Microsoft Exchange certificate problems with disconnects asking for password on Outlook.
I have a couple of issues here, not sure if they are related.....
Our Outlook 2007 users keep getting disconnected from Outlook with the program asking for a password. Closing the program, locking and unlocking the PC then starting Outlook 'fixes' this for a while. Or you can put your domain password in and this works for a while.
In the event log on the Exchange 2007 server I am getting the foloowing errors:
Certificate for local system with Thumbprint 25 06 b9 c3 56 fe 1e 28 61 d5 25 a8 86 14 ca b5 0a 07 7c ff is about to expire or already expired.
Certificate enrollment for Local system failed to enroll for a DomainController certificate from Our.domain.controller\Our Domain CA (The RPC server is unavailable. 0x800706ba (WIN32: 1722)).
We have an SSL certificate installed for webmail, this is not the certificate it's complaining about, how do I determine which one it means?
Our Outlook 2007 users keep getting disconnected from Outlook with the program asking for a password. Closing the program, locking and unlocking the PC then starting Outlook 'fixes' this for a while. Or you can put your domain password in and this works for a while.
In the event log on the Exchange 2007 server I am getting the foloowing errors:
Certificate for local system with Thumbprint 25 06 b9 c3 56 fe 1e 28 61 d5 25 a8 86 14 ca b5 0a 07 7c ff is about to expire or already expired.
Certificate enrollment for Local system failed to enroll for a DomainController certificate from Our.domain.controller\Our Domain CA (The RPC server is unavailable. 0x800706ba (WIN32: 1722)).
We have an SSL certificate installed for webmail, this is not the certificate it's complaining about, how do I determine which one it means?
ASKER
Exchange 2007 (SP1) on a Windows 2008 X64 server. DC is SBS 2003 (X86)
Can you provide the event log errors numbers from both the Exchange Server and any on the SBS? Also, please run dcdiag & netdiag on the SBS and report any issues.
This eventid.net page has many troubleshooting steps that may relate as well:
http://www.eventid.net/display.asp?eventid=13&eventno=2719&source=AutoEnrollment&phase=1
This eventid.net page has many troubleshooting steps that may relate as well:
http://www.eventid.net/display.asp?eventid=13&eventno=2719&source=AutoEnrollment&phase=1
ASKER
Netdiag results on the SBS Server:
KB926122
KB926139-v2
KB926141
KB927891
KB929123
KB930178
KB931768
KB931784
KB931836
KB932168
KB933360
KB933566
KB933729
KB933854
KB935839
KB935840
KB935966
KB936021
KB936357
KB936782
KB938127
KB938127-IE7
KB938464
KB938759-v4
KB939653
KB941202
KB941568
KB941569
KB941644
KB941672
KB941693
KB942615
KB942763
KB942830
KB942831
KB942840
KB943055
KB943460
KB943484
KB943485
KB943729
KB944338
KB944533-IE7
KB944653
KB945553
KB946026
KB947864
KB947864-IE7
KB948496
KB948590
KB948881
KB949014
KB950759-IE7
KB950760
KB950762
KB950974
KB951066
KB951072-v2
KB951698
KB951746
KB951748
KB952004
KB952069
KB952954
KB953298
KB953838-IE7
KB953839
KB954155
KB954211
KB954550-v5
KB954600
KB955069
KB955759
KB955839
KB956263
KB956390-IE7
KB956391
KB956572
KB956744
KB956802
KB956803
KB956841
KB956844
KB957095
KB957097
KB958215-IE7
KB958644
KB958687
KB958690
KB958869
KB959426
KB960225
KB960714-IE7
KB960715
KB960803
KB960859
KB961063
KB961118
KB961260-IE7
KB961371
KB961371-v2
KB961373
KB961501
KB963027-IE7
KB967715
KB967723
KB968220-IE8
KB968389
KB968537
KB968816
KB969059
KB969805
KB969897-IE8
KB969898
KB969947
KB970238
KB970483
KB970653-v3
KB971032
KB971180-IE8
KB971468
KB971486
KB971513
KB971557
KB971633
KB971657
KB971737
KB971930-IE8
KB971961-IE8
KB972260-IE8
KB972270
KB972636-IE8
KB973037
KB973346
KB973354
KB973507
KB973525
KB973540
KB973687
KB973815
KB973869
KB973874-IE8
KB973904
KB973917
KB973917-v2
KB974112
KB974318
KB974392
KB974455-IE8
KB974571
KB975025
KB975364-IE8
KB975467
KB975560
KB975713
KB976098-v2
KB976325-IE8
KB976662-IE8
KB976749-IE8
KB977165
KB977290
KB977816
KB977914
KB978037
KB978207-IE8
KB978251
KB978262
KB978338
KB978506-IE8
KB978542
KB978601
KB978706
KB979306
KB979309
KB979683
KB979907
KB980182-IE8
KB980195
KB980232
KB980302-IE8
KB981332-IE8
KB981793
KB982381-IE8
KB982632-IE8
Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Server Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : SBSserver.ourdomain
IP Address . . . . . . . . : 192.168.20.11
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.20.3
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . : 192.168.20.11
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
WINS service test. . . . . : Skipped
NetBT is disable on this interface. [Test skipped].
