Exchange server 2003 ssl certificate failed on active sync test

Hi we are running SBS 2003 exchange server sp2 . when i do active syn test for my server it gives me error of SSL Certificate

please see below :-

 ExRCA is testing Exchange ActiveSync.  
  The Exchange ActiveSync test failed.
   Test Steps
   Attempting to resolve the host name mail.palmongroup.com in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: 206.183.108.148
 
 Testing TCP port 443 on host mail.palmongroup.com to ensure it's listening and open.
  The port was opened successfully.
 Testing the SSL certificate to make sure it's valid.
  The SSL certificate failed one or more certificate validation checks.
   Test Steps
   Validating the certificate name.
  Certificate name validation failed.
   Tell me more about this issue and how to resolve it
   Additional Details
  Host name mail.palmongroup.com doesn't match any name found on the server certificate E=info@parallels.com, CN=plesk, OU=Plesk, O="Parallels, Inc.", L=Herndon, S=Virginia, C=US.

Recently my iphone and ipad mails started encountering errors as they are not accepting the password when i configuring my server email address
so i thought to test teh active syn , where i have encountered the above stated error

Kindly Advice
 
 
 
 
 
sanjeevkmrsAsked:
Who is Participating?
 
Andrew Hancock (VMware vExpert / EE MVE^2)Connect With a Mentor VMware and Virtualization ConsultantCommented:
if you have a read of Alan's Article here

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html

Scroll down the Document until you get to SSL Certificates
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
the security certificate which you are using does not contain the fully qualified domain name which you have stated above.

the ssl certificate should match and include the fqdn.

e.g. if your mail server is mail.example.com, your security certificate should also be issues to mail.example.com
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
the common name in the certtifcate is "plesk" and it should be your mail server fqdn name.
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
it's also expired, it expired on the 23/01/11.

So you need to get a new certificate, which matchs your fqdn.
0
 
sanjeevkmrsAuthor Commented:
how i can generate new certificate on my exchange server ?
Kindly advice
0
 
praveenkumare_spCommented:
Go to IIS manager > open sites > right click Default website > properties> Directory Security > Server Certificate>Edit

U will get a option for new certificate(if u dont get it, use the option to remove certificate and try again)

Use this link if u have trouble where u need to go for Cert in IIS manager
http://praveen-exchange.blogspot.com/2011/04/where-are-my-certificates.html
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Once you done the above as praveenkumare_sp has suggested, you need to upload the Certificate Request, to a company which issues certificates, and pay them money, and then install the new certificate.
0
 
sanjeevkmrsAuthor Commented:
why we need to pay the money as i need it only for my server . cant possible without paying ?
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
You can issue a self-signed certificate, if you have a Certificate Server in your organisation.

Where did you get the first certificate from?

Although if you issue a self-signed certificate, it may not function correctly with mobile devices, that do not have the Root CA installed on the mobile device.
0
 
sanjeevkmrsAuthor Commented:
As i was not able to run http over rpc and was facing some other active sync issues so last year the certificate was generated from server only and till now it was working fine .
can i have the steps how should i regenrate a new certificate
Please advice
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
That really is another question, but did you create the certificate on your own server - in house?

(you do releasie generating your own certificate may still give issues on your mobile devices?)

do you still have a Certificate Server in your own organisation?
0
 
sanjeevkmrsAuthor Commented:
yes
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
If you follow praveenkumare_sp post, you should be able to request a new certificate from the IIS server, and get your certificate server to process it, and give you a new certicate.

just make sure the common name is correct.
0
 
sanjeevkmrsAuthor Commented:
so do i have to purchase it ? ( as stated by you earlier?
please advice
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
If you have a certificate server in your organisation - not really (but you could have issues as stated before).

or you purchase one, either way you've got to generate the Certificate Request from the IIS server.

Then either process it on your Certificate Server, or upload and purchase from the Internet.
0
 
sanjeevkmrsAuthor Commented:
well i have a dought here ...............wheni go to IIS Manager - then right click on default web site Then to properties .. and the to Directory security Tab when i click on view certificate it gives me a validity from 10/4/2010/ till 10/3/2012.

is my server certificate expired ??
Kindly advice
0
 
sanjeevkmrsAuthor Commented:
Actually i am not able to configure my exchange mails on my iphone and ipad so i thought may be a certificate expired . is it so ?
Kindly advice
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
well that certificate is clearly not expired.

when you say not able to configure on iphone/ipad, do you mean you cannot sync?

is that the correct server that handles the mail and activesync as above?
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
is that the same hosted tested as above?

check that certificate is it this one?

Host name mail.palmongroup.com doesn't match any name found on the server certificate E=info@parallels.com, CN=plesk, OU=Plesk, O="Parallels, Inc.", L=Herndon, S=Virginia, C=US.
0
 
sanjeevkmrsAuthor Commented:
yes the test was done on same server , but now after making some changes in active sync configuration my active syn s sincronising perfectly
i used my dynns.org account in server name .
0
 
sanjeevkmrsAuthor Commented:
any updates ?
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
what do you want to know?

active sync is all working question closed?

isnt it?
0
 
sanjeevkmrsAuthor Commented:
I want to know that as we are using dyndns account for our OWA conncetivity and VPN connectivity so should i put same palmon.dyndns.org under r Exchange ActiveSync server settings ?
as when i am putting so active syn shows sucess
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
if you have test it and it works for you, then use that domain name.
0
 
sanjeevkmrsAuthor Commented:
ok thanks
0
 
sanjeevkmrsAuthor Commented:
Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.