I don't know where!

    testexchangeconnectivity.com gives me this:

     


    ExRCA is testing Exchange ActiveSync.

     

    The Exchange ActiveSync test failed.


    Test Steps


    Attempting to resolve the host name company.com in DNS.

     

    The host name resolved successfully.


    Additional Details


    IP addresses returned: x.x.x.x


    Testing TCP port 443 on host company.com to ensure it's listening and open.


    The port was opened successfully.


    Testing the SSL certificate to make sure it's valid.

    The SSL certificate failed one or more certificate validation checks.

    Test Steps


    ExRCA is attempting to obtain the SSL certificate from remote server company.com on port 443.


    ExRCA wasn't able to obtain the remote SSL certificate.

    Additional Details

    The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.

     

    I need to get this up and runnign as all users are still on it (only I am on exch 2010 so far).


    • Edited by ccslai Saturday, April 14, 2012 8:47 PM
    Saturday, April 14, 2012 8:38 PM

Answers

  • Since ExRCA can't get the certificate, I would surmise that it is not installed properly.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    • Marked as answer by ccslai Sunday, April 15, 2012 1:17 AM
    Saturday, April 14, 2012 11:17 PM

All replies

  • Since ExRCA can't get the certificate, I would surmise that it is not installed properly.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    • Marked as answer by ccslai Sunday, April 15, 2012 1:17 AM
    Saturday, April 14, 2012 11:17 PM
  • For some reason, when I import the cert to exch 2003 that I downloaded from godaddy, it just doesn't want to work.

    So I thought, why not export the cert from exch 2010 and import it to 2003?  I did that and OWA worked but AS didn't.

    For AS, I followed these:

    http://alanhardisty.wordpress.com/2010/02/28/exchange-2003-and-activesync-configuration-and-troubleshooting/

    http://support.microsoft.com/kb/817379

    http://support.microsoft.com/kb/927465

    Even though I did follow kb 927465, I'm still getting the following:

    ExRCA is analyzing intermediate certificates that were sent down by the remote server.

    One or more intermediate certificates were missing or invalid.

    Additional Details


    There's a missing intermediate certificate in the certificate chain. Subject = SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US. For more information, see Knowledge Base Article 927465.

    Not sure what the deal is?  AS is working but I am getting that error. Tnx for the tip.


    • Edited by ccslai Sunday, April 15, 2012 1:20 AM
    Sunday, April 15, 2012 1:17 AM
  • On Sun, 15 Apr 2012 01:17:37 +0000, ccslai wrote:
     
    >
    >
    >For some reason, when I import the cert to exch 2003 that I downloaded from godaddy, it just doesn't want to work.
    >
    >So I thought, why not export the cert from exch 2010 and import it to 2003? I did that and OWA worked but AS didn't.
    >
    >For AS, I followed these:
    >
    >http://alanhardisty.wordpress.com/2010/02/28/exchange-2003-and-activesync-configuration-and-troubleshooting/
    >
    >http://support.microsoft.com/kb/817379
    >
    >http://support.microsoft.com/kb/927465
    >
    >Even though I did follow kb 927465, I'm still getting the following:
    >
    >ExRCA is analyzing intermediate certificates that were sent down by the remote server.
    >
    >One or more intermediate certificates were missing or invalid.
    >
    >Additional Details
    >
    >There's a missing intermediate certificate in the certificate chain. Subject = SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US. For more information, see Knowledge Base Article 927465.
    >
    >Not sure what the deal is? AS is working but I am getting that error. Tnx for the tip.
     
    Install the new certificate chain from GoDaddy on the 2003 server. Was
    the 2003 certificate a 1024 or 2048-bit cert? You probably have the
    intermediate certs for the 1024-bit certificates installed.
     
    See if this page explains the details of the problem:
    http://www.digicert.com/help/
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Sunday, April 15, 2012 2:13 AM
  • Go Daddy has a post on its website with the procedure for installing their certificates.  As Rich mentioned, you will need to install their intermediate certificates before importing the certificate from Go Daddy.  That may mean that you will have to delete the certificate, create a new request, import the intermediate certificates, then complete the certificate request.  Go Daddy should reissue the certificate from a new certificate request at no charge.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Monday, April 16, 2012 4:54 AM
  • Are you referring to "re-keying"?

    So I can create a CSR in IIS6 and then rekey on godaddy's?  And then download it again and complete the pending request?

    What's going to happen to the certificate that's already imported and working on exch 2010/iis7?  Wouldn't that cert get revoked or invalidated since I re-key?

    Monday, April 16, 2012 12:18 PM
  • You remove that certificate after you replace it.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Monday, April 16, 2012 2:47 PM