Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Exchange 2007 SSL cert is not trusted

Posted on 2010-08-17
7
Medium Priority
?
3,148 Views
Last Modified: 2013-11-30
When my users open up outlook 2007 or 2010  i get the attached error message.

"Security Alert"
"Webmail.nwgmg.com
Information you exchagne with this site cannot be viewed or changed by other. However, there is a problem with the site's security certificate."

"X      The application experience and internal error loading the SSL libraries. This site should not be trusted.

If i manually configure outlook it works but i do get this error periodacly. This has been working find for almost a year and suddenly this starts. Any help would be greatly appreciated.

I am runing exchange 2007 and a SSL certificate from Go Daddy.

Thanks,

Ryan Burney
ssl-issue.jpg
0
Comment
Question by:rburney
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 34

Expert Comment

by:Shreedhar Ette
ID: 33455826
Hi,

Refer this article:
http://www.networknet.nl/apps/wp/archives/334

Hope this helps,
Shree
0
 
LVL 9

Expert Comment

by:v_9mhdrf
ID: 33456848
Please also try test-outlookwebservices | fl and see the errors.
Probably you will get the errors in it, if yes then please paste them here so that we can further help you with. However you can go with the article of shree.... hope it helps you in..


Thanks.
0
 

Author Comment

by:rburney
ID: 33457419
v 9mhdrf you are right... What should i do about this?

Id      : 1003
Type    : Information
Message : About to test AutoDiscover with the e-mail address Administrator@nwgm
          g.com.

Id      : 1007
Type    : Information
Message : Testing server NWGMG-MX.nwgmg.com with the published name https://web
          mail.nwgmg.com/ews/exchange.asmx & https://webmail.nwgmg.com/ews/exch
          ange.asmx.

Id      : 1019
Type    : Information
Message : Found a valid AutoDiscover service connection point. The AutoDiscover
           URL on this object is https://webmail.nwgmg.com/autodiscover/autodis
          cover.xml.

Id      : 1013
Type    : Error
Message : When contacting https://webmail.nwgmg.com/autodiscover/autodiscover.x
          ml received the error The remote server returned an error: (401) Unau
          thorized.

Id      : 1006
Type    : Error
Message : The Autodiscover service could not be contacted.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 

Author Comment

by:rburney
ID: 33457673
when i hit the https://webmail.nwgmg.com/autodiscover/autodiscover.xml 

this is what i get...

<?xml version="1.0" encoding="utf-8" ?>
- <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
- <Response>
- <Error Time="14:32:36.5710266" Id="1218015928">
  <ErrorCode>600</ErrorCode>
  <Message>Invalid Request</Message>
  <DebugData />
  </Error>
  </Response>
  </Autodiscover>
0
 
LVL 4

Expert Comment

by:cybera
ID: 33460877
Seems like a DNS issue. Maybe you forgot to add the SRV record for Autodiscovery on your DNS. Follow the link below.

http://support.microsoft.com/kb/940881 
0
 
LVL 9

Expert Comment

by:v_9mhdrf
ID: 33461061
After running test-outlookwebservices | fl and you got 1013 which says 401 Unauthorized, then you have to follow another article.

KB- 896861.
Set the registry value and reboot the server, and also please check the authentication on the IIS manager on the server.
Autodiscover:- Basic+Windows Integrated Authentication + SSL Enabled
EWS:- Windows Integrated Authentication + SSL not required
OAB:- Windows Integrated Authentication + SSL not required

And the one which you are showing after browsing the Autodiscover is a expected behaviour, we should get the following 600 error code, that is absolutely fine.
Please check the above settings and revert back if you have any issues.
0
 
LVL 34

Accepted Solution

by:
Shreedhar Ette earned 2000 total points
ID: 33461958
Hi,

SAN/UCC Certificate with the following names in is a must for Exchange 2007:
- autodiscover.domainname.com

- owa.domainname.com (the URL used for Outlook Web Access)

- remote.domainname.com (used in SBS 2008)

- servername.domainname.local (the internal FQDN of your Exchange Server)

- SERVERNAME (NETBIOS Name of your Server)

and Observed that the certificate installed on the exchange does not contain all names.

Hence get the certificate with the mentioned names.

Hope this helps,
Shree
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
How to effectively resolve the number one email related issue received by helpdesks.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question