Adapter : {83E04A2D-97B1-4BE5-81FF-4
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : our sbs server
IP Address . . . . . . . . : 192.168.20.111
Subnet Mask. . . . . . . . : 255.255.255.255
Default Gateway. . . . . . :
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . :
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.
WINS service test. . . . . : Skipped
NetBT is disable on this interface. [Test skipped].
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Skipped
There are no interfaces that have NetBT enabled. [Test skipped]
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Skipped
There are no interfaces that have NetBT enabled. [Test skipped]
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '192.168.20.11' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Skipped
There are no interfaces that have NetBT enabled. [Test skipped]
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
KB926122
KB926139-v2
KB926141
KB927891
KB929123
KB930178
KB931768
KB931784
KB931836
KB932168
KB933360
KB933566
KB933729
KB933854
KB935839
KB935840
KB935966
KB936021
KB936357
KB936782
KB938127
KB938127-IE7
KB938464
KB938759-v4
KB939653
KB941202
KB941568
KB941569
KB941644
KB941672
KB941693
KB942615
KB942763
KB942830
KB942831
KB942840
KB943055
KB943460
KB943484
KB943485
KB943729
KB944338
KB944533-IE7
KB944653
KB945553
KB946026
KB947864
KB947864-IE7
KB948496
KB948590
KB948881
KB949014
KB950759-IE7
KB950760
KB950762
KB950974
KB951066
KB951072-v2
KB951698
KB951746
KB951748
KB952004
KB952069
KB952954
KB953298
KB953838-IE7
KB953839
KB954155
KB954211
KB954550-v5
KB954600
KB955069
KB955759
KB955839
KB956263
KB956390-IE7
KB956391
KB956572
KB956744
KB956802
KB956803
KB956841
KB956844
KB957095
KB957097
KB958215-IE7
KB958644
KB958687
KB958690
KB958869
KB959426
KB960225
KB960714-IE7
KB960715
KB960803
KB960859
KB961063
KB961118
KB961260-IE7
KB961371
KB961371-v2
KB961373
KB961501
KB963027-IE7
KB967715
KB967723
KB968220-IE8
KB968389
KB968537
KB968816
KB969059
KB969805
KB969897-IE8
KB969898
KB969947
KB970238
KB970483
KB970653-v3
KB971032
KB971180-IE8
KB971468
KB971486
KB971513
KB971557
KB971633
KB971657
KB971737
KB971930-IE8
KB971961-IE8
KB972260-IE8
KB972270
KB972636-IE8
KB973037
KB973346
KB973354
KB973507
KB973525
KB973540
KB973687
KB973815
KB973869
KB973874-IE8
KB973904
KB973917
KB973917-v2
KB974112
KB974318
KB974392
KB974455-IE8
KB974571
KB975025
KB975364-IE8
KB975467
KB975560
KB975713
KB976098-v2
KB976325-IE8
KB976662-IE8
KB976749-IE8
KB977165
KB977290
KB977816
KB977914
KB978037
KB978207-IE8
KB978251
KB978262
KB978338
KB978506-IE8
KB978542
KB978601
KB978706
KB979306
KB979309
KB979683
KB979907
KB980182-IE8
KB980195
KB980232
KB980302-IE8
KB981332-IE8
KB981793
KB982381-IE8
KB982632-IE8
Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Server Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : SBSserver.ourdomain
IP Address . . . . . . . . : 192.168.20.11
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.20.3
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . : 192.168.20.11
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
WINS service test. . . . . : Skipped
NetBT is disable on this interface. [Test skipped].
Adapter : {83E04A2D-97B1-4BE5-81FF-4
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : our sbs server
IP Address . . . . . . . . : 192.168.20.111
Subnet Mask. . . . . . . . : 255.255.255.255
Default Gateway. . . . . . :
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . :
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.
WINS service test. . . . . : Skipped
NetBT is disable on this interface. [Test skipped].
