Solved

Microsoft Exchange certificate problems with disconnects asking for password on Outlook.

Posted on 2010-08-24
8
888 Views
Last Modified: 2012-05-10
I have a couple of issues here, not sure if they are related.....

Our Outlook 2007 users keep getting disconnected from Outlook with the program asking for a password.  Closing the program, locking and unlocking the PC then starting Outlook 'fixes' this for a while.  Or you can put your domain password in and this works for a while.

In the event log on the Exchange 2007 server I am getting the foloowing errors:

Certificate for local system with Thumbprint 25 06 b9 c3 56 fe 1e 28 61 d5 25 a8 86 14 ca b5 0a 07 7c ff is about to expire or already expired.

Certificate enrollment for Local system failed to enroll for a DomainController certificate from Our.domain.controller\Our Domain CA (The RPC server is unavailable. 0x800706ba (WIN32: 1722)).

We have an SSL certificate installed for webmail, this is not the certificate it's complaining about, how do I determine which one it means?
0
Comment
Question by:-Juddy-
  • 4
  • 4
8 Comments
 
LVL 5

Expert Comment

by:DanMar
ID: 33508840
0
 
LVL 3

Author Comment

by:-Juddy-
ID: 33509012
Exchange 2007 (SP1) on a Windows 2008 X64 server.  DC is SBS 2003 (X86)
0
 
LVL 5

Expert Comment

by:DanMar
ID: 33509199
Can you provide the event log errors numbers from both the Exchange Server and any on the SBS?  Also, please run dcdiag & netdiag on the SBS and report any issues.
This eventid.net page has many troubleshooting steps that may relate as well:
http://www.eventid.net/display.asp?eventid=13&eventno=2719&source=AutoEnrollment&phase=1
 
0
 
LVL 3

Author Comment

by:-Juddy-
ID: 33509997
Netdiag results on the SBS Server:

        KB926122
        KB926139-v2
        KB926141
        KB927891
        KB929123
        KB930178
        KB931768
        KB931784
        KB931836
        KB932168
        KB933360
        KB933566
        KB933729
        KB933854
        KB935839
        KB935840
        KB935966
        KB936021
        KB936357
        KB936782
        KB938127
        KB938127-IE7
        KB938464
        KB938759-v4
        KB939653
        KB941202
        KB941568
        KB941569
        KB941644
        KB941672
        KB941693
        KB942615
        KB942763
        KB942830
        KB942831
        KB942840
        KB943055
        KB943460
        KB943484
        KB943485
        KB943729
        KB944338
        KB944533-IE7
        KB944653
        KB945553
        KB946026
        KB947864
        KB947864-IE7
        KB948496
        KB948590
        KB948881
        KB949014
        KB950759-IE7
        KB950760
        KB950762
        KB950974
        KB951066
        KB951072-v2
        KB951698
        KB951746
        KB951748
        KB952004
        KB952069
        KB952954
        KB953298
        KB953838-IE7
        KB953839
        KB954155
        KB954211
        KB954550-v5
        KB954600
        KB955069
        KB955759
        KB955839
        KB956263
        KB956390-IE7
        KB956391
        KB956572
        KB956744
        KB956802
        KB956803
        KB956841
        KB956844
        KB957095
        KB957097
        KB958215-IE7
        KB958644
        KB958687
        KB958690
        KB958869
        KB959426
        KB960225
        KB960714-IE7
        KB960715
        KB960803
        KB960859
        KB961063
        KB961118
        KB961260-IE7
        KB961371
        KB961371-v2
        KB961373
        KB961501
        KB963027-IE7
        KB967715
        KB967723
        KB968220-IE8
        KB968389
        KB968537
        KB968816
        KB969059
        KB969805
        KB969897-IE8
        KB969898
        KB969947
        KB970238
        KB970483
        KB970653-v3
        KB971032
        KB971180-IE8
        KB971468
        KB971486
        KB971513
        KB971557
        KB971633
        KB971657
        KB971737
        KB971930-IE8
        KB971961-IE8
        KB972260-IE8
        KB972270
        KB972636-IE8
        KB973037
        KB973346
        KB973354
        KB973507
        KB973525
        KB973540
        KB973687
        KB973815
        KB973869
        KB973874-IE8
        KB973904
        KB973917
        KB973917-v2
        KB974112
        KB974318
        KB974392
        KB974455-IE8
        KB974571
        KB975025
        KB975364-IE8
        KB975467
        KB975560
        KB975713
        KB976098-v2
        KB976325-IE8
        KB976662-IE8
        KB976749-IE8
        KB977165
        KB977290
        KB977816
        KB977914
        KB978037
        KB978207-IE8
        KB978251
        KB978262
        KB978338
        KB978506-IE8
        KB978542
        KB978601
        KB978706
        KB979306
        KB979309
        KB979683
        KB979907
        KB980182-IE8
        KB980195
        KB980232
        KB980302-IE8
        KB981332-IE8
        KB981793
        KB982381-IE8
        KB982632-IE8
        Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Server Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : SBSserver.ourdomain
        IP Address . . . . . . . . : 192.168.20.11
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.20.3
        NetBIOS over Tcpip . . . . : Disabled
        Dns Servers. . . . . . . . : 192.168.20.11


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed


        WINS service test. . . . . : Skipped
            NetBT is disable on this interface. [Test skipped].

    Adapter : {83E04A2D-97B1-4BE5-81FF-4FD56567BCD7}

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : our sbs server
        IP Address . . . . . . . . : 192.168.20.111
        Subnet Mask. . . . . . . . : 255.255.255.255
        Default Gateway. . . . . . :
        NetBIOS over Tcpip . . . . : Disabled
        Dns Servers. . . . . . . . :

        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Skipped
            [WARNING] No gateways defined for this adapter.


        WINS service test. . . . . : Skipped
            NetBT is disable on this interface. [Test skipped].


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Skipped
    There are no interfaces that have NetBT enabled. [Test skipped]


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Skipped
    There are no interfaces that have NetBT enabled. [Test skipped]


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '192.168.20.11' and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Skipped
    There are no interfaces that have NetBT enabled. [Test skipped]


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 3

Author Comment

by:-Juddy-
ID: 33510058
DCDIAG tests on the SBS Server:



Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\OURSERVERNAME
      Starting test: Connectivity
         ......................... SBSServer passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SBSServer
      Starting test: Replications
         ......................... OURSERVERNAME passed test Replications
      Starting test: NCSecDesc
         ......................... OURSERVERNAME passed test NCSecDesc
      Starting test: NetLogons
         ......................... OURSERVERNAME passed test NetLogons
      Starting test: Advertising
         ......................... OURSERVERNAME passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... OURSERVERNAME passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... OURSERVERNAME passed test RidManager
      Starting test: MachineAccount
         ......................... OURSERVERNAME passed test MachineAccount
      Starting test: Services
         ......................... OURSERVERNAME passed test Services
      Starting test: ObjectsReplicated
         ......................... OURSERVERNAME passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... OURSERVERNAME passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... OURSERVERNAME failed test frsevent
      Starting test: kccevent
         ......................... OURSERVERNAME passed test kccevent
      Starting test: systemlog
         ......................... OURSERVERNAME passed test systemlog
      Starting test: VerifyReferences
         ......................... OURSERVERNAME passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : our-domain
      Starting test: CrossRefValidation
         ......................... our-domain passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... our-domain passed test CheckSDRefDom

   Running enterprise tests on : our.domainname.com
      Starting test: Intersite
         ......................... our.domainname.com passed test Intersite
      Starting test: FsmoCheck
         ......................... our.domainname.com passed test FsmoCheck

0
 
LVL 5

Expert Comment

by:DanMar
ID: 33510102
Looks pretty clean, just FRS issue
Starting test: frsevent
There are warning or error events within the last 24 hours after the SYSVOL has been shared.  Failing SYSVOL replication problems may cause Group Policy problems.
         ......................... OURSERVERNAME failed test frsevent
This should be fixed however I do not believe it is causing your certificate issue.
Please check previous links I have pasted & also email through some errors from SYSTEM in event logs.

0
 
LVL 3

Author Comment

by:-Juddy-
ID: 33510189
Error:

Event 13, certificateservicesclient-certenroll:

Certificate enrollment for Local system failed to enroll for a DomainController certificate from 'ourdomaincontroler'\OURDOMAIN CA (The RPC server is unavailable. 0x800706ba (WIN32: 1722)).

Warning:

Error 64, certificateservicesclient-AutoEnrollment

Certificate for local system with Thumbprint 25 06 b9 c3 56 fe 1e 28 61 d5 25 a8 86 14 ca b5 0a 07 7c ff is about to expire or already expired.
Certificate for local system with Thumbprint 86 fd 51 ce 42 66 22 96 f7 77 5e f8 24 25 1d 71 31 e4 0c db is about to expire or already expired.

Information:

Event 2080, MSExchange ADAccess

Process STORE.EXE (PID=7792). Exchange Active Directory Provider has discovered the following servers with the following characteristics:
 (Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)
In-site:
our.domain.comtroller      CDG 1 7 7 1 0 1 1 7 1
our.exchange.server      CDG 1 7 7 1 0 1 1 7 1
 Out-of-site:

0
 
LVL 5

Accepted Solution

by:
DanMar earned 500 total points
ID: 33510383
I suggest going through the steps listed here for installing Exchange 2007 into SBS 2003 environment and see if anything not done e.g. setting global catalog:
http://www.msexchange.org/tutorials/Installing-Exchange-2007-Small-Business-Server-2003-domain-Part1.html
http://www.msexchange.org/tutorials/Installing-Exchange-2007-Small-Business-Server-2003-domain-Part2.html
also go through best practice analyser info here:
http://blogs.technet.com/b/sbs/archive/2008/01/10/exchange-2007-in-an-sbs-2003-environment.aspx
You can try the SBS 2003 BPA as well as the Exchange 2007 BPA(you will need to install the 2003 BPA).
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
This video discusses moving either the default database or any database to a new volume.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now