• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3433
  • Last Modified:

Exchange 2010 GoDaddy SSL Certificate Disappears After Creating Certification Request

Very odd problem here.  I have attempted to complete a certiifcation authority request several times on an Exhange Server 2010 installation.  I am following the document here:

http://help.godaddy.com/article/5863

At point #6 on To Install the SSL Certificate on Microsoft Exchange 2010, after reporting a successfull completion and I click on Finish, the Certificate immediately disappears from the Exchange Management Console Window, which means I cannot assign any services to it.  I've re-keyed the SSL cert four times and tried the process over, same results.  I also exported the certificate from the Certificates MMC and tried to re-import it, I get an error stating that it already exists.  

Even a "Get-ExchangeCertificates" on the powershell only shows the self-signed cert.

Any suggestions?
0
forthphaze
Asked:
forthphaze
  • 7
  • 6
1 Solution
 
Suliman Abu KharroubIT Consultant Commented:
what are the purposes listed  under certificate ?
a.PNG
0
 
Suliman Abu KharroubIT Consultant Commented:
sorry, please ignore the screenshot.
I will upload the correct one.
0
 
Suliman Abu KharroubIT Consultant Commented:
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
forthphazeAuthor Commented:
The option "Enable all purposes..."  is selected, and Server Authentication is the only checked option, just as in your screenshot.

Just as a sanity check, I imported both my cert and the gd_iis_intermediates into the internediate certification authroities container, and disabled the Go Daddy Class 2 under the Third-Party Root Certification Authorities.

0
 
Suliman Abu KharroubIT Consultant Commented:
Did you tried restarting exchange services ?
0
 
Windows8Commented:
i had this problem before try calling them and they will fix it for you and if that doesn't work them try doing a refresh by clicking the button on the upper top corner  it says refresh
0
 
forthphazeAuthor Commented:
Try calling who?  GoDaddy or Microsoft?  Because I called Go Daddy before posting here, and got a "I have never heard of that happening before.  Uh..... sorry, I don't know."
0
 
forthphazeAuthor Commented:
Yes, I tried restarting services, and even had rebooted.  Here's what I just did, I don't know if this will cause any problems.  I tried to re-import the certificate from my third attempt, and it took.  I assigned the IIS services to it.  

I'm getting a valid certificate, although I don't know since it was an older key.  I'm still having issues though.  When I try to test ActiveSync at testexchangeconnectivity.com  it fails with the following message:

Attempting to test potential Autodiscover URL https://autodiscover.lawbr.com/AutoDiscover/AutoDiscover.xml

Host name autodiscover.lawbr.com doesn't match any name found on the server certificate CN=mail.lawbr.com, OU=Domain Control Validated, O=mail.lawbr.com
0
 
Suliman Abu KharroubIT Consultant Commented:
Seems that your certificate is a single name not SAN certificate.

If you have SAN certificate, do you have autodiscover.domain.com list in it?
0
 
forthphazeAuthor Commented:
It is a single certificate, for host mail.   I have set this up previously on another Exchange 2010 system without issues.  I did notice that in the certificate request that the autodiscover hosts were in the summary before creating the certificate request key.  Should I remove them?  I don't recall doing that last time.
0
 
Suliman Abu KharroubIT Consultant Commented:
Do you have "autodiscover" DNS A record fo autodiscovery on you external  domain control panel ? if so , please delete.

If that does not work, yes please delete the autodiscover from certificate request key.
0
 
forthphazeAuthor Commented:
OK, So I've done both, I've also tweaked the autodiscover record internally to fix the Outlook setups per this doc:

http://support.microsoft.com/kb/940726

I think the remval of the autodiscover records in the cert request took care of the disappearing certificate magical act.  It is intact and assigned to IIS.  

I now get NO certificate errors on an iPhone setup, but still unable to verify account information.  Sulimanw, you'll get the points on the solution above.  

Do you have any suggestions on the new error on the sync?  
0
 
Suliman Abu KharroubIT Consultant Commented:
Please test on :http://testexchangeconnectivity.com

any errors there ?
0
 
forthphazeAuthor Commented:
There is still errors there, and when the phone first syncs for a few minutes, but the sync eventually works.  It was producing errors, and I sat the phone down to watch Butler take down Pitt, by the time I got back the mailbox was syncing to the phone.  Perhaps I'm just not being patient.  The main issues with the testexchangeconnectivity.com test is that it is trying to reolve domain.com, not mail.domain.com.  
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

  • 7
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now