Need help with Exchange 2007 certificates
Posted on 2009-12-30
I'm really getting stuck here. As an IT team of one, I'm spending the holidays lab-testing a new server running Exchange 2007 on 2008 SBS. All aspects of the server install have gone fine, but Exchange is giving me real headaches - such that I am on the brink of proposing the new server be deployed with Exchange 2003 again, simply because I can get that working!
In a nutshell, ActiveSync is not working, so no iPhone connections work, OWA is not working, and Outlook 2007 has been giving me an invalid certificate error on startup (although mysteriously this didn't do it today...)
I think all of my issues stem from invalid certificates. The Exchange Best Practices Analyser Health Check had been reporting invalid SANs on all my certificates until today. I think my same dabbling that stopped the Outlook certificate warning has also changed the Health Check results, which now show "No client authentication methods available for ActiveSync" and "Outlook Web Access configured without SSL". These 2 errors are new, and replace the certificate errors, but what's odd is that within IIS Manager, ActiveSync and OWA have "Require SSL" checked.
I feel like I need a "Reset everything related to IIS to defaults" button, followed by a "Regenerate Exchange certificates" button, but short of a reinstall I'm stuck.
One other question, why are there four certificates installed as standard. If I were up against just one, like I created for OWA on Exchange 2003, I'd feel confident, but I don't even know why there are four now?
Any help would be much appreciated.