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Skipped
There are no interfaces that have NetBT enabled. [Test skipped]
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Skipped
There are no interfaces that have NetBT enabled. [Test skipped]
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '192.168.20.11' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Skipped
There are no interfaces that have NetBT enabled. [Test skipped]
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
ASKER
DCDIAG tests on the SBS Server:
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\OU
Starting test: Connectivity
......................... SBSServer passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SB
Starting test: Replications
......................... OURSERVERNAME passed test Replications
Starting test: NCSecDesc
......................... OURSERVERNAME passed test NCSecDesc
Starting test: NetLogons
......................... OURSERVERNAME passed test NetLogons
Starting test: Advertising
......................... OURSERVERNAME passed test Advertising
Starting test: KnowsOfRoleHolders
......................... OURSERVERNAME passed test KnowsOfRoleHolders
Starting test: RidManager
......................... OURSERVERNAME passed test RidManager
Starting test: MachineAccount
......................... OURSERVERNAME passed test MachineAccount
Starting test: Services
......................... OURSERVERNAME passed test Services
Starting test: ObjectsReplicated
......................... OURSERVERNAME passed test ObjectsReplicated
Starting test: frssysvol
......................... OURSERVERNAME passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... OURSERVERNAME failed test frsevent
Starting test: kccevent
......................... OURSERVERNAME passed test kccevent
Starting test: systemlog
......................... OURSERVERNAME passed test systemlog
Starting test: VerifyReferences
......................... OURSERVERNAME passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : our-domain
Starting test: CrossRefValidation
......................... our-domain passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... our-domain passed test CheckSDRefDom
Running enterprise tests on : our.domainname.com
Starting test: Intersite
......................... our.domainname.com passed test Intersite
Starting test: FsmoCheck
......................... our.domainname.com passed test FsmoCheck
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\OU
Starting test: Connectivity
......................... SBSServer passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SB
Starting test: Replications
......................... OURSERVERNAME passed test Replications
Starting test: NCSecDesc
......................... OURSERVERNAME passed test NCSecDesc
Starting test: NetLogons
......................... OURSERVERNAME passed test NetLogons
Starting test: Advertising
......................... OURSERVERNAME passed test Advertising
Starting test: KnowsOfRoleHolders
......................... OURSERVERNAME passed test KnowsOfRoleHolders
Starting test: RidManager
......................... OURSERVERNAME passed test RidManager
Starting test: MachineAccount
......................... OURSERVERNAME passed test MachineAccount
Starting test: Services
......................... OURSERVERNAME passed test Services
Starting test: ObjectsReplicated
......................... OURSERVERNAME passed test ObjectsReplicated
Starting test: frssysvol
......................... OURSERVERNAME passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... OURSERVERNAME failed test frsevent
Starting test: kccevent
......................... OURSERVERNAME passed test kccevent
Starting test: systemlog
......................... OURSERVERNAME passed test systemlog
Starting test: VerifyReferences
......................... OURSERVERNAME passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : our-domain
Starting test: CrossRefValidation
......................... our-domain passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... our-domain passed test CheckSDRefDom
Running enterprise tests on : our.domainname.com
Starting test: Intersite
......................... our.domainname.com passed test Intersite
Starting test: FsmoCheck
......................... our.domainname.com passed test FsmoCheck
Looks pretty clean, just FRS issue
Starting test: frsevent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems.
......................... OURSERVERNAME failed test frsevent
This should be fixed however I do not believe it is causing your certificate issue.
Please check previous links I have pasted & also email through some errors from SYSTEM in event logs.
Starting test: frsevent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems.
......................... OURSERVERNAME failed test frsevent
This should be fixed however I do not believe it is causing your certificate issue.
Please check previous links I have pasted & also email through some errors from SYSTEM in event logs.
ASKER
Error:
Event 13, certificateservicesclient-
Certificate enrollment for Local system failed to enroll for a DomainController certificate from 'ourdomaincontroler'\OURDO
Warning:
Error 64, certificateservicesclient-
Certificate for local system with Thumbprint 25 06 b9 c3 56 fe 1e 28 61 d5 25 a8 86 14 ca b5 0a 07 7c ff is about to expire or already expired.
Certificate for local system with Thumbprint 86 fd 51 ce 42 66 22 96 f7 77 5e f8 24 25 1d 71 31 e4 0c db is about to expire or already expired.
Information:
Event 2080, MSExchange ADAccess
Process STORE.EXE (PID=7792). Exchange Active Directory Provider has discovered the following servers with the following characteristics:
(Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)
In-site:
our.domain.comtroller CDG 1 7 7 1 0 1 1 7 1
our.exchange.server CDG 1 7 7 1 0 1 1 7 1
Out-of-site:
Event 13, certificateservicesclient-
Certificate enrollment for Local system failed to enroll for a DomainController certificate from 'ourdomaincontroler'\OURDO
Warning:
Error 64, certificateservicesclient-
Certificate for local system with Thumbprint 25 06 b9 c3 56 fe 1e 28 61 d5 25 a8 86 14 ca b5 0a 07 7c ff is about to expire or already expired.
Certificate for local system with Thumbprint 86 fd 51 ce 42 66 22 96 f7 77 5e f8 24 25 1d 71 31 e4 0c db is about to expire or already expired.
Information:
Event 2080, MSExchange ADAccess
Process STORE.EXE (PID=7792). Exchange Active Directory Provider has discovered the following servers with the following characteristics:
(Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)
In-site:
our.domain.comtroller CDG 1 7 7 1 0 1 1 7 1
our.exchange.server CDG 1 7 7 1 0 1 1 7 1
Out-of-site:
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
There are some cert service troubleshooting messages here:
http://www.errorforum.com/microsoft-windows-2003-error/13881-automatic-certificate-enrollment-local-system-failed-enroll.html
What OS?