[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1181
  • Last Modified:

Exchange server 2003 ssl certificate failed on active sync test

Hi we are running SBS 2003 exchange server sp2 . when i do active syn test for my server it gives me error of SSL Certificate

please see below :-

 ExRCA is testing Exchange ActiveSync.  
  The Exchange ActiveSync test failed.
   Test Steps
   Attempting to resolve the host name mail.palmongroup.com in DNS.
  The host name resolved successfully.
   Additional Details
  IP addresses returned: 206.183.108.148
 
 Testing TCP port 443 on host mail.palmongroup.com to ensure it's listening and open.
  The port was opened successfully.
 Testing the SSL certificate to make sure it's valid.
  The SSL certificate failed one or more certificate validation checks.
   Test Steps
   Validating the certificate name.
  Certificate name validation failed.
   Tell me more about this issue and how to resolve it
   Additional Details
  Host name mail.palmongroup.com doesn't match any name found on the server certificate E=info@parallels.com, CN=plesk, OU=Plesk, O="Parallels, Inc.", L=Herndon, S=Virginia, C=US.

Recently my iphone and ipad mails started encountering errors as they are not accepting the password when i configuring my server email address
so i thought to test teh active syn , where i have encountered the above stated error

Kindly Advice
 
 
 
 
 
0
sanjeevkmrs
Asked:
sanjeevkmrs
  • 13
  • 12
1 Solution
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
the security certificate which you are using does not contain the fully qualified domain name which you have stated above.

the ssl certificate should match and include the fqdn.

e.g. if your mail server is mail.example.com, your security certificate should also be issues to mail.example.com
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
the common name in the certtifcate is "plesk" and it should be your mail server fqdn name.
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
it's also expired, it expired on the 23/01/11.

So you need to get a new certificate, which matchs your fqdn.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
sanjeevkmrsAuthor Commented:
how i can generate new certificate on my exchange server ?
Kindly advice
0
 
praveenkumare_spCommented:
Go to IIS manager > open sites > right click Default website > properties> Directory Security > Server Certificate>Edit

U will get a option for new certificate(if u dont get it, use the option to remove certificate and try again)

Use this link if u have trouble where u need to go for Cert in IIS manager
http://praveen-exchange.blogspot.com/2011/04/where-are-my-certificates.html
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Once you done the above as praveenkumare_sp has suggested, you need to upload the Certificate Request, to a company which issues certificates, and pay them money, and then install the new certificate.
0
 
sanjeevkmrsAuthor Commented:
why we need to pay the money as i need it only for my server . cant possible without paying ?
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
You can issue a self-signed certificate, if you have a Certificate Server in your organisation.

Where did you get the first certificate from?

Although if you issue a self-signed certificate, it may not function correctly with mobile devices, that do not have the Root CA installed on the mobile device.
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
if you have a read of Alan's Article here

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html

Scroll down the Document until you get to SSL Certificates
0
 
sanjeevkmrsAuthor Commented:
As i was not able to run http over rpc and was facing some other active sync issues so last year the certificate was generated from server only and till now it was working fine .
can i have the steps how should i regenrate a new certificate
Please advice
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
That really is another question, but did you create the certificate on your own server - in house?

(you do releasie generating your own certificate may still give issues on your mobile devices?)

do you still have a Certificate Server in your own organisation?
0
 
sanjeevkmrsAuthor Commented:
yes
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
If you follow praveenkumare_sp post, you should be able to request a new certificate from the IIS server, and get your certificate server to process it, and give you a new certicate.

just make sure the common name is correct.
0
 
sanjeevkmrsAuthor Commented:
so do i have to purchase it ? ( as stated by you earlier?
please advice
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
If you have a certificate server in your organisation - not really (but you could have issues as stated before).

or you purchase one, either way you've got to generate the Certificate Request from the IIS server.

Then either process it on your Certificate Server, or upload and purchase from the Internet.
0
 
sanjeevkmrsAuthor Commented:
well i have a dought here ...............wheni go to IIS Manager - then right click on default web site Then to properties .. and the to Directory security Tab when i click on view certificate it gives me a validity from 10/4/2010/ till 10/3/2012.

is my server certificate expired ??
Kindly advice
0
 
sanjeevkmrsAuthor Commented:
Actually i am not able to configure my exchange mails on my iphone and ipad so i thought may be a certificate expired . is it so ?
Kindly advice
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
well that certificate is clearly not expired.

when you say not able to configure on iphone/ipad, do you mean you cannot sync?

is that the correct server that handles the mail and activesync as above?
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
is that the same hosted tested as above?

check that certificate is it this one?

Host name mail.palmongroup.com doesn't match any name found on the server certificate E=info@parallels.com, CN=plesk, OU=Plesk, O="Parallels, Inc.", L=Herndon, S=Virginia, C=US.
0
 
sanjeevkmrsAuthor Commented:
yes the test was done on same server , but now after making some changes in active sync configuration my active syn s sincronising perfectly
i used my dynns.org account in server name .
0
 
sanjeevkmrsAuthor Commented:
any updates ?
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
what do you want to know?

active sync is all working question closed?

isnt it?
0
 
sanjeevkmrsAuthor Commented:
I want to know that as we are using dyndns account for our OWA conncetivity and VPN connectivity so should i put same palmon.dyndns.org under r Exchange ActiveSync server settings ?
as when i am putting so active syn shows sucess
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
if you have test it and it works for you, then use that domain name.
0
 
sanjeevkmrsAuthor Commented:
ok thanks
0
 
sanjeevkmrsAuthor Commented:
Thanks
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

  • 13
  • 12
Tackle projects and never again get stuck behind a technical roadblock.
Join Now