Answered by:
Outlook security alert - the name is invalid..., where find it?

Question
-
Hi,
I'm receiving Security Alert every time when start Outlook 2007 (office.mail.com!!! (external owa) - it's strange, maybe should be internal Exchange server). The name on the security certificate is invalid or... View Certificate shows me
Issued to: IOS-Self-Signed-Certificate-193382
Issued by: IOS-Self-Signed-Certificate-193382
Valid from 12/05/2009 to 01/01/2020
OK. I know that the problem is incorrect certificate, because name of my Exchange Server - Exchange, and Owa's name - office.mail.com
But where I can find this certificate for delete or replace?
PDC (Server 2008) -> mmc -> certificates: Can't find IOS-Self-...
Exchange 2010 -> mmc -> certificates: Can't find IOS-Self-...
Exchange Power Shell - Get-ExchangeCertificate | fl Can't find IOS-Self-...
Exchange Management Console -> Server Configuration -> Exchange certificates Can't find IOS-Self-...
Exchange IIS Site Bindings (7.0) - Can't find IOS-Self-...
In DNS I've replaced old autodiscover Host A to SRV record _autodiscover to internal Exchange server
Thanks
- Edited by IT Jericho Monday, July 5, 2010 3:11 AM
Sunday, July 4, 2010 10:59 PM
Answers
-
The self-signed cert gets created by Exchanged during the installation and is only used by Exchange. Just created to get you going. Always should replace it with internal or public before going into production.
Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com- Proposed as answer by TWHarrington Monday, July 5, 2010 3:58 AM
- Marked as answer by IT Jericho Monday, July 5, 2010 4:19 AM
Monday, July 5, 2010 3:58 AM -
Hi,
In conclusion:
1. The wrong certificate Issued to: IOS-Self-Signed-Certificate-193382... comes from my Cisco router
2. This certificate stopped appear after changes in exchange IIS. I have performed rollback of instructions from this article Configure Outlook Anywhere to Use Multiple SSL Certificates
In my opinion, exactly actions from this article provoke most of my troubles with exchange :(
3. RPC over HTTP\HTTPS works perfect after disabling IPv6 and rejoin to domain Exchange server.
4. All tests via Microsoft Exchange Server Remote Connectivity Analyzer passed fine
Thanks to all
- Marked as answer by IT Jericho Wednesday, July 28, 2010 11:17 PM
Wednesday, July 28, 2010 11:17 PM
All replies
-
You need to replace the self-signed cert with one from your internal CA or preferrably from a public CA. Here are some links to guide you through the process (this assumes Exchange 2010)...
http://www.digicert.com/csr-creation-microsoft-exchange-2010.htm
http://www.digicert.com/ssl-certificate-installation-microsoft-exchange-2010.htm
For Exchange 2007...
http://technet.microsoft.com/en-us/library/bb851505(EXCHG.80).aspx
Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com- Proposed as answer by TWHarrington Sunday, July 4, 2010 11:11 PM
Sunday, July 4, 2010 11:09 PM -
Thanks for reply.
I have created some Exchange and Domain certificates before, it's not too difficult. For me is really interesting where is this IOS-Self- from and where I can find it.
Thanks again any for suggestions.
Monday, July 5, 2010 3:09 AM -
The self-signed cert gets created by Exchanged during the installation and is only used by Exchange. Just created to get you going. Always should replace it with internal or public before going into production.
Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com- Proposed as answer by TWHarrington Monday, July 5, 2010 3:58 AM
- Marked as answer by IT Jericho Monday, July 5, 2010 4:19 AM
Monday, July 5, 2010 3:58 AM -
Ok. So I should just to create another self-Signed Certificate for my Exchange or Buy SSL Certificate, then put it to Exchange and implement via GPO.
Many thanks
Monday, July 5, 2010 4:18 AM -
Hi Tim,
It was my fail to close the ticket so quickly. The wrong certificate still exists, even after recreation and reassign new one.
