locked
Exchange management console error RRS feed

  • Question

  • I installed a certificate from Godaddy into iis7 successfully, I than attempted to import it into Exchange 2010 with an error(which I didn't write down), after the error the initial certificate disappeared so I closed the Exchange Management Console and attempted to reopen it. The Following error occured:

    the attempt to connect to (removed for security/powershell) using the kerberos authentication failed: connecting to the remote server failed with the following error message :

     the client cannot connect to the destination specified in the request. verify that the service on the destination is running and is accepting the request. consulting the logs and documentation for ws-management service running on the destination, most commonly iis or winrm. iuf the destination is winrm service, running the following command  etc...

    Just as a side note, during the troubleshooting process I removed the certificate from IIS instead of exporting it.

    I am receiving the following error quite often in the event viewer on EX2010.

    Source:  MSExchangeTransport

    Category:  TransportService

    Event ID:  12014

    Microsoft Exchange couldn't find a certificate that contains the domain name mail.mydomain.net in the personal store on the local computer. Therefore, it is unable to offer the STARTTLS SMTP verb for any connector with a FQDN parameter of mail.fcc-inc.net. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for every connector FQDN

     

     

    Tuesday, December 7, 2010 7:03 PM

Answers

  • Thanks for the Info.

    What fixed it was :

    Go to IIS

    default Website - right-click  - edit bindings

    under bindings there were two - https port 443 ip address *

    I removed one of these and edited the existing one and set SSL certificate to Microsoft Exchange.

    restarted IIS and started the default website.

     

     

     

     

    • Marked as answer by Novak Wu Friday, December 17, 2010 2:54 AM
    Wednesday, December 8, 2010 12:56 AM

All replies

  • Your mistake was doing things with the SSL certificate through IIS.
    You should do SSL tasks through Exchange Management Console. Furthermore if you purchased a standard SSL certificate, rather than a Unified Communications (aka SAN or multiple name) certificate then you are going to continue to have problems.

    Normally I would say to you to assign the self signed certificate through the management console, but you can't do that. Try starting Exchange Management Shell.

    If that still fails, then you could see if the self signed certificate that Exchange 2010 created is still in the Certificate store and allocate it to the Default Web Site. After doing so, run IISRESET.

    You cannot run Exchange 2010 and the Default Web Site without an SSL certificate.

    Once you can get back in to EMC, then you can create a new certificate request through EMC and manage it through that as well.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources
    Tuesday, December 7, 2010 8:06 PM
  • An article posted today on the Exchange Team blog may be of use as well.

    http://msexchangeteam.com/archive/2010/12/07/457139.aspx

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources
    Tuesday, December 7, 2010 8:07 PM
  • Thanks for the Info.

    What fixed it was :

    Go to IIS

    default Website - right-click  - edit bindings

    under bindings there were two - https port 443 ip address *

    I removed one of these and edited the existing one and set SSL certificate to Microsoft Exchange.

    restarted IIS and started the default website.

     

     

     

     

    • Marked as answer by Novak Wu Friday, December 17, 2010 2:54 AM
    Wednesday, December 8, 2010 12:56 AM
  • Thank you for sharing us the solution. It can help other forum users who have the same issues in future.

     

    Regards,

    Novak


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Friday, December 17, 2010 2:55 AM