Solved

Certificate Name Validation Failed - Exchange 2003 SBS

Posted on 2012-04-10
10
1,327 Views
Last Modified: 2012-04-16
Need your help.  I have a client who has a SBS 2003 server with Exchange 2003.  I am trying to get mail on an iPhone (or any smartphone) via this Exchange server.  This thing is kicking my you know what.  Anyway, I found a neat little routine that you can run that simulates an iPhone with all the email/exchange configurations and tells you why you can NOT connect (get/send email).  So I did it and the results are below.  Basically, the last section says "Certificate Name Validation failed"...so I assume it's a certificate issue...I am looking for steps to solve this so that the user's can get their email on their smartphone.  Thanks in advance for your help/comments.

FYI: I went to https://www.testexchangeconnectivity.com  and put in the required user and email configuration information (just like you'd do to configure an iPhone for Exchange).  The following are the results.  See last portion about Certificate Name Validation.

-----------------------------------
ExRCA is testing Exchange ActiveSync.
 The Exchange ActiveSync test failed.
 Test Steps
 Attempting to resolve the host name mail.balmoving.com in DNS.
 The host name resolved successfully.
 Additional Details
 IP addresses returned: xx.xx.xx.xx

Testing TCP port 443 on host mail.balmoving.com to ensure it's listening and open.
 The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
 The SSL certificate failed one or more certificate validation checks.
 Test Steps
 ExRCA is attempting to obtain the SSL certificate from remote server mail.balmoving.com on port 443.
 ExRCA successfully obtained the remote SSL certificate.
 Additional Details
 Remote Certificate Subject: CN=office.balmoving.com, CN=companyweb, CN=sbs, CN=localhost, CN=sbs.balmoving.local, Issuer: CN=office.balmoving.com, CN=companyweb, CN=sbs, CN=localhost, CN=sbs.balmoving.local.

Validating the certificate name.
 Certificate name validation failed.
  Tell me more about this issue and how to resolve it
 Additional Details
 Host name mail.balmoving.com doesn't match any name found on the server certificate CN=office.balmoving.com, CN=companyweb, CN=sbs, CN=localhost, CN=sbs.balmoving.local.
0
Comment
Question by:infosys3
  • 6
  • 3
10 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 37830548
My article should help you here:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html

But for now - just re-run the Connect To The Internet Wizard, change nothing until you get to the Certificate part, then create a new certificate called mail.balmoving.com, then complete the wizard (chaning nothing else) and let the wizard complete.

Once completed - re-run the test on the test site (make sure you tick the "ignore trust for SSL" check box and see what gives, then if you have problems, refer to my article for guidance.

Shout if you are stuck anywhere.

Alan
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37830552
One problem is the domain you have posted isn't valid, which you have hopefully masked on purpose.
0
 
LVL 7

Expert Comment

by:Jarred Power
ID: 37830556
Your Cert has the Wrong CN =office.balmoving.com  
You either need to change the Cert to reflect your MX record mail.balmoving.com or change the MX record.  Changing the cert word probably be the best route.   See http://www.emailsecuritymatters.com/site/blog/best-practices/how-to-create-self-signed-ssl-certificate-exchange-2003-2007-2010-windows/  to create new self signed cert.  Remember to use  mail.balmoving.com.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37830565
Don't follow the link above - this is SBS - you need to use the Wizard I have mentioned.
0
 

Author Comment

by:infosys3
ID: 37830651
Many thanks...I am not at the site now...and will not be until Thursday...  I will let you know...also, Yes, I did mask the domain.  I will contact you Thursday.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37830661
No problems - I should be around unless someone's server blows up in the mean-time!
0
 

Author Comment

by:infosys3
ID: 37846448
jpower5000---
Your link is quite extensie...and I think I did all configs correctly, but, alas, I am now getting this error..see last couple of lines...any ideas.  Again, many thanks for your help.
============

Testing the SSL certificate to make sure it's valid.
  The SSL certificate failed one or more certificate validation checks.
   Test Steps
   ExRCA is attempting to obtain the SSL certificate from remote server mail.maloneymoving.com on port 443.
  ExRCA successfully obtained the remote SSL certificate.
   Additional Details
  Remote Certificate Subject: CN=mail.balmoving.com, CN=companyweb, CN=sbs, CN=localhost, CN=sbs.balmoving.local, Issuer: CN=mail.balmoving.com, CN=companyweb, CN=sbs, CN=localhost, CN=sbs.balmoving.local.
 
 Validating the certificate name.
  The certificate name was validated successfully.
   Additional Details
  Host name mail.balmoving.com was found in the Certificate Subject Common name.
 
 Validating certificate trust for Windows Mobile devices.
  Certificate trust validation failed.
   Test Steps
   ExRCA is attempting to build certificate chains for certificate CN=mail.balmoving.com, CN=companyweb, CN=sbs, CN=localhost, CN=sbs.balmoving.local.
  A certificate chain couldn't be constructed for the certificate.
   Tell me more about this issue and how to resolve it
   Additional Details
  The certificate chain didn't end in a trusted root. Root = CN=mail.balmoving.com, CN=companyweb, CN=sbs, CN=localhost, CN=sbs.balmoving.local
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37846484
Did you tick the Ignore Trust for SSL check box?  If you have a self-issued certificate - you need to tick that box on the test.
0
 

Author Closing Comment

by:infosys3
ID: 37851267
Alan:
Wooo...you are the man.  No, I didn't tick it, but that was Friday afternoon when I was doing all the testing.   This morning I did make the tick and got all "green" designations.  Moreover, I sent a test email and, alas, the email showed up on my iphone.  I had made the changes on the Exchange server Fri afternoon as per your link above I did some email testing like I did this morning, but no-go, no- mail.   I assume that Fri night, Exchange "rectified" something????  Anyway, you have been a tremendous help as I have been banging my head against a brick wall.  Many thanks...I am sending a New Orleans shrimp poor-boy sandwich in the mail to you today.  Plus, you get a gold star for helping me.
Best regards, Bruce
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37851277
Thanks Bruce - I'll look forward to the sandwich ;)

Glad you are sorted and thanks too for the points.  Sometimes the changes do take a little while to take effect.

Best wishes

Alan
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question