REMARK: I've tried to implement multiply SSL certificates for local mail Exchange+Outlook and external OWA Outlook+Browser. Everything was taken from Configure Outlook Anywhere to Use Multiple SSL Certificates
So, internal Outlook connection to Exchange OK. OWA internal shows certificate error, but works (perhaps GPO certificate distribution delay).
But Test-OutlookWebServices -ClientAccessServer exchangesrv2 still shows annoying certificate:
[PS] C:\Users\administrator.mydomain\Desktop>Test-OutlookWebServices -ClientAccessServer exchangesrv2
Creating a new session for implicit remoting of "Test-OutlookWebServices" command...[PS] C:\Users\administrator.mydomain\Desktop>Test-OutlookWebServices -ClientAccessServer exchangesrv2
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1019
Type : Information
Message : A valid Autodiscover service connection point was found. The Autodiscover URL on this object is https://of fice.externalserver.com/autodiscover/autodiscover.xml.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1004
Type : Error
Message : The certificate for the URL https://office.externalserver.com/autodiscover/autodiscover.xml is incorrect.
For SSL to work, the certificate needs to have a subject of office.externalserver.com, instead the subjectfound is IOS-Self-Signed-Certificate-1933852417 . Consider correcting service discovery, or installing a correct SSL certificate.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://office.externalserver.com/autodiscover/autodiscover.xml received the error The remote server returned an error: (404) Not Found.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1023
Type : Error
Message : The Autodiscover service couldn't be contacted.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://EXCHANGESRV2.domain.local:443/autodiscover/autodiscover.xml received the error The underlying connection was closed: An unexpected error occurred on a send.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://EXCHANGESRV2.domain.local:443/autodiscover/autodiscover.xml received the error Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://EXCHANGESRV2.domain.local:443/autodiscover/autodiscover.xml received the error Anexisting connection was forcibly closed by the remote host
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1123
Type : Error
Message : The Autodiscover service couldn't be contacted.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://exchangesrv2.domain.local/EWS/Exchange.asmx received the error The underlying connection was closed: An unexpected error occurred on a send.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://exchangesrv2.domain.local/EWS/Exchange.asmx received the error Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://exchangesrv2.domain.local/EWS/Exchange.asmx received the error An existing connection was forcibly closed by the remote host
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1025
Type : Error
Message : [EXCH] Error contacting the AS service at https://exchangesrv2.domain.local/EWS/Exchange.asmx. Elapsed time was 0 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://exchangesrv2.domain.local/EWS/Exchange.asmx received the error The underlying connection was closed: An unexpected error occurred on a send.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://exchangesrv2.domain.local/EWS/Exchange.asmx received the error Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://exchangesrv2.domain.local/EWS/Exchange.asmx received the error An existing connection was forcibly closed by the remote host
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1027
Type : Error
Message : [EXCH] Error contacting the UM service at https://exchangesrv2.domain.local/EWS/Exchange.asmx. Elapsed time was 0 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://office.externalserver.com/ews/exchange.asmx received the error The request failedwith HTTP status 404: Not Found.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1025
Type : Error
Message : [EXPR] Error contacting the AS service at https://office.externalserver.com/ews/exchange.asmx. Elapsed time was 562 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://office.externalserver.com/ews/exchange.asmx received the error The remote server returned an error: (404) Not Found.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1027
Type : Error
Message : [EXPR] Error contacting the UM service at https://office.externalserver.com/ews/exchange.asmx. Elapsed time was 562 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/ews/exchange.asmx received the error The underlying connection was closed: An unexpected error occurred on a send.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/ews/exchange.asmx received the error Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/ews/exchange.asmx received the error An existing connection was forcibly closed by the remote host
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1125
Type : Error
Message : [Server] Error contacting the AS service at https://exchangesrv2.domain.local/ews/exchange.asmx. Elapsedtime was 0 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/ews/exchange.asmx received the error The underlying connection was closed: An unexpected error occurred on a send.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/ews/exchange.asmx received the error Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/ews/exchange.asmx received the error An existing connection was forcibly closed by the remote host
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1127
Type : Error
Message : [Server] Error contacting the UM service at https://exchangesrv2.domain.local/ews/exchange.asmx. Elapsedtime was 0 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://office.externalserver.com/rpc received the error The remote server returned an error: (404) Not Found.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1029
Type : Error
Message : [EXPR] Error contacting the RPC/HTTP service at https://office.externalserver.com/rpc. Elapsed time was 578 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/rpc received the error The underlying connection was closed: An unexpected error occurred on a send.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/rpc received the error Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/rpc received the error An existing connection was forcibly closed by the remote host
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1129
Type : Error
Message : [EXPR] Error contacting the RPC/HTTP service at https://exchangesrv2.domain.local/rpc. Elapsed time was 0milliseconds.Thanks
- Edited by IT Jericho Sunday, July 11, 2010 6:00 AM
Wednesday, July 7, 2010 1:08 AM -
Use Disable-ExchangeCertificate and Enable-ExchangeCertificate to replace the self-signed certificate with the valid one.
