none
Can a SSL certificate validation name failure cause Exchange Active Sync not to work? RRS feed

  • General discussion

  • I'm pretty much a newbie to my organisation but it appears that Exchange 2007 ActiveSync has not worked since installation.  I ran some diagnostics which has led me to think that a certificate validation failure can prevent EAS from working.  Can anybody confirm for me please? 

    Our domain and website is hosted by a third party so I think that could be the issue.

    Test details below:

    ExRCA is testing Exchange ActiveSync.
     
    The Exchange ActiveSync test failed.

    Test Steps

    Attempting the Autodiscover and Exchange ActiveSync test (if requested).

    Testing of Autodiscover for Exchange ActiveSync failed.

    Test Steps

    Attempting each method of contacting the Autodiscover service.
     
    The Autodiscover service couldn't be contacted successfully by any method.


    Test Steps

    Attempting to test potential Autodiscover URL https://tayside-contracts.co.uk/AutoDiscover/AutoDiscover.xml
     
    Testing of this potential Autodiscover URL failed.

    Test Steps

    Attempting to resolve the host name tayside-contracts.co.uk in DNS.
     
    The host name resolved successfully.

    Additional Details
     
    IP addresses returned: 91.135.229.36

     
    Testing TCP port 443 on host tayside-contracts.co.uk to ensure it's listening and open.
     
    The port was opened successfully.


    Testing the SSL certificate to make sure it's valid.
     
    The SSL certificate failed one or more certificate validation checks.


    Test Steps

    ExRCA is attempting to obtain the SSL certificate from remote server tayside-contracts.co.uk on port 443.

    ExRCA successfully obtained the remote SSL certificate.

    Additional Details
     
    Remote Certificate Subject: E=info@parallels.com, CN=Parallels Panel, OU=Parallels Panel, O=Parallels, L=Herndon, S=Virginia, C=US, Issuer: E=info@parallels.com, CN=Parallels Panel, OU=Parallels Panel, O=Parallels, L=Herndon, S=Virginia, C=US.

     


    Validating the certificate name.
     
    Certificate name validation failed.

    Tell me more about this issue and how to resolve it

    Additional Details
     
    Host name tayside-contracts.co.uk doesn't match any name found on the server certificate E=info@parallels.com, CN=Parallels Panel, OU=Parallels Panel, O=Parallels, L=Herndon, S=Virginia, C=US.

     

     

     

    Attempting to test potential Autodiscover URL https://autodiscover.tayside-contracts.co.uk/AutoDiscover/AutoDiscover.xml
     
    Testing of this potential Autodiscover URL failed.

     

    Test Steps

    Attempting to resolve the host name autodiscover.tayside-contracts.co.uk in DNS.
     
    The host name resolved successfully.

    Additional Details
     
    IP addresses returned: 91.135.229.36

     

    Testing TCP port 443 on host autodiscover.tayside-contracts.co.uk to ensure it's listening and open.
     
    The port was opened successfully.

     

    Testing the SSL certificate to make sure it's valid.
     
    The SSL certificate failed one or more certificate validation checks.

    Test Steps

    ExRCA is attempting to obtain the SSL certificate from remote server autodiscover.tayside-contracts.co.uk on port 443.

    ExRCA successfully obtained the remote SSL certificate.

    Additional Details
     
    Remote Certificate Subject: E=info@parallels.com, CN=Parallels Panel, OU=Parallels Panel, O=Parallels, L=Herndon, S=Virginia, C=US, Issuer: E=info@parallels.com, CN=Parallels Panel, OU=Parallels Panel, O=Parallels, L=Herndon, S=Virginia, C=US.

     

    Validating the certificate name.
     
    Certificate name validation failed.
     
     Tell me more about this issue and how to resolve it

    Additional Details
     
    Host name autodiscover.tayside-contracts.co.uk doesn't match any name found on the server certificate E= info@parallels.com, CN=Parallels Panel, OU=Parallels Panel, O=Parallels, L=Herndon, S=Virginia, C=US.

     

     

     


    Attempting to contact the Autodiscover service using the HTTP redirect method.
     
    The attempt to contact Autodiscover using the HTTP Redirect method failed.

    Test Steps

    Attempting to resolve the host name autodiscover.tayside-contracts.co.uk in DNS.
     
    The host name resolved successfully.

    Additional Details
     
    IP addresses returned: 91.135.229.36

     


    Testing TCP port 80 on host autodiscover.tayside-contracts.co.uk to ensure it's listening and open.
     
    The port was opened successfully.

     

    ExRCA is checking the host autodiscover.tayside-contracts.co.uk for an HTTP redirect to the Autodiscover service.
     
    ExRCA failed to get an HTTP redirect response for Autodiscover.

    Additional Details
     
    A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown.

     

     


    Attempting to contact the Autodiscover service using the DNS SRV redirect method.
     
    ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.

    Test Steps

    Attempting to locate SRV record _autodiscover._tcp.tayside-contracts.co.uk in DNS.
     
    The Autodiscover SRV record wasn't found in DNS.
     
     Tell me more about this issue and how to resolve it

     

     

     

     

    Wednesday, May 8, 2013 8:42 AM

All replies

  • On Wed, 8 May 2013 08:42:40 +0000, daverkay wrote:
     
    >
    >
    >I'm pretty much a newbie to my organisation but it appears that Exchange 2007 ActiveSync has not worked since installation. I ran some diagnostics which has led me to think that a certificate validation failure can prevent EAS from working. Can anybody confirm for me please?
    >
    >Our domain and website is hosted by a third party so I think that could be the issue.
     
    Is the "A" record for autodiscover.tayside-contracts.co.uk
    (91.135.229.36) pointing to the right place? I'm guessing it isn't if
    the certificate name is from an entrely different domain:
     
    "Additional Details Remote Certificate Subject:
    E=info@parallels.com, CN=Parallels Panel, OU=Parallels Panel,
    O=Parallels, L=Herndon, S=Virginia, C=US, Issuer:
    E=info@parallels.com, CN=Parallels Panel, OU=Parallels Panel,
    O=Parallels, L=Herndon, S=Virginia, C=US."
     
     
    The "A" record should probably be the same IP as your OWA, and maybe
    your domain's MX (80.192.119.211).
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Thursday, May 9, 2013 1:18 AM