locked
Win7 is not taking the newly created root certificate and RPC not working RRS feed

  • Question

  • Hello guys. I need some help, last week our CA certificate was about to expire, so we read a little so the impact won’t be huge. We thought we had everything under control, but since that day, some people with Win7 can’t open Outlook with RPC configurations and send mail from outside the domain network. We have tried lots of things, and almost every computer with Win7 won’t take the cert. I’m not sure why a couple of machines, including mine, took the cert

    On users machines we installed the certification on the trusted root certifications authority’s and nothing. We have a GPO on the Win 2003 Domain controller that deploys the certification but I think is not working on Win7 machines, I guess because of our domain level. Our domain functionality level is windows server 2003

    Anyone can give a recommendation?

    This is the message appearing on the outlooks from outside the network:

    There is a problem with the proxy server's security certificate, %s. The security certificate is not from a trusted certifying authority. Outlook is unable to connect to this server. (%s)"

    Thanks have a nice day.


    • Edited by El Guayo Tuesday, November 8, 2011 6:25 PM
    Tuesday, November 8, 2011 4:35 PM

Answers

  • Hi,

    Are you telling us that your internal PKI trusted root certificate was going to expire and that you renewed it and it needs to be deployed?

    This is more a question for the Windows Server forum, but anyway..

     

    Since Windows XP/Win 2003 and Windows 2008+/Vista/W7 doesnt use the same GPO templates you will need to deploy them differently

    http://technet.microsoft.com/en-us/library/cc709647%28WS.10%29.aspx

    http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=14355

    http://msdn.microsoft.com/en-us/library/bb530196.aspx

    http://www.windowsecurity.com/articles/managing-windows-vista-group-policy-part1.html

     

    If you have any questions around it, post them into the Server forum

    http://social.technet.microsoft.com/Forums/en-us/category/windowsserver

     


    Jonas Andersson | Microsoft Community Contributor Award 2011 | MCITP: EMA 2007/2010 | Blog: http://www.testlabs.se/blog | Follow me on twitter: jonand82
    • Marked as answer by El Guayo Friday, November 11, 2011 6:55 PM
    Tuesday, November 8, 2011 6:49 PM

All replies

  • Hi,

    Are you telling us that your internal PKI trusted root certificate was going to expire and that you renewed it and it needs to be deployed?

    This is more a question for the Windows Server forum, but anyway..

     

    Since Windows XP/Win 2003 and Windows 2008+/Vista/W7 doesnt use the same GPO templates you will need to deploy them differently

    http://technet.microsoft.com/en-us/library/cc709647%28WS.10%29.aspx

    http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=14355

    http://msdn.microsoft.com/en-us/library/bb530196.aspx

    http://www.windowsecurity.com/articles/managing-windows-vista-group-policy-part1.html

     

    If you have any questions around it, post them into the Server forum

    http://social.technet.microsoft.com/Forums/en-us/category/windowsserver

     


    Jonas Andersson | Microsoft Community Contributor Award 2011 | MCITP: EMA 2007/2010 | Blog: http://www.testlabs.se/blog | Follow me on twitter: jonand82
    • Marked as answer by El Guayo Friday, November 11, 2011 6:55 PM
    Tuesday, November 8, 2011 6:49 PM
  • Ok but those links talk about Windows Server 2008 GPO's. I was searching for a way to deploy this admx files from a windows server 2003 but i guess this is not posible. Besides we are using the certification authority, is it possible with this infrastructure?

    Tuesday, November 8, 2011 7:26 PM
  • Yes it's possible, have a look at the links i posted above and you will be fine :)
    Jonas Andersson | Microsoft Community Contributor Award 2011 | MCITP: EMA 2007/2010 | Blog: http://www.testlabs.se/blog | Follow me on twitter: jonand82
    Tuesday, November 8, 2011 7:29 PM
  • Hello Jonas, thanks for your help. Actually the solution was a little more simple. The problem was that when i created the new Certification, i actually extended the old one. And on the GPO i deleted the previous one, and added the new one.

    But this new certification needs the old one before to actualize to the new one.

    Thanks for your help, have a nice day.

    Friday, November 11, 2011 6:55 PM