--
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
.
"vyan024" wrote in message news:976097ea-c17f-4322-8127-59c9c1760a50...Hi Tim,
It was my fail to close the ticket so quickly. The wrong certificate still exists, even after recreation and reassign new one.
REMARK: I've tried to implement multiply SSL certificates for local mail Exchange+Outlook and external OWA Outlook+Browser. Everything was taken from Configure Outlook Anywhere to Use Multiple SSL Certificates
So, internal Outlook connection to Exchange OK. OWA internal shows certificate error, but works (perhaps GPO certificate distribution delay).
But Test-OutlookWebServices -ClientAccessServer exchangesrv2 still shows annoying certificate:
[PS] C:\Users\administrator.domain\Desktop>Test-OutlookWebServices -ClientAccessServer exchangesrv2
Creating a new session for implicit remoting of "Test-OutlookWebServices" command...
[PS] C:\Users\administrator.JERICHO\Desktop>Test-OutlookWebServices -ClientAccessServer exchangesrv2
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1019
Type : Information
Message : A valid Autodiscover service connection point was found. The Autodiscover URL on this object is https://of fice.externalserver.com/autodiscover/autodiscover.xml.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1004
Type : Error
Message : The certificate for the URL https://office.externalserver.com/autodiscover/autodiscover.xml is incorrect.
For SSL to work, the certificate needs to have a subject of office.externalserver.com, instead the subjectfound is IOS-Self-Signed-Certificate-1933852417 . Consider correcting service discovery, or installing a correct SSL certificate.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://office.externalserver.com/autodiscover/autodiscover.xml received the error The remote server returned an error: (404) Not Found.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1023
Type : Error
Message : The Autodiscover service couldn't be contacted.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://EXCHANGESRV2.domain.local:443/autodiscover/autodiscover.xml received the error The underlying connection was closed: An unexpected error occurred on a send.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://EXCHANGESRV2.domain.local:443/autodiscover/autodiscover.xml received the error Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://EXCHANGESRV2.domain.local:443/autodiscover/autodiscover.xml received the error Anexisting connection was forcibly closed by the remote host
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1123
Type : Error
Message : The Autodiscover service couldn't be contacted.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://exchangesrv2.domain.local/EWS/Exchange.asmx received the error The underlying connection was closed: An unexpected error occurred on a send.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://exchangesrv2.domain.local/EWS/Exchange.asmx received the error Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://exchangesrv2.domain.local/EWS/Exchange.asmx received the error An existing connection was forcibly closed by the remote host
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1025
Type : Error
Message : [EXCH] Error contacting the AS service at https://exchangesrv2.domain.local/EWS/Exchange.asmx. Elapsed time was 0 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://exchangesrv2.domain.local/EWS/Exchange.asmx received the error The underlying connection was closed: An unexpected error occurred on a send.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://exchangesrv2.domain.local/EWS/Exchange.asmx received the error Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://exchangesrv2.domain.local/EWS/Exchange.asmx received the error An existing connection was forcibly closed by the remote host
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1027
Type : Error
Message : [EXCH] Error contacting the UM service at https://exchangesrv2.domain.local/EWS/Exchange.asmx. Elapsed time was 0 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://office.externalserver.com/ews/exchange.asmx received the error The request failedwith HTTP status 404: Not Found.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1025
Type : Error
