Expired Exchange Certificate

I have a GoDaddy SSL certificate installed on my 2007 Exchange server.  It has the external and internal domain names, and the autodiscover for both.  Today the internal clients started popping up a message that the certificate was expired, and offering a login for the Exchange server.  Externally, phones are syncing using SSL, and if I go to Outlook Web Access I can see that the certificate for it is valid.  Outlook Web Access with https is even working internally.  In the server's event log there is a message that a certificate is expiring or expired, and gives the thumbprint.  That thumbprint corresponds to the GoDaddy certificate that was valid from Sept. 2010 - Sept. 2011.  There is a new certificate which is identical which is valid from Sept. 2011 - Sept. 2012.  In Exchange, the newer certificate is applied to services POP, IMAP ,SMTP and Web.  The older one is applied to POP and IMAP (which aren't being used).  I am totally confused as to why this certificate, which expired months ago, is suddenly causing these problems, and apparently only for the internal autodiscover portion of the certificate.  And how do I fix it?  Is it as simple as removing that certificate?  I don't think so because for whatever reason the system thinks it needs this certificate for internal autodiscover.  Please help!!!
landiiiks2Asked:
Who is Participating?
 
awaggonerCommented:
Are there any entries in Event Viewer related to the expired certificate?

Go ahead and remove the expired certificate.  No reason to keep it.  Then register the valid certificate again.
0
 
landiiiks2Author Commented:
Yes - there is a CertificateServicesClient - AutoEnrollment e\Event 64 - certificate is about to or has already expired.  A few of them over the past several days.  They list the thumbprint of the old GoDaddy certificate.  I'll remove the old certificate and re-register the valid one - hopefully that will work.  I'm still mystified as to why this happened...
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
awaggonerCommented:
Should the certificate be registered for IIS as well as the other services?
0
 
landiiiks2Author Commented:
It is - I said "web" but I meant IIS.  I have now removed the expired certificate from Exchange, and re-enabled the valid certificate.  But I don't think it's fixed.  When I try to go to https: / / autodiscover.domain.local / AutoDiscover / AutoDiscover.xml , I get a login box but putting in the credentials doesn't take me anywhere.
0
 
awaggonerCommented:
Did you install any MS updates shortly before the problem started?

Also, check out this site to see if it has information relevant to your particular problem.
http://msexchangeguru.com/2010/10/05/autodiscover/
0
 
landiiiks2Author Commented:
Good thought, but I checked and there is nothing in the event log about updates being installed overnight last night.  I just don't get this - it's been working perfectly for two years.  If I go to https://servername/autodiscover/autodiscover.xml it works fine, but if I go to https://domain.local/autodiscover/autodiscover.xml it prompts for authentication and then goes to 401.1 error.  But OWA works fine internally and externally, and phones are syncing.  I have to have this fixed by morning...
0
 
awaggonerCommented:
Have you confirmed name resolution is working correctly?
0
 
landiiiks2Author Commented:
Yes, internally I can do an nslookup for autodiscover.domain.local and also autodiscover.domain.net and they both resolve correctly to the server IP.
0
 
landiiiks2Author Commented:
I think that fixed it, although I won't be sure until I can test from a computer through Outlook tomorrow.  After the reboot the SBS Web Applications wouldn't start, because Default Web Site was also using 443.  I specified the IP address in Default Web Site and they both started (not sure why that suddenly cropped up either...).  But now if I go to https://autodiscover.domain.local/autodiscover/autodiscover.xml it did prompt once for credentials, but when I put them in, it took me to the site.  I'll find out in the morning for sure.  I really, really appreciate your help and sticking with it.  And if you can explain to me WHY this happened I will award you 5,000 points!!!  Because that is still a total mystery to me...
0
 
awaggonerCommented:
It's Microsoft.  That is all the explanation required.  :)

Good luck tomorrow.  

I'm glad you won't have to pull an all nighter trying to fix it.  I've had to do that a few times.
0
 
landiiiks2Author Commented:
But wait - now OWA is broken - 404 - file or directory not found.  Internally and externally.  WTH?
0
 
landiiiks2Author Commented:
Apparently still a conflict between Default Web Site and SBS Web Applications.  As long as I stop Default Web Site the other things work.  I'm just going to leave it stopped for tonight - I don't need any of those websites tomorrow...
0
 
landiiiks2Author Commented:
Now when I try to send an email from outside the domain I'm getting Unable to Relay.  This might be an all nighter after all.   How could that have been caused by what I've done??
0
 
ash007Commented:
Can you check and let me know if nay changes made on receive connector
0
 
landiiiks2Author Commented:
This is fixed - the email bouncing back was a separate (although related) issue and it is now fixed too.  Thank you so much to awaggoner for sticking with this and helping me out.  Apparently most or all issues were caused by a tech for a software manufacturer who had access to the server to set up a new software program for this company.  He started messing with Exchange settings (unbeknownst to me) even though he had no clue what he was doing.  Word to the wise - never trust anyone else in your server!!!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.