Solved

Exchange 2007 SSL cert is not trusted

Posted on 2010-08-17
7
3,075 Views
Last Modified: 2013-11-30
When my users open up outlook 2007 or 2010  i get the attached error message.

"Security Alert"
"Webmail.nwgmg.com
Information you exchagne with this site cannot be viewed or changed by other. However, there is a problem with the site's security certificate."

"X      The application experience and internal error loading the SSL libraries. This site should not be trusted.

If i manually configure outlook it works but i do get this error periodacly. This has been working find for almost a year and suddenly this starts. Any help would be greatly appreciated.

I am runing exchange 2007 and a SSL certificate from Go Daddy.

Thanks,

Ryan Burney
ssl-issue.jpg
0
Comment
Question by:rburney
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 34

Expert Comment

by:Shreedhar Ette
ID: 33455826
Hi,

Refer this article:
http://www.networknet.nl/apps/wp/archives/334

Hope this helps,
Shree
0
 
LVL 9

Expert Comment

by:v_9mhdrf
ID: 33456848
Please also try test-outlookwebservices | fl and see the errors.
Probably you will get the errors in it, if yes then please paste them here so that we can further help you with. However you can go with the article of shree.... hope it helps you in..


Thanks.
0
 

Author Comment

by:rburney
ID: 33457419
v 9mhdrf you are right... What should i do about this?

Id      : 1003
Type    : Information
Message : About to test AutoDiscover with the e-mail address Administrator@nwgm
          g.com.

Id      : 1007
Type    : Information
Message : Testing server NWGMG-MX.nwgmg.com with the published name https://web
          mail.nwgmg.com/ews/exchange.asmx & https://webmail.nwgmg.com/ews/exch
          ange.asmx.

Id      : 1019
Type    : Information
Message : Found a valid AutoDiscover service connection point. The AutoDiscover
           URL on this object is https://webmail.nwgmg.com/autodiscover/autodis
          cover.xml.

Id      : 1013
Type    : Error
Message : When contacting https://webmail.nwgmg.com/autodiscover/autodiscover.x
          ml received the error The remote server returned an error: (401) Unau
          thorized.

Id      : 1006
Type    : Error
Message : The Autodiscover service could not be contacted.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 

Author Comment

by:rburney
ID: 33457673
when i hit the https://webmail.nwgmg.com/autodiscover/autodiscover.xml 

this is what i get...

<?xml version="1.0" encoding="utf-8" ?>
- <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
- <Response>
- <Error Time="14:32:36.5710266" Id="1218015928">
  <ErrorCode>600</ErrorCode>
  <Message>Invalid Request</Message>
  <DebugData />
  </Error>
  </Response>
  </Autodiscover>
0
 
LVL 4

Expert Comment

by:cybera
ID: 33460877
Seems like a DNS issue. Maybe you forgot to add the SRV record for Autodiscovery on your DNS. Follow the link below.

http://support.microsoft.com/kb/940881 
0
 
LVL 9

Expert Comment

by:v_9mhdrf
ID: 33461061
After running test-outlookwebservices | fl and you got 1013 which says 401 Unauthorized, then you have to follow another article.

KB- 896861.
Set the registry value and reboot the server, and also please check the authentication on the IIS manager on the server.
Autodiscover:- Basic+Windows Integrated Authentication + SSL Enabled
EWS:- Windows Integrated Authentication + SSL not required
OAB:- Windows Integrated Authentication + SSL not required

And the one which you are showing after browsing the Autodiscover is a expected behaviour, we should get the following 600 error code, that is absolutely fine.
Please check the above settings and revert back if you have any issues.
0
 
LVL 34

Accepted Solution

by:
Shreedhar Ette earned 500 total points
ID: 33461958
Hi,

SAN/UCC Certificate with the following names in is a must for Exchange 2007:
- autodiscover.domainname.com

- owa.domainname.com (the URL used for Outlook Web Access)

- remote.domainname.com (used in SBS 2008)

- servername.domainname.local (the internal FQDN of your Exchange Server)

- SERVERNAME (NETBIOS Name of your Server)

and Observed that the certificate installed on the exchange does not contain all names.

Hence get the certificate with the mentioned names.

Hope this helps,
Shree
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question