[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Outlook Security Warning

Posted on 2011-02-14
18
Medium Priority
?
1,420 Views
Last Modified: 2012-05-11
I am having a problem with users running Outlook 2007 and trying to send email though Port 587 using TLS.  I think the problem is on the server.  In the Exchange Shell screenshot below you will see the CN name as "SERVER" and then you will see the correct CN name below it.  If you look at the details of the error that Outlook is giving, you will see the "Issued To" also states "SERVER" but should be the FQDN.  Any suggestions on what looks wrong here?  Thanks. Certificate CN from Exchange ShellOutlook-Cert-Error-Message.gif
Certificate-Error---Wrong-CN-Nam.gif
0
Comment
Question by:gruen33
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 9
18 Comments
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 34892699
from MMC, copy this certificate from personal store to trusted root certificates.
0
 

Author Comment

by:gruen33
ID: 34893626
Thanks Suliman.  I tried copying both items to the Trusted Root Certification Authorities >Certificates folder.  Still having the same issue.  I am attaching a screenshot of the MMC.  Please let me know if you have any other ideas.  Thanks. MMC Screenshot with Cert Info
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 34901998
From EMC, go to server configurations and from action panel use the "assign services to certificate" wizard to assigned the correct certificate (Godaddy) to outlook anywhere ( rpc/https) service.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:gruen33
ID: 34907863
SulimanW, I do not see that option in Exchange 2007.  I have researched that option and I see where that is done in 2010.  Any thought on how to do this in 2007?  Thanks, it appears we may be on the right track.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 34908692
In exchange 2007, you can do it using powershell:

Enable-ExchangeCertificate -Services:"SMTP" -thumprint "thumprint"

where services one of these values :Pop,SMTP,IIS, IMAP, None, federation.

You can find the thumprint from certificate details. but make sure to remove spaces.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 34908709
also "Get-ExchangeCertificate" will show you thumprints.
0
 

Author Comment

by:gruen33
ID: 34911591
Thanks.  I did do this and was asked if I wanted to overwrite the Existing Default SMTP Certificate and I chose YES.  I am assuming that the S under Services refers to SMTP.  The old valude still exists along with the new value.  Below is a screenshot.  How do I remove the old Thumbprint that shows CN=SERVER?  Thanks- screenshot-1
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 34911623
You can safely delete the certificate, but as backup just export it from MMC console to somewhere safe. then delete it. You may need to restart exchange services.
0
 

Author Comment

by:gruen33
ID: 34913286
Well that error is gone but I have a new one.  Outlook is configured for SMTP Port 587 with TLS.  The error is in the screenshot when testing the send functionality.  Thanks, I really appreciate you helping me out on this. New test send error using TLS
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 34913888
Do you have latest updates installed on outlook and exchange ?
0
 

Author Comment

by:gruen33
ID: 34916553
I performed the steps you gave above by exporting the Certificate that had the Thumbprint associated with CN=SERVER and then deleting it via MMC.  I restarted the server and now there is only one certificate showing up in MMC which should be correct.  OWA Certificate works just fine, still not working with SMTP.  Is there a method where I have to "Bind" it somewhere, like to the local IP address.  Yes, all updates are current for both Exchange 2007 and Outlook 2007.  Below is a screenshot of the Cert via Shell.  Thanks- Cert Screenshot After Removing CN=SERVER Thumbprint
0
 

Author Comment

by:gruen33
ID: 34920342
FYI:  I can send just fine with encryption setting as "None".  I would rather not do that though.
0
 
LVL 23

Accepted Solution

by:
Suliman Abu Kharroub earned 2000 total points
ID: 34922544
please try again:  "Enable-ExchangeCertificate -Services:"SMTP" -thumprint "thumprint""

If that does not work please refer to "Client to Server Secure SMTP Connectivity in Exchange Server 2007" :http://www.shudnow.net/2008/02/10/client-to-server-secure-smtp-connectivity-in-exchange-server-2007/
0
 

Author Comment

by:gruen33
ID: 34923442
Thanks, I read that.  Still no luck.  It doesn't make sense that I can send using Port 587 using authentication without TLS or SSL selected.  Testing with either TLS or SSL seleced gives me the error I posted earlier "Your server does not support the connection encryption type you have specified".  I'm stumped.  I will keep researching.  If you come up with another idea please let me know.  Thanks for all the work you have put into this for me.
0
 
LVL 23

Assisted Solution

by:Suliman Abu Kharroub
Suliman Abu Kharroub earned 2000 total points
ID: 34926552
0
 

Assisted Solution

by:gruen33
gruen33 earned 0 total points
ID: 34931578
OK, it actually ended up being something simple.  I went into MMC and into the properties of GoDaddy Class 2 Certificate Authority and selected "Enable All Purposes for this Certificate".  I am not sure why it was not selected but that did the trick.  Thanks for all your help and direction. MMC where i changed the properties
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 34932919
Glad to hear that..
0
 

Author Closing Comment

by:gruen33
ID: 34959296
Sulimanw pointed me in the right direction on serveral responses.  After digging a bit while using his responses I was able to find the solution.
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question