Solved

Exchange 2007 SSL cert is not trusted

Posted on 2010-08-17
7
3,107 Views
Last Modified: 2013-11-30
When my users open up outlook 2007 or 2010  i get the attached error message.

"Security Alert"
"Webmail.nwgmg.com
Information you exchagne with this site cannot be viewed or changed by other. However, there is a problem with the site's security certificate."

"X      The application experience and internal error loading the SSL libraries. This site should not be trusted.

If i manually configure outlook it works but i do get this error periodacly. This has been working find for almost a year and suddenly this starts. Any help would be greatly appreciated.

I am runing exchange 2007 and a SSL certificate from Go Daddy.

Thanks,

Ryan Burney
ssl-issue.jpg
0
Comment
Question by:rburney
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 34

Expert Comment

by:Shreedhar Ette
ID: 33455826
Hi,

Refer this article:
http://www.networknet.nl/apps/wp/archives/334

Hope this helps,
Shree
0
 
LVL 9

Expert Comment

by:v_9mhdrf
ID: 33456848
Please also try test-outlookwebservices | fl and see the errors.
Probably you will get the errors in it, if yes then please paste them here so that we can further help you with. However you can go with the article of shree.... hope it helps you in..


Thanks.
0
 

Author Comment

by:rburney
ID: 33457419
v 9mhdrf you are right... What should i do about this?

Id      : 1003
Type    : Information
Message : About to test AutoDiscover with the e-mail address Administrator@nwgm
          g.com.

Id      : 1007
Type    : Information
Message : Testing server NWGMG-MX.nwgmg.com with the published name https://web
          mail.nwgmg.com/ews/exchange.asmx & https://webmail.nwgmg.com/ews/exch
          ange.asmx.

Id      : 1019
Type    : Information
Message : Found a valid AutoDiscover service connection point. The AutoDiscover
           URL on this object is https://webmail.nwgmg.com/autodiscover/autodis
          cover.xml.

Id      : 1013
Type    : Error
Message : When contacting https://webmail.nwgmg.com/autodiscover/autodiscover.x
          ml received the error The remote server returned an error: (401) Unau
          thorized.

Id      : 1006
Type    : Error
Message : The Autodiscover service could not be contacted.
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:rburney
ID: 33457673
when i hit the https://webmail.nwgmg.com/autodiscover/autodiscover.xml 

this is what i get...

<?xml version="1.0" encoding="utf-8" ?>
- <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
- <Response>
- <Error Time="14:32:36.5710266" Id="1218015928">
  <ErrorCode>600</ErrorCode>
  <Message>Invalid Request</Message>
  <DebugData />
  </Error>
  </Response>
  </Autodiscover>
0
 
LVL 4

Expert Comment

by:cybera
ID: 33460877
Seems like a DNS issue. Maybe you forgot to add the SRV record for Autodiscovery on your DNS. Follow the link below.

http://support.microsoft.com/kb/940881 
0
 
LVL 9

Expert Comment

by:v_9mhdrf
ID: 33461061
After running test-outlookwebservices | fl and you got 1013 which says 401 Unauthorized, then you have to follow another article.

KB- 896861.
Set the registry value and reboot the server, and also please check the authentication on the IIS manager on the server.
Autodiscover:- Basic+Windows Integrated Authentication + SSL Enabled
EWS:- Windows Integrated Authentication + SSL not required
OAB:- Windows Integrated Authentication + SSL not required

And the one which you are showing after browsing the Autodiscover is a expected behaviour, we should get the following 600 error code, that is absolutely fine.
Please check the above settings and revert back if you have any issues.
0
 
LVL 34

Accepted Solution

by:
Shreedhar Ette earned 500 total points
ID: 33461958
Hi,

SAN/UCC Certificate with the following names in is a must for Exchange 2007:
- autodiscover.domainname.com

- owa.domainname.com (the URL used for Outlook Web Access)

- remote.domainname.com (used in SBS 2008)

- servername.domainname.local (the internal FQDN of your Exchange Server)

- SERVERNAME (NETBIOS Name of your Server)

and Observed that the certificate installed on the exchange does not contain all names.

Hence get the certificate with the mentioned names.

Hope this helps,
Shree
0

Featured Post

How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question