After get a goddady cert imap crashed

heze54
heze54 used Ask the Experts™
on
Hi,


I bought a new ssl cert for my exchange server IIS services.

Everythin went fine, following a microsoft tech guide, but after apply the cert every IMAP configured mail account didnt work again. I´m trying with 143 or 993 but same error.

Any idea?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Is this a wildcard cert or a UCC cert?

Author

Commented:
I think wildcard

Commented:
do a Get-ExchangeCertificate -DomainName your.domain.name in ems.
are the services assigned to the correct cert/thumbprint?
Enable-ExchangeCertificate -ThumbPrint copyandpastethecorectthumbprint -Services "SMTP, IMAP, POP, IIS"
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
[PS] C:\>get-exchangecertificate -domainname exchange.hezesoft.org
Creando una nueva sesión para la comunicación remota implícita del comando "Get-ExchangeCertificate"...

Thumbprint                                Services   Subject
----------                                --------   -------
C0714E7BD4A3476D5D119EFA60BA57AB6A37F500  IP.WS.     CN=exchange.hezesoft.org, OU=Domain Control Validated, O=exchan...
Yeah there is a known issue with wildcard certs and pop/imap. You can not use the normal certificate implementation process. You will need to use the set-imapsettings to fix the issue

Set-ImapSettings -Server Exchange2010 -X509CertificateName imap.yourdomain.com
Do not use the Enable-ExchangeCertificate for imap or pop

Author

Commented:
Ummm


then... whats the correct command?

Author

Commented:
then would be:

Set-ImapSettings -Server Exchange2010 -X509CertificateName exchange.hezesoft.org

Author

Commented:
Set-ImapSettings -Server exchange.hezesoft.org -X509CertificateName exchange.hezesoft.org


Done but  not changes were made
Enable-ExchangeCertificate -ThumbPrint copyandpastethecorectthumbprint -Services "SMTP, IIS"

should remove the imap and pop then run the Set-ImapSettings line again. And is the -X509CertificateName what they use to connect to your imap server?  

Author

Commented:
Which is  copyandpastethecorectthumbprin?
Sorry, reference 5g6tdcv4: post above

Author

Commented:
[PS] C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup>
[PS] C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup>Enable-ExchangeCertificate -Th
umbPrint C0714E7BD4A3476D5D119EFA60BA57AB6A37F500 -Services "SMTP, IIS"
[PS] C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup>Set-ImapSettings -Server excha
nge.hezesoft.org -X509CertificateName exchange.hezesoft.org
ADVERTENCIA: El comando finalizó correctamente, pero no se ha modificado ningún valor de configuración de "EXCHANGE\1".
[PS] C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup>
ImapSettings -Server (netbios servername) -X509CertificateName exchange.hezesoft.org

Author

Commented:
yes... imap worked but  not smtp. I tried with 25, 995 ssl tls but nothing
Try 587
You may need to create a new Receive Connector that has 587 port and set authentication to TLS with windows integrated authentication

Author

Commented:
0x800ccc67 error

Author

Commented:
where ?

Author

Commented:
or how using console.. I only know with graphic mode
EMC -> Server Configuration -> Hub Transport -> Receive Connector
New Receive Connector -> Internet Type -> Port 587 -> Enter FQDN -> New

Author

Commented:
same 0x800ccc67 error using ssl 587
Now right click connector -> Authentication -> Check TLS, Basic, Offer, Integrated -> Permission Groups -> Exchange Users -> OK
TLS 587

Author

Commented:
error.. when trying to send a test email
Sorry you actually didn't need to create a new receiver. You should have a client and default. Goto client and verify those settings

Author

Commented:
I knew when I saw it
Are you using outlook as the client?

Author

Commented:
Well

I could change everything and only apply  the cert to  owa access and run imap pop and beyond in plain text... for the moment
No don't do that yet
Can you double check that your outgoing server is set to use the same username and password as incoming? I've ran into it before

Author

Commented:
Then?

any idea?

Author

Commented:
smtp problems....
Can you double check that your outgoing server is set to use the same username and password as incoming? I've ran into it before

Author

Commented:
pufff an avast problem


fuck
Lol. Bad ass!
Well atleast we got your certificate issue fixed ;)

Author

Commented:
then.... sharing contacts jajajaj

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial