?
Solved

Certificate Name Validation Failed - Exchange 2003 SBS

Posted on 2012-04-10
10
Medium Priority
?
1,356 Views
Last Modified: 2012-04-16
Need your help.  I have a client who has a SBS 2003 server with Exchange 2003.  I am trying to get mail on an iPhone (or any smartphone) via this Exchange server.  This thing is kicking my you know what.  Anyway, I found a neat little routine that you can run that simulates an iPhone with all the email/exchange configurations and tells you why you can NOT connect (get/send email).  So I did it and the results are below.  Basically, the last section says "Certificate Name Validation failed"...so I assume it's a certificate issue...I am looking for steps to solve this so that the user's can get their email on their smartphone.  Thanks in advance for your help/comments.

FYI: I went to https://www.testexchangeconnectivity.com  and put in the required user and email configuration information (just like you'd do to configure an iPhone for Exchange).  The following are the results.  See last portion about Certificate Name Validation.

-----------------------------------
ExRCA is testing Exchange ActiveSync.
 The Exchange ActiveSync test failed.
 Test Steps
 Attempting to resolve the host name mail.balmoving.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: xx.xx.xx.xx

Testing TCP port 443 on host mail.balmoving.com to ensure it's listening and open.
 The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 Test Steps
 ExRCA is attempting to obtain the SSL certificate from remote server mail.balmoving.com on port 443.
 ExRCA successfully obtained the remote SSL certificate.
 Additional Details
 Remote Certificate Subject: CN=office.balmoving.com, CN=companyweb, CN=sbs, CN=localhost, CN=sbs.balmoving.local, Issuer: CN=office.balmoving.com, CN=companyweb, CN=sbs, CN=localhost, CN=sbs.balmoving.local.

Validating the certificate name.
 Certificate name validation failed.
  Tell me more about this issue and how to resolve it
 Additional Details
 Host name mail.balmoving.com doesn't match any name found on the server certificate CN=office.balmoving.com, CN=companyweb, CN=sbs, CN=localhost, CN=sbs.balmoving.local.
0
Comment
Question by:infosys3
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
10 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 2000 total points
ID: 37830548
My article should help you here:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html

But for now - just re-run the Connect To The Internet Wizard, change nothing until you get to the Certificate part, then create a new certificate called mail.balmoving.com, then complete the wizard (chaning nothing else) and let the wizard complete.

Once completed - re-run the test on the test site (make sure you tick the "ignore trust for SSL" check box and see what gives, then if you have problems, refer to my article for guidance.

Shout if you are stuck anywhere.

Alan
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37830552
One problem is the domain you have posted isn't valid, which you have hopefully masked on purpose.
0
 
LVL 7

Expert Comment

by:Jarred Power
ID: 37830556
Your Cert has the Wrong CN =office.balmoving.com  
You either need to change the Cert to reflect your MX record mail.balmoving.com or change the MX record.  Changing the cert word probably be the best route.   See http://www.emailsecuritymatters.com/site/blog/best-practices/how-to-create-self-signed-ssl-certificate-exchange-2003-2007-2010-windows/  to create new self signed cert.  Remember to use  mail.balmoving.com.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37830565
Don't follow the link above - this is SBS - you need to use the Wizard I have mentioned.
0
 

Author Comment

by:infosys3
ID: 37830651
Many thanks...I am not at the site now...and will not be until Thursday...  I will let you know...also, Yes, I did mask the domain.  I will contact you Thursday.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37830661
No problems - I should be around unless someone's server blows up in the mean-time!
0
 

Author Comment

by:infosys3
ID: 37846448
jpower5000---
Your link is quite extensie...and I think I did all configs correctly, but, alas, I am now getting this error..see last couple of lines...any ideas.  Again, many thanks for your help.
============

Testing the SSL certificate to make sure it's valid.
  The SSL certificate failed one or more certificate validation checks.
   Test Steps
   ExRCA is attempting to obtain the SSL certificate from remote server mail.maloneymoving.com on port 443.
  ExRCA successfully obtained the remote SSL certificate.
   Additional Details
  Remote Certificate Subject: CN=mail.balmoving.com, CN=companyweb, CN=sbs, CN=localhost, CN=sbs.balmoving.local, Issuer: CN=mail.balmoving.com, CN=companyweb, CN=sbs, CN=localhost, CN=sbs.balmoving.local.
 
 Validating the certificate name.
  The certificate name was validated successfully.
   Additional Details
  Host name mail.balmoving.com was found in the Certificate Subject Common name.
 
 Validating certificate trust for Windows Mobile devices.
  Certificate trust validation failed.
   Test Steps
   ExRCA is attempting to build certificate chains for certificate CN=mail.balmoving.com, CN=companyweb, CN=sbs, CN=localhost, CN=sbs.balmoving.local.
  A certificate chain couldn't be constructed for the certificate.
   Tell me more about this issue and how to resolve it
   Additional Details
  The certificate chain didn't end in a trusted root. Root = CN=mail.balmoving.com, CN=companyweb, CN=sbs, CN=localhost, CN=sbs.balmoving.local
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37846484
Did you tick the Ignore Trust for SSL check box?  If you have a self-issued certificate - you need to tick that box on the test.
0
 

Author Closing Comment

by:infosys3
ID: 37851267
Alan:
Wooo...you are the man.  No, I didn't tick it, but that was Friday afternoon when I was doing all the testing.   This morning I did make the tick and got all "green" designations.  Moreover, I sent a test email and, alas, the email showed up on my iphone.  I had made the changes on the Exchange server Fri afternoon as per your link above I did some email testing like I did this morning, but no-go, no- mail.   I assume that Fri night, Exchange "rectified" something????  Anyway, you have been a tremendous help as I have been banging my head against a brick wall.  Many thanks...I am sending a New Orleans shrimp poor-boy sandwich in the mail to you today.  Plus, you get a gold star for helping me.
Best regards, Bruce
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37851277
Thanks Bruce - I'll look forward to the sandwich ;)

Glad you are sorted and thanks too for the points.  Sometimes the changes do take a little while to take effect.

Best wishes

Alan
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
New style of hardware planning for Microsoft Exchange server.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question