none
Problemas con Exchange RRS feed

  • Pregunta

  • Buenas Gente,

    Les cuento que estoy teniendo un evento en mi servidor exchange donde me aparece el siguiente msj:

    Yo tengo implementado los certificados auto-firmados del mismo exchange.

    Pero nose como resolver este tema.

    Me podria ayudar.

    ------------------------------------------

    Microsoft Exchange couldn't find a certificate that contains the domain name mail.netafim.com.ar in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector DesdeInternet with a FQDN parameter of mail.xxxxxx.com.ar. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

    For more information, see Help and Support Center at

     

    Saludos.


    Gaston Dominguez
    martes, 24 de mayo de 2011 13:54

Respuestas

Todas las respuestas

  • Si no usas certificados para TLS, no me preocuparía

    http://technet.microsoft.com/en-us/library/bb510128(EXCHG.80).aspx


    Saludos,

    Marc
    MCSA/MCSE 2003
    MCITP: Enterprise Administrator (Windows Server 2008)
    MCITP: Enterprise Messaging Administrator (Microsoft Exchange 2007 & Exchange 2010)
    MCC: Microsoft Community Contributor 2011
    Citrix CCA
    martes, 24 de mayo de 2011 14:18
    Moderador
  • Estaba barbaro pero de todas formas quiero que desaparesca ese evento y quede todo funcioando correctamente.

    Est es lo que me arrojan los comandos:

    Get-ExchangeCertificate | FL *

    AccessRules          : {System.Security.AccessControl.CryptoKeyAccessRule, Syst
                           em.Security.AccessControl.CryptoKeyAccessRule, System.Se
                           curity.AccessControl.CryptoKeyAccessRule}
    CertificateDomains   : {nearbasxxxx, nearbasxxxx.nearba.net}
    CertificateRequest   :
    IisServices          : {IIS://nearbasxxxx/W3SVC/1}
    IsSelfSigned         : True
    KeyIdentifier        : D774B8FDBEB5C72585B6043BA8E9216F2268935D
    RootCAType           : None
    Services             : IMAP, POP, IIS, SMTP
    Status               : Valid
    PrivateKeyExportable : False
    Archived             : False
    Extensions           : {System.Security.Cryptography.Oid, System.Security.Crypt
                           ography.Oid, System.Security.Cryptography.Oid, System.Se
                           curity.Cryptography.Oid}
    FriendlyName         : Microsoft Exchange
    IssuerName           : System.Security.Cryptography.X509Certificates.X500Distin
                           guishedName
    NotAfter             : 21/05/2012 11:00:11
    NotBefore            : 21/05/2011 11:00:11
    HasPrivateKey        : True
    PrivateKey           : System.Security.Cryptography.RSACryptoServiceProvider
    PublicKey            : System.Security.Cryptography.X509Certificates.PublicKey
    RawData              : {48, 130, 3, 27, 48, 130, 2, 3, 160, 3, 2, 1, 2, 2, 16,
                           1...}
    SerialNumber         : 0143AA7483E1C1824FE249CECF79D8E9
    SubjectName          : System.Security.Cryptography.X509Certificates.X500Distin
                           guishedName
    SignatureAlgorithm   : System.Security.Cryptography.Oid
    Thumbprint           : 86C9F22C3F840739C0E6F4490842139A519ED5F1
    Version              : 3
    Handle               : 469690944
    Issuer               : CN=nearbasxxxx
    Subject              : CN=nearbasxxxx

    AccessRules          : {System.Security.AccessControl.CryptoKeyAccessRule, Syst
                           em.Security.AccessControl.CryptoKeyAccessRule, System.Se
                           curity.AccessControl.CryptoKeyAccessRule}
    CertificateDomains   : {nearbasxxxx, nearbasxxxx.nearba.net}
    CertificateRequest   :
    IisServices          : {}
    IsSelfSigned         : True
    KeyIdentifier        : 938FC8C2109B27728D57EFF8EF3426DC2EE270F9
    RootCAType           : None
    Services             : IMAP, POP, SMTP
    Status               : Valid
    PrivateKeyExportable : False
    Archived             : False
    Extensions           : {System.Security.Cryptography.Oid, System.Security.Crypt
                           ography.Oid, System.Security.Cryptography.Oid, System.Se
                           curity.Cryptography.Oid}
    FriendlyName         : Microsoft Exchange
    IssuerName           : System.Security.Cryptography.X509Certificates.X500Distin
                           guishedName
    NotAfter             : 02/03/2012 13:23:13
    NotBefore            : 02/03/2011 13:23:13
    HasPrivateKey        : True
    PrivateKey           : System.Security.Cryptography.RSACryptoServiceProvider
    PublicKey            : System.Security.Cryptography.X509Certificates.PublicKey
    RawData              : {48, 130, 3, 27, 48, 130, 2, 3, 160, 3, 2, 1, 2, 2, 16,
                           150...}
    SerialNumber         : 967EC02426FC8986442CC3A77133E122
    SubjectName          : System.Security.Cryptography.X509Certificates.X500Distin
                           guishedName
    SignatureAlgorithm   : System.Security.Cryptography.Oid
    Thumbprint           : 85F9DAB879C5C97762C4E8A6DB980E2075DF1335
    Version              : 3
    Handle               : 470472176
    Issuer               : CN=nearbasxxxx
    Subject              : CN=nearbasxxxx

    AccessRules          : {System.Security.AccessControl.CryptoKeyAccessRule, Syst
                           em.Security.AccessControl.CryptoKeyAccessRule, System.Se
                           curity.AccessControl.CryptoKeyAccessRule}
    CertificateDomains   : {nearbasxxxx, nearbasxxxx.nearba.net}
    CertificateRequest   :
    IisServices          : {}
    IsSelfSigned         : True
    KeyIdentifier        : BDBA7B980E5C702D72667C57C647C1F4C22BD2A4
    RootCAType           : Unknown
    Services             : IMAP, POP, SMTP
    Status               : Invalid
    PrivateKeyExportable : False
    Archived             : False
    Extensions           : {System.Security.Cryptography.Oid, System.Security.Crypt
                           ography.Oid, System.Security.Cryptography.Oid, System.Se
                           curity.Cryptography.Oid}
    FriendlyName         : Microsoft Exchange
    IssuerName           : System.Security.Cryptography.X509Certificates.X500Distin
                           guishedName
    NotAfter             : 20/03/2009 13:26:50
    NotBefore            : 20/03/2008 13:26:50
    HasPrivateKey        : True
    PrivateKey           : System.Security.Cryptography.RSACryptoServiceProvider
    PublicKey            : System.Security.Cryptography.X509Certificates.PublicKey
    RawData              : {48, 130, 3, 27, 48, 130, 2, 3, 160, 3, 2, 1, 2, 2, 16,
                           119...}
    SerialNumber         : 7776AA50FD7167A74E395D7155BDA8ED
    SubjectName          : System.Security.Cryptography.X509Certificates.X500Distin
                           guishedName
    SignatureAlgorithm   : System.Security.Cryptography.Oid
    Thumbprint           : 4237A1598939EFBFB46CE11A6B4CBAFF26D2B6FB
    Version              : 3
    Handle               : 470667808
    Issuer               : CN=nearbasxxxx
    Subject              : CN=nearbasxxxx

    Get-ReceiveConnector | FL name, fqdn, objectClass

    Name        : Default NEARBASxxxx
    Fqdn        : nearbasxxxx
    ObjectClass : {top, msExchSmtpReceiveConnector}

    Name        : Client NEARBASxxxx
    Fqdn        : nearbasxxxx.nearba.net
    ObjectClass : {top, msExchSmtpReceiveConnector}

    Name        : DesdeInternet
    Fqdn        : mail.xxxxxxx.com.ar
    ObjectClass : {top, msExchSmtpReceiveConnector}

    Name        : Relaysxxxx
    Fqdn        : server.nearba.net
    ObjectClass : {top, msExchSmtpReceiveConnector}


    Get-SendConnector | FL name, fqdn, objectClass

    Name        : SalidaInternet
    Fqdn        :
    ObjectClass : {top, msExchConnector, mailGateway, msExchRoutingSMTPConnector}


    Gaston Dominguez
    martes, 24 de mayo de 2011 18:15
  • Revisa este link, http://exchange.sembee.info/2007/install/multiplenamessl.asp donde se explica cómo asignar los certificados a varios servicios, entre otras cosas.
    Saludos,

    Marc
    MCSA/MCSE 2003
    MCITP: Enterprise Administrator (Windows Server 2008)
    MCITP: Enterprise Messaging Administrator (Microsoft Exchange 2007 & Exchange 2010)
    MCC: Microsoft Community Contributor 2011
    Citrix CCA
    • Propuesto como respuesta Ismael Borche miércoles, 25 de mayo de 2011 21:23
    • Marcado como respuesta Ismael Borche lunes, 6 de junio de 2011 22:18
    miércoles, 25 de mayo de 2011 7:04
    Moderador