Message : [EXPR] Error contacting the AS service at https://office.externalserver.com/ews/exchange.asmx. Elapsed time was 562 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://office.externalserver.com/ews/exchange.asmx received the error The remote server returned an error: (404) Not Found.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1027
Type : Error
Message : [EXPR] Error contacting the UM service at https://office.externalserver.com/ews/exchange.asmx. Elapsed time was 562 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/ews/exchange.asmx received the error The underlying connection was closed: An unexpected error occurred on a send.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/ews/exchange.asmx received the error Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/ews/exchange.asmx received the error An existing connection was forcibly closed by the remote host
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1125
Type : Error
Message : [Server] Error contacting the AS service at https://exchangesrv2.domain.local/ews/exchange.asmx. Elapsedtime was 0 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/ews/exchange.asmx received the error The underlying connection was closed: An unexpected error occurred on a send.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/ews/exchange.asmx received the error Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/ews/exchange.asmx received the error An existing connection was forcibly closed by the remote host
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1127
Type : Error
Message : [Server] Error contacting the UM service at https://exchangesrv2.domain.local/ews/exchange.asmx. Elapsedtime was 0 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://office.externalserver.com/rpc received the error The remote server returned an error: (404) Not Found.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1029
Type : Error
Message : [EXPR] Error contacting the RPC/HTTP service at https://office.externalserver.com/rpc. Elapsed time was 578 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/rpc received the error The underlying connection was closed: An unexpected error occurred on a send.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/rpc received the error Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/rpc received the error An existing connection was forcibly closed by the remote host
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1129
Type : Error
Message : [EXPR] Error contacting the RPC/HTTP service at https://exchangesrv2.domain.local/rpc. Elapsed time was 0milliseconds.Thanks
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."Wednesday, July 7, 2010 3:44 AM -
Hi Ed,
Thanks for reply.
Not sure about Disable-ExchangeCertificate
The term 'Disable-ExchangeCertificate' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:28
+ Disable-ExchangeCertificate <<<<
+ CategoryInfo : ObjectNotFound: (Disable-ExchangeCertificate:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundExceptionGet-ExchangeCertificate
Thumbprint Services Subject
---------- -------- -------
B74247D60812930AE630F1A77BE3CAC669F***** IP.WS. CN=exchange
6A3C16AC3497C2077595D81BF52786121FC***** ...WS. CN=*.externaldomain.com, OU=Domain Control Validated - RapidSSLThe properties of bad certificate shows
Thumbprint de bc a8 bc 44 79 ca 95 d9 3b 3b f4 6e 75 0a c7 2e ** ** **
[PS] C:\Windows\system32>Get-ExchangeCertificate -Thumbprint DEBCA8BC4479CA95D93B3BF46E750AC72E******
The certificate with thumbprint DEBCA8BC4479CA95D93B3BF46E750AC72E****** was not found.
+ CategoryInfo : NotSpecified: (:) [Get-ExchangeCertificate], InvalidOperationException
+ FullyQualifiedErrorId : 782F9DD3,Microsoft.Exchange.Management.SystemConfigurationTasks.GetExchangeCertificate
[PS] C:\Windows\system32>Disable-ExchangeCertificate -Thumbprint DEBCA8BC4479CA95D93B3BF46E750AC72E******
The term 'Disable-ExchangeCertificate' is not recognized as the name of a cmdlet, function, script file, or operable pr
ogram. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:28
+ Disable-ExchangeCertificate <<<< -Thumbprint DEBCA8BC4479CA95D93B3BF46E750AC72E******
+ CategoryInfo : ObjectNotFound: (Disable-ExchangeCertificate:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundExceptionAnd [PS] C:\Windows\system32>Remove-ExchangeCertificate -Thumbprint DEBCA8BC4479CA95D93B3BF46E750AC72E******
Confirm
Are you sure you want to perform this action?
