locked
Self signed certificate on CCR nodes? RRS feed

  • Question

  • I noticed our active node in our CCR cluster has an expired self signed certificate.  This wasn't noticable until errors in Microsoft Entourage started coming up saying the certificate on the node was invalid or expired.  Sure enough it is expired.  I am puzzled because I thought certs were only used on HUBs, Edge and CAS.  If I run new-exchangecertificate in powershell, I get a warning about it needs to run on a hub, edge, etc. 

    I have a few questions. Can I just delete the certificate?  Since this is a mailbox server (active node in ccr cluster) there shouldn't be a certificate on it?  Thanks

    Wednesday, March 23, 2011 4:19 AM

Answers

  • And I can’t find any certificate on my CCR nodes via MMC as well

    Please provide the exact error information on the entourage

    Please check if there’s any related event in the application log on the nodes

    Please increase the diagnostic logging level for the “MSExchangeIS” component in the CCR node, reproduce the issue, and check the event log again for further error events

    Diagnostic Logging of Exchange Processes

    Please run ExBPA against the CMS for health check


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Proposed as answer by Alan.Gim Wednesday, March 30, 2011 6:28 AM
    • Marked as answer by Alan.Gim Wednesday, April 6, 2011 1:11 AM
    Monday, March 28, 2011 6:11 AM

All replies

  • A self-signed certificate is installed on every Exchange 2007 server role except for the Mailbox server role

    ---------Refer to <Understanding the Self-Signed Certificate in Exchange 2007>

    Yes. According to the article above, self-signed certificate shouldn’t appear on MBX server


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Saturday, March 26, 2011 8:30 AM
  • Thanks James. I did read the article prior to posting, so that is one of the reasons for my querstion.  Not only am I wondering why there is a certificate on the mbox server, but why is even Entourage is looking at it.
    Monday, March 28, 2011 4:33 AM
  • And I can’t find any certificate on my CCR nodes via MMC as well

    Please provide the exact error information on the entourage

    Please check if there’s any related event in the application log on the nodes

    Please increase the diagnostic logging level for the “MSExchangeIS” component in the CCR node, reproduce the issue, and check the event log again for further error events

    Diagnostic Logging of Exchange Processes

    Please run ExBPA against the CMS for health check


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Proposed as answer by Alan.Gim Wednesday, March 30, 2011 6:28 AM
    • Marked as answer by Alan.Gim Wednesday, April 6, 2011 1:11 AM
    Monday, March 28, 2011 6:11 AM
  • Any update about it?


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Tuesday, March 29, 2011 3:37 AM