Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Exchange 2010 GoDaddy SSL Certificate Disappears After Creating Certification Request

Posted on 2011-03-19
14
Medium Priority
?
3,345 Views
Last Modified: 2012-05-11
Very odd problem here.  I have attempted to complete a certiifcation authority request several times on an Exhange Server 2010 installation.  I am following the document here:

http://help.godaddy.com/article/5863

At point #6 on To Install the SSL Certificate on Microsoft Exchange 2010, after reporting a successfull completion and I click on Finish, the Certificate immediately disappears from the Exchange Management Console Window, which means I cannot assign any services to it.  I've re-keyed the SSL cert four times and tried the process over, same results.  I also exported the certificate from the Certificates MMC and tried to re-import it, I get an error stating that it already exists.  

Even a "Get-ExchangeCertificates" on the powershell only shows the self-signed cert.

Any suggestions?
0
Comment
Question by:forthphaze
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
14 Comments
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 35173390
what are the purposes listed  under certificate ?
a.PNG
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 35173392
sorry, please ignore the screenshot.
I will upload the correct one.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 35173405
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
LVL 1

Author Comment

by:forthphaze
ID: 35173517
The option "Enable all purposes..."  is selected, and Server Authentication is the only checked option, just as in your screenshot.

Just as a sanity check, I imported both my cert and the gd_iis_intermediates into the internediate certification authroities container, and disabled the Go Daddy Class 2 under the Third-Party Root Certification Authorities.

0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 35173526
Did you tried restarting exchange services ?
0
 
LVL 1

Expert Comment

by:Windows8
ID: 35173638
i had this problem before try calling them and they will fix it for you and if that doesn't work them try doing a refresh by clicking the button on the upper top corner  it says refresh
0
 
LVL 1

Author Comment

by:forthphaze
ID: 35173647
Try calling who?  GoDaddy or Microsoft?  Because I called Go Daddy before posting here, and got a "I have never heard of that happening before.  Uh..... sorry, I don't know."
0
 
LVL 1

Author Comment

by:forthphaze
ID: 35173689
Yes, I tried restarting services, and even had rebooted.  Here's what I just did, I don't know if this will cause any problems.  I tried to re-import the certificate from my third attempt, and it took.  I assigned the IIS services to it.  

I'm getting a valid certificate, although I don't know since it was an older key.  I'm still having issues though.  When I try to test ActiveSync at testexchangeconnectivity.com  it fails with the following message:

Attempting to test potential Autodiscover URL https://autodiscover.lawbr.com/AutoDiscover/AutoDiscover.xml

Host name autodiscover.lawbr.com doesn't match any name found on the server certificate CN=mail.lawbr.com, OU=Domain Control Validated, O=mail.lawbr.com
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 35173720
Seems that your certificate is a single name not SAN certificate.

If you have SAN certificate, do you have autodiscover.domain.com list in it?
0
 
LVL 1

Author Comment

by:forthphaze
ID: 35173727
It is a single certificate, for host mail.   I have set this up previously on another Exchange 2010 system without issues.  I did notice that in the certificate request that the autodiscover hosts were in the summary before creating the certificate request key.  Should I remove them?  I don't recall doing that last time.
0
 
LVL 23

Accepted Solution

by:
Suliman Abu Kharroub earned 2000 total points
ID: 35173733
Do you have "autodiscover" DNS A record fo autodiscovery on you external  domain control panel ? if so , please delete.

If that does not work, yes please delete the autodiscover from certificate request key.
0
 
LVL 1

Author Comment

by:forthphaze
ID: 35173824
OK, So I've done both, I've also tweaked the autodiscover record internally to fix the Outlook setups per this doc:

http://support.microsoft.com/kb/940726

I think the remval of the autodiscover records in the cert request took care of the disappearing certificate magical act.  It is intact and assigned to IIS.  

I now get NO certificate errors on an iPhone setup, but still unable to verify account information.  Sulimanw, you'll get the points on the solution above.  

Do you have any suggestions on the new error on the sync?  
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 35174364
Please test on :http://testexchangeconnectivity.com

any errors there ?
0
 
LVL 1

Author Comment

by:forthphaze
ID: 35175518
There is still errors there, and when the phone first syncs for a few minutes, but the sync eventually works.  It was producing errors, and I sat the phone down to watch Butler take down Pitt, by the time I got back the mailbox was syncing to the phone.  Perhaps I'm just not being patient.  The main issues with the testexchangeconnectivity.com test is that it is trying to reolve domain.com, not mail.domain.com.  
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question