Remove certificate with thumbprint DEBCA8BC4479CA95D93B3BF46E750AC72E****** from the computer's certificate store?
[Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): Y
The certificate with thumbprint DEBCA8BC4479CA95D93B3BF46E750AC72E****** was not found.
+ CategoryInfo : ObjectNotFound: (:) [Remove-ExchangeCertificate], InvalidOperationException
+ FullyQualifiedErrorId : 782F9DD3,Microsoft.Exchange.Management.SystemConfigurationTasks.RemoveExchangeCertificateAny suggestions?
Wednesday, July 7, 2010 9:27 PM -
Sorry, it's Remove-ExchangeCertificate.Where do you get the "bad certificate" from? If it doesn't show up in Get-ExchangeCertificate, then Exchange shouldn't know about it.--
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
.
"vyan024" wrote in message news:ddf235b1-f3ec-43dd-acd3-f5773d4e011f...Hi Ed,
Thanks for reply.
Not sure about Disable-ExchangeCertificate
The term 'Disable-ExchangeCertificate' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:28
+ Disable-ExchangeCertificate <<<<
+ CategoryInfo : ObjectNotFound: (Disable-ExchangeCertificate:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundExceptionGet-ExchangeCertificate
Thumbprint Services Subject
---------- -------- -------
B74247D60812930AE630F1A77BE3CAC669F***** IP.WS. CN=exchange
6A3C16AC3497C2077595D81BF52786121FC***** ...WS. CN=*.externaldomain.com, OU=Domain Control Validated - RapidSSLThe properties of bad certificate shows
Thumbprint de bc a8 bc 44 79 ca 95 d9 3b 3b f4 6e 75 0a c7 2e ** ** **
[PS] C:\Windows\system32>Get-ExchangeCertificate -Thumbprint DEBCA8BC4479CA95D93B3BF46E750AC72E******
The certificate with thumbprint DEBCA8BC4479CA95D93B3BF46E750AC72E****** was not found.
+ CategoryInfo : NotSpecified: (:) [Get-ExchangeCertificate], InvalidOperationException
+ FullyQualifiedErrorId : 782F9DD3,Microsoft.Exchange.Management.SystemConfigurationTasks.GetExchangeCertificate
[PS] C:\Windows\system32>Disable-ExchangeCertificate -Thumbprint DEBCA8BC4479CA95D93B3BF46E750AC72E******
The term 'Disable-ExchangeCertificate' is not recognized as the name of a cmdlet, function, script file, or operable pr
ogram. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:28
+ Disable-ExchangeCertificate <<<< -Thumbprint DEBCA8BC4479CA95D93B3BF46E750AC72E******
+ CategoryInfo : ObjectNotFound: (Disable-ExchangeCertificate:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundExceptionAnd [PS] C:\Windows\system32>Remove-ExchangeCertificate -Thumbprint DEBCA8BC4479CA95D93B3BF46E750AC72E******
Confirm
Are you sure you want to perform this action?
Remove certificate with thumbprint DEBCA8BC4479CA95D93B3BF46E750AC72E****** from the computer's certificate store?
[Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): Y
The certificate with thumbprint DEBCA8BC4479CA95D93B3BF46E750AC72E****** was not found.
+ CategoryInfo : ObjectNotFound: (:) [Remove-ExchangeCertificate], InvalidOperationException
+ FullyQualifiedErrorId : 782F9DD3,Microsoft.Exchange.Management.SystemConfigurationTasks.RemoveExchangeCertificateAny suggestions?
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."Thursday, July 8, 2010 5:04 AM -
Hi Ed,
That's right Exchange shouldn't use wrong certificate, because it isn't in the list of certificates :(
Another few facts: wrong certificate appears with every time when Outlook is starting and I'm unable to View Certificate (button unclickable), also header of cert. - office.externaldomain.com??? But internal OWA use correct certificate issued by Exchangesrv2 (one from Exchange list).
External OWA use correct certificate too (*.externaldomain.com), but with 500 - Internal server error. External HTTP\HTTPS Outlook connection unable, because it's error 500.
Thursday, July 8, 2010 10:17 PM -
How is IIS configured?
--
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
.
"vyan024" wrote in message news:b933a0ab-2b45-4311-a0de-ad5013e1a32a...Hi Ed,
That's right Exchange shouldn't use wrong certificate, because it isn't in the list of certificates :(
Another few facts: wrong certificate appears with every time when Outlook is starting and I'm unable to View Certificate (button unclickable), also header of cert. - office.externaldomain.com??? But internal OWA use correct certificate issued by Exchangesrv2 (one from Exchange list).
External OWA use correct certificate too (*.externaldomain.com), but with 500 - Internal server error. External HTTP\HTTPS Outlook connection unable, because it's error 500.
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."Saturday, July 10, 2010 5:16 AM -
IIS has 2 sites:
-Autodiscover.externaldomain Anonymous+Windows Auth., SSL - no req.+ignore
-Default Web Site
* aspnet_client
* ecp
* EWS
* Exchange
* Exchweb
* Microsoft-Server-ActiveSync
* OAB
* owa Basic+Windows Auth., SSL req+ignore
* PowerShell
* Public
* Rdc
* RpcWithCertI have installed Rollup 4, so now external OWA shows error 404
<fieldset>404 - File or directory not found.
The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.
</fieldset>After some reboots external OWA replies: Outlook Web App didn't initialize. If the problem continues, please contact your helpdesk.
Internal OWA works ok. Microsoft Exchange Attentant service unable to start.
Unexpected error No authority could be contacted for authentication. ID no: 80090311 Microsoft Exchange System Attendant occurred.
My present state error 404 in IE and in Firefox at the same time
Server Error in '/' Application.
The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested URL: /owa/auth/logon.aspxIn addition: it's strange (at least for me), but I was able to connect to internal OWA even with disabled Outlook Anywhere.
Saturday, July 10, 2010 11:50 AM -
What certificate is bound to the Default Web Site?
--
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
.
"vyan024" wrote in message news:b27d3b79-abb8-43ec-8272-748b8382367d...IIS has 2 sites:
-Autodiscover.externaldomain Anonymous+Windows Auth., SSL - no req.+ignore
-Default Web Site
* aspnet_client
* ecp
* EWS
* Exchange
* Exchweb
* Microsoft-Server-ActiveSync
* OAB
* owa Basic+Windows Auth., SSL req+ignore
* PowerShell
* Public
* Rdc
* RpcWithCertI have installed Rollup 4, so now external OWA shows error 404
<fieldset>404 - File or directory not found.
The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.
</fieldset>After some reboots external OWA replies: Outlook Web App didn't initialize. If the problem continues, please contact your helpdesk.
Internal OWA works ok. Microsoft Exchange Attentant service unable to start.
Unexpected error No authority could be contacted for authentication. ID no: 80090311 Microsoft Exchange System Attendant occurred.
My present state error 404 in IE and in Firefox at the same time
Server Error in '/' Application.
The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested URL: /owa/auth/logon.aspxIn addition: it's strange (at least for me), but I was able to connect to internal OWA even with disabled Outlook Anywhere.
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."Saturday, July 10, 2010 4:08 PM -
For Default Web site is bounded certificate which created on Exchange server in PowerShell for local exchange server:
New-ExchangeCertificate -FriendlyName "Exchangesrv Self" -SubjectName "cn=exchangesrv2" -DomainName exchangesrv2,exchangesrv2.mydomain.local,autodiscover.mydomain.local,autodiscover.exchangesrv2.mydomain.local -PrivateKeyExportable:$True | Enable-ExchangeCertificate -Services POP,IMAP,IIS,SMTP
Default Web Site - Bindings:
http 80 *
https 443 Internal IP internal exchange cert
net.tcp 808: *
net. pipe *
net.m... localhost
msmq... localhost
Sunday, July 11, 2010 5:58 AM -
Please explain how you implemented what you describe in "REMARK".
--
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
.
"vyan024" wrote in message news:976097ea-c17f-4322-8127-59c9c1760a50...Hi Tim,
It was my fail to close the ticket so quickly. The wrong certificate still exists, even after recreation and reassign new one.
REMARK: I've tried to implement multiply SSL certificates for local mail Exchange+Outlook and external OWA Outlook+Browser. Everything was taken from Configure Outlook Anywhere to Use Multiple SSL Certificates
So, internal Outlook connection to Exchange OK. OWA internal shows certificate error, but works (perhaps GPO certificate distribution delay).
But Test-OutlookWebServices -ClientAccessServer exchangesrv2 still shows annoying certificate:
[PS] C:\Users\administrator.domain\Desktop>Test-OutlookWebServices -ClientAccessServer exchangesrv2
Creating a new session for implicit remoting of "Test-OutlookWebServices" command...
[PS] C:\Users\administrator.JERICHO\Desktop>Test-OutlookWebServices -ClientAccessServer exchangesrv2
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1019
Type : Information
Message : A valid Autodiscover service connection point was found. The Autodiscover URL on this object is https://of fice.externalserver.com/autodiscover/autodiscover.xml.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1004
Type : Error
Message : The certificate for the URL https://office.externalserver.com/autodiscover/autodiscover.xml is incorrect.
For SSL to work, the certificate needs to have a subject of office.externalserver.com, instead the subjectfound is IOS-Self-Signed-Certificate-1933852417 . Consider correcting service discovery, or installing a correct SSL certificate.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://office.externalserver.com/autodiscover/autodiscover.xml received the error The remote server returned an error: (404) Not Found.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1023
Type : Error
Message : The Autodiscover service couldn't be contacted.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://EXCHANGESRV2.domain.local:443/autodiscover/autodiscover.xml received the error The underlying connection was closed: An unexpected error occurred on a send.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://EXCHANGESRV2.domain.local:443/autodiscover/autodiscover.xml received the error Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://EXCHANGESRV2.domain.local:443/autodiscover/autodiscover.xml received the error Anexisting connection was forcibly closed by the remote host
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1123
Type : Error
Message : The Autodiscover service couldn't be contacted.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://exchangesrv2.domain.local/EWS/Exchange.asmx received the error The underlying connection was closed: An unexpected error occurred on a send.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://exchangesrv2.domain.local/EWS/Exchange.asmx received the error Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://exchangesrv2.domain.local/EWS/Exchange.asmx received the error An existing connection was forcibly closed by the remote host
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1025
Type : Error
Message : [EXCH] Error contacting the AS service at https://exchangesrv2.domain.local/EWS/Exchange.asmx. Elapsed time was 0 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://exchangesrv2.domain.local/EWS/Exchange.asmx received the error The underlying connection was closed: An unexpected error occurred on a send.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://exchangesrv2.domain.local/EWS/Exchange.asmx received the error Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://exchangesrv2.domain.local/EWS/Exchange.asmx received the error An existing connection was forcibly closed by the remote host
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1027
Type : Error
Message : [EXCH] Error contacting the UM service at https://exchangesrv2.domain.local/EWS/Exchange.asmx. Elapsed time was 0 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://office.externalserver.com/ews/exchange.asmx received the error The request failedwith HTTP status 404: Not Found.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1025
Type : Error
Message : [EXPR] Error contacting the AS service at https://office.externalserver.com/ews/exchange.asmx. Elapsed time was 562 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://office.externalserver.com/ews/exchange.asmx received the error The remote server returned an error: (404) Not Found.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1027
Type : Error
Message : [EXPR] Error contacting the UM service at https://office.externalserver.com/ews/exchange.asmx. Elapsed time was 562 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/ews/exchange.asmx received the error The underlying connection was closed: An unexpected error occurred on a send.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/ews/exchange.asmx received the error Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/ews/exchange.asmx received the error An existing connection was forcibly closed by the remote host
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1125
Type : Error
Message : [Server] Error contacting the AS service at https://exchangesrv2.domain.local/ews/exchange.asmx. Elapsedtime was 0 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/ews/exchange.asmx received the error The underlying connection was closed: An unexpected error occurred on a send.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/ews/exchange.asmx received the error Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/ews/exchange.asmx received the error An existing connection was forcibly closed by the remote host
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1127
Type : Error
Message : [Server] Error contacting the UM service at https://exchangesrv2.domain.local/ews/exchange.asmx. Elapsedtime was 0 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1013
Type : Error
Message : When contacting https://office.externalserver.com/rpc received the error The remote server returned an error: (404) Not Found.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1029
Type : Error
Message : [EXPR] Error contacting the RPC/HTTP service at https://office.externalserver.com/rpc. Elapsed time was 578 milliseconds.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/rpc received the error The underlying connection was closed: An unexpected error occurred on a send.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/rpc received the error Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1113
Type : Error
Message : When contacting https://exchangesrv2.domain.local/rpc received the error An existing connection was forcibly closed by the remote host
RunspaceId : 53cb4367-3f00-4a0f-b310-ee40bcf3c57e
Id : 1129
Type : Error
Message : [EXPR] Error contacting the RPC/HTTP service at https://exchangesrv2.domain.local/rpc. Elapsed time was 0milliseconds.Thanks
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."Sunday, July 11, 2010 5:08 PM -
Sorry, my fault. The correct link is http://technet.microsoft.com/en-us/library/bb310762.aspx and I have implementedConfigure Outlook Anywhere to Use Multiple SSL CertificatesSunday, July 11, 2010 10:01 PM
-
Sorry, I've never implemented that method. Every Exchange installation I've done uses the same web site for everything with a UCC certificate.
--
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
.
"vyan024" wrote in message news:9bf02a1a-a9d0-4286-a21b-aada17d5102d...Sorry, my fault. The correct link is http://technet.microsoft.com/en-us/library/bb310762.aspx and I have implementedConfigure Outlook Anywhere to Use Multiple SSL Certificates
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."Monday, July 12, 2010 1:55 AM -
Same web site - ok. Have you experienced with different Exchange server IPs. I mean: 1 IP for local network, 2 for external OWA or HTTP\HTTPS connection. I have used to this configuration before Exchange owa broke. I have always seen how Exchange server use different IP address. How I can assign 1 constant IP forever, if network card has 2 IPs?Monday, July 12, 2010 10:11 PM
-
You can create new virtual directories in PowerShell, but I've never specifically done what you're trying to do.
--
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
.
"vyan024" wrote in message news:2a171862-d94e-40d0-bf6f-e0ddd5e7346b...Same web site - ok. Have you experienced with different Exchange server IPs. I mean: 1 IP for local network, 2 for external OWA or HTTP\HTTPS connection. I have used to this configuration before Exchange owa broke. I have always seen how Exchange server use different IP address. How I can assign 1 constant IP forever, if network card has 2 IPs?
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."Wednesday, July 14, 2010 4:25 AM -
Thanks anywayWednesday, July 14, 2010 4:49 AM
-
Hi,
In conclusion:
1. The wrong certificate Issued to: IOS-Self-Signed-Certificate-193382... comes from my Cisco router
2. This certificate stopped appear after changes in exchange IIS. I have performed rollback of instructions from this article Configure Outlook Anywhere to Use Multiple SSL Certificates
In my opinion, exactly actions from this article provoke most of my troubles with exchange :(
3. RPC over HTTP\HTTPS works perfect after disabling IPv6 and rejoin to domain Exchange server.
4. All tests via Microsoft Exchange Server Remote Connectivity Analyzer passed fine
Thanks to all
- Marked as answer by IT Jericho Wednesday, July 28, 2010 11:17 PM
Wednesday, July 28, 2010 11:17 PM -
I'm sure this is quite dated now, but if you're still having the problem or if anyone else is having this issue, my problems having this issue were DNS related. Because of a misspelled domain name for the self signed certificate, DNS entries got all jacked up. Corrected the domain name for the cert, but still got the IOS certificate which is our local Cisco router certificate. IPCONFIG /FLUSHDNS corrected it after that.Friday, September 14, 2012 8:13 PM