Solved

Exchange 2010 GoDaddy SSL Certificate Disappears After Creating Certification Request

Posted on 2011-03-19
14
3,225 Views
Last Modified: 2012-05-11
Very odd problem here.  I have attempted to complete a certiifcation authority request several times on an Exhange Server 2010 installation.  I am following the document here:

http://help.godaddy.com/article/5863

At point #6 on To Install the SSL Certificate on Microsoft Exchange 2010, after reporting a successfull completion and I click on Finish, the Certificate immediately disappears from the Exchange Management Console Window, which means I cannot assign any services to it.  I've re-keyed the SSL cert four times and tried the process over, same results.  I also exported the certificate from the Certificates MMC and tried to re-import it, I get an error stating that it already exists.  

Even a "Get-ExchangeCertificates" on the powershell only shows the self-signed cert.

Any suggestions?
0
Comment
Question by:forthphaze
  • 7
  • 6
14 Comments
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
Comment Utility
what are the purposes listed  under certificate ?
a.PNG
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
Comment Utility
sorry, please ignore the screenshot.
I will upload the correct one.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
Comment Utility
0
 
LVL 1

Author Comment

by:forthphaze
Comment Utility
The option "Enable all purposes..."  is selected, and Server Authentication is the only checked option, just as in your screenshot.

Just as a sanity check, I imported both my cert and the gd_iis_intermediates into the internediate certification authroities container, and disabled the Go Daddy Class 2 under the Third-Party Root Certification Authorities.

0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
Comment Utility
Did you tried restarting exchange services ?
0
 
LVL 1

Expert Comment

by:Windows8
Comment Utility
i had this problem before try calling them and they will fix it for you and if that doesn't work them try doing a refresh by clicking the button on the upper top corner  it says refresh
0
 
LVL 1

Author Comment

by:forthphaze
Comment Utility
Try calling who?  GoDaddy or Microsoft?  Because I called Go Daddy before posting here, and got a "I have never heard of that happening before.  Uh..... sorry, I don't know."
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 1

Author Comment

by:forthphaze
Comment Utility
Yes, I tried restarting services, and even had rebooted.  Here's what I just did, I don't know if this will cause any problems.  I tried to re-import the certificate from my third attempt, and it took.  I assigned the IIS services to it.  

I'm getting a valid certificate, although I don't know since it was an older key.  I'm still having issues though.  When I try to test ActiveSync at testexchangeconnectivity.com  it fails with the following message:

Attempting to test potential Autodiscover URL https://autodiscover.lawbr.com/AutoDiscover/AutoDiscover.xml

Host name autodiscover.lawbr.com doesn't match any name found on the server certificate CN=mail.lawbr.com, OU=Domain Control Validated, O=mail.lawbr.com
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
Comment Utility
Seems that your certificate is a single name not SAN certificate.

If you have SAN certificate, do you have autodiscover.domain.com list in it?
0
 
LVL 1

Author Comment

by:forthphaze
Comment Utility
It is a single certificate, for host mail.   I have set this up previously on another Exchange 2010 system without issues.  I did notice that in the certificate request that the autodiscover hosts were in the summary before creating the certificate request key.  Should I remove them?  I don't recall doing that last time.
0
 
LVL 23

Accepted Solution

by:
Suliman Abu Kharroub earned 500 total points
Comment Utility
Do you have "autodiscover" DNS A record fo autodiscovery on you external  domain control panel ? if so , please delete.

If that does not work, yes please delete the autodiscover from certificate request key.
0
 
LVL 1

Author Comment

by:forthphaze
Comment Utility
OK, So I've done both, I've also tweaked the autodiscover record internally to fix the Outlook setups per this doc:

http://support.microsoft.com/kb/940726

I think the remval of the autodiscover records in the cert request took care of the disappearing certificate magical act.  It is intact and assigned to IIS.  

I now get NO certificate errors on an iPhone setup, but still unable to verify account information.  Sulimanw, you'll get the points on the solution above.  

Do you have any suggestions on the new error on the sync?  
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
Comment Utility
Please test on :http://testexchangeconnectivity.com

any errors there ?
0
 
LVL 1

Author Comment

by:forthphaze
Comment Utility
There is still errors there, and when the phone first syncs for a few minutes, but the sync eventually works.  It was producing errors, and I sat the phone down to watch Butler take down Pitt, by the time I got back the mailbox was syncing to the phone.  Perhaps I'm just not being patient.  The main issues with the testexchangeconnectivity.com test is that it is trying to reolve domain.com, not mail.domain.com.  
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now