Solved

Exchange 2007 SSL cert is not trusted

Posted on 2010-08-17
7
3,050 Views
Last Modified: 2013-11-30
When my users open up outlook 2007 or 2010  i get the attached error message.

"Security Alert"
"Webmail.nwgmg.com
Information you exchagne with this site cannot be viewed or changed by other. However, there is a problem with the site's security certificate."

"X      The application experience and internal error loading the SSL libraries. This site should not be trusted.

If i manually configure outlook it works but i do get this error periodacly. This has been working find for almost a year and suddenly this starts. Any help would be greatly appreciated.

I am runing exchange 2007 and a SSL certificate from Go Daddy.

Thanks,

Ryan Burney
ssl-issue.jpg
0
Comment
Question by:rburney
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 34

Expert Comment

by:Shreedhar Ette
ID: 33455826
Hi,

Refer this article:
http://www.networknet.nl/apps/wp/archives/334

Hope this helps,
Shree
0
 
LVL 9

Expert Comment

by:v_9mhdrf
ID: 33456848
Please also try test-outlookwebservices | fl and see the errors.
Probably you will get the errors in it, if yes then please paste them here so that we can further help you with. However you can go with the article of shree.... hope it helps you in..


Thanks.
0
 

Author Comment

by:rburney
ID: 33457419
v 9mhdrf you are right... What should i do about this?

Id      : 1003
Type    : Information
Message : About to test AutoDiscover with the e-mail address Administrator@nwgm
          g.com.

Id      : 1007
Type    : Information
Message : Testing server NWGMG-MX.nwgmg.com with the published name https://web
          mail.nwgmg.com/ews/exchange.asmx & https://webmail.nwgmg.com/ews/exch
          ange.asmx.

Id      : 1019
Type    : Information
Message : Found a valid AutoDiscover service connection point. The AutoDiscover
           URL on this object is https://webmail.nwgmg.com/autodiscover/autodis
          cover.xml.

Id      : 1013
Type    : Error
Message : When contacting https://webmail.nwgmg.com/autodiscover/autodiscover.x
          ml received the error The remote server returned an error: (401) Unau
          thorized.

Id      : 1006
Type    : Error
Message : The Autodiscover service could not be contacted.
0
Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

 

Author Comment

by:rburney
ID: 33457673
when i hit the https://webmail.nwgmg.com/autodiscover/autodiscover.xml

this is what i get...

<?xml version="1.0" encoding="utf-8" ?>
- <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
- <Response>
- <Error Time="14:32:36.5710266" Id="1218015928">
  <ErrorCode>600</ErrorCode>
  <Message>Invalid Request</Message>
  <DebugData />
  </Error>
  </Response>
  </Autodiscover>
0
 
LVL 4

Expert Comment

by:cybera
ID: 33460877
Seems like a DNS issue. Maybe you forgot to add the SRV record for Autodiscovery on your DNS. Follow the link below.

http://support.microsoft.com/kb/940881
0
 
LVL 9

Expert Comment

by:v_9mhdrf
ID: 33461061
After running test-outlookwebservices | fl and you got 1013 which says 401 Unauthorized, then you have to follow another article.

KB- 896861.
Set the registry value and reboot the server, and also please check the authentication on the IIS manager on the server.
Autodiscover:- Basic+Windows Integrated Authentication + SSL Enabled
EWS:- Windows Integrated Authentication + SSL not required
OAB:- Windows Integrated Authentication + SSL not required

And the one which you are showing after browsing the Autodiscover is a expected behaviour, we should get the following 600 error code, that is absolutely fine.
Please check the above settings and revert back if you have any issues.
0
 
LVL 34

Accepted Solution

by:
Shreedhar Ette earned 500 total points
ID: 33461958
Hi,

SAN/UCC Certificate with the following names in is a must for Exchange 2007:
- autodiscover.domainname.com

- owa.domainname.com (the URL used for Outlook Web Access)

- remote.domainname.com (used in SBS 2008)

- servername.domainname.local (the internal FQDN of your Exchange Server)

- SERVERNAME (NETBIOS Name of your Server)

and Observed that the certificate installed on the exchange does not contain all names.

Hence get the certificate with the mentioned names.

Hope this helps,
Shree
0

Featured Post

Why do Marketing keep bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

Join & Write a Comment

Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now