[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Certificate Name Validation Failed - Exchange 2003 SBS

Posted on 2012-04-10
10
Medium Priority
?
1,360 Views
Last Modified: 2012-04-16
Need your help.  I have a client who has a SBS 2003 server with Exchange 2003.  I am trying to get mail on an iPhone (or any smartphone) via this Exchange server.  This thing is kicking my you know what.  Anyway, I found a neat little routine that you can run that simulates an iPhone with all the email/exchange configurations and tells you why you can NOT connect (get/send email).  So I did it and the results are below.  Basically, the last section says "Certificate Name Validation failed"...so I assume it's a certificate issue...I am looking for steps to solve this so that the user's can get their email on their smartphone.  Thanks in advance for your help/comments.

FYI: I went to https://www.testexchangeconnectivity.com  and put in the required user and email configuration information (just like you'd do to configure an iPhone for Exchange).  The following are the results.  See last portion about Certificate Name Validation.

-----------------------------------
ExRCA is testing Exchange ActiveSync.
 The Exchange ActiveSync test failed.
 Test Steps
 Attempting to resolve the host name mail.balmoving.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: xx.xx.xx.xx

Testing TCP port 443 on host mail.balmoving.com to ensure it's listening and open.
 The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 Test Steps
 ExRCA is attempting to obtain the SSL certificate from remote server mail.balmoving.com on port 443.
 ExRCA successfully obtained the remote SSL certificate.
 Additional Details
 Remote Certificate Subject: CN=office.balmoving.com, CN=companyweb, CN=sbs, CN=localhost, CN=sbs.balmoving.local, Issuer: CN=office.balmoving.com, CN=companyweb, CN=sbs, CN=localhost, CN=sbs.balmoving.local.

Validating the certificate name.
 Certificate name validation failed.
  Tell me more about this issue and how to resolve it
 Additional Details
 Host name mail.balmoving.com doesn't match any name found on the server certificate CN=office.balmoving.com, CN=companyweb, CN=sbs, CN=localhost, CN=sbs.balmoving.local.
0
Comment
Question by:infosys3
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
10 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 2000 total points
ID: 37830548
My article should help you here:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html

But for now - just re-run the Connect To The Internet Wizard, change nothing until you get to the Certificate part, then create a new certificate called mail.balmoving.com, then complete the wizard (chaning nothing else) and let the wizard complete.

Once completed - re-run the test on the test site (make sure you tick the "ignore trust for SSL" check box and see what gives, then if you have problems, refer to my article for guidance.

Shout if you are stuck anywhere.

Alan
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37830552
One problem is the domain you have posted isn't valid, which you have hopefully masked on purpose.
0
 
LVL 7

Expert Comment

by:Jarred Power
ID: 37830556
Your Cert has the Wrong CN =office.balmoving.com  
You either need to change the Cert to reflect your MX record mail.balmoving.com or change the MX record.  Changing the cert word probably be the best route.   See http://www.emailsecuritymatters.com/site/blog/best-practices/how-to-create-self-signed-ssl-certificate-exchange-2003-2007-2010-windows/  to create new self signed cert.  Remember to use  mail.balmoving.com.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37830565
Don't follow the link above - this is SBS - you need to use the Wizard I have mentioned.
0
 

Author Comment

by:infosys3
ID: 37830651
Many thanks...I am not at the site now...and will not be until Thursday...  I will let you know...also, Yes, I did mask the domain.  I will contact you Thursday.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37830661
No problems - I should be around unless someone's server blows up in the mean-time!
0
 

Author Comment

by:infosys3
ID: 37846448
jpower5000---
Your link is quite extensie...and I think I did all configs correctly, but, alas, I am now getting this error..see last couple of lines...any ideas.  Again, many thanks for your help.
============

Testing the SSL certificate to make sure it's valid.
  The SSL certificate failed one or more certificate validation checks.
   Test Steps
   ExRCA is attempting to obtain the SSL certificate from remote server mail.maloneymoving.com on port 443.
  ExRCA successfully obtained the remote SSL certificate.
   Additional Details
  Remote Certificate Subject: CN=mail.balmoving.com, CN=companyweb, CN=sbs, CN=localhost, CN=sbs.balmoving.local, Issuer: CN=mail.balmoving.com, CN=companyweb, CN=sbs, CN=localhost, CN=sbs.balmoving.local.
 
 Validating the certificate name.
  The certificate name was validated successfully.
   Additional Details
  Host name mail.balmoving.com was found in the Certificate Subject Common name.
 
 Validating certificate trust for Windows Mobile devices.
  Certificate trust validation failed.
   Test Steps
   ExRCA is attempting to build certificate chains for certificate CN=mail.balmoving.com, CN=companyweb, CN=sbs, CN=localhost, CN=sbs.balmoving.local.
  A certificate chain couldn't be constructed for the certificate.
   Tell me more about this issue and how to resolve it
   Additional Details
  The certificate chain didn't end in a trusted root. Root = CN=mail.balmoving.com, CN=companyweb, CN=sbs, CN=localhost, CN=sbs.balmoving.local
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37846484
Did you tick the Ignore Trust for SSL check box?  If you have a self-issued certificate - you need to tick that box on the test.
0
 

Author Closing Comment

by:infosys3
ID: 37851267
Alan:
Wooo...you are the man.  No, I didn't tick it, but that was Friday afternoon when I was doing all the testing.   This morning I did make the tick and got all "green" designations.  Moreover, I sent a test email and, alas, the email showed up on my iphone.  I had made the changes on the Exchange server Fri afternoon as per your link above I did some email testing like I did this morning, but no-go, no- mail.   I assume that Fri night, Exchange "rectified" something????  Anyway, you have been a tremendous help as I have been banging my head against a brick wall.  Many thanks...I am sending a New Orleans shrimp poor-boy sandwich in the mail to you today.  Plus, you get a gold star for helping me.
Best regards, Bruce
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37851277
Thanks Bruce - I'll look forward to the sandwich ;)

Glad you are sorted and thanks too for the points.  Sometimes the changes do take a little while to take effect.

Best wishes

Alan
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question