dbestcomputers
asked on
Exchange remote Connectivity Test Failing: The remote certificate is invalid according to the validation procedure.
Trying to run this test: Microsoft Exchange Web Services Connectivity Tests
Synchronization, Notification, Availability, and Automatic Replies (OOF)
Getting this error:
I do have a valid certificate issue by RapidSSL, I have followed the instructions to install it to my exchange and to IIS, I have used the RapidSSl tester to verify the cert is installed. The cert is to mail.dixiedigital.com. All the pointers in exchange (that I can find, under Management Console > Server Configuration > Client Access > Right click each one, set external URL to https://mail.domain.com/[the thing that supposed to be here]) are set correctly I think.
Not sure what to do, I have googled it, but most issues revolve around the certificate being self-signed. I don't know where to go to find my issue from here.
**Text edited per users request** -JARmod101
Synchronization, Notification, Availability, and Automatic Replies (OOF)
Getting this error:
Exchange Web Services synchronization, notification, availability, and Automatic Replies (OOF).
	Not all of the tests of Exchange Web Services tasks completed.
	
	Test Steps
	
	Ensuring that the test mailbox folder is empty and accessible.
	ExRCA couldn't confirm that the folder is accessible and empty.
	
	Additional Details
	Exception details:
Message: The request failed. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Type: Microsoft.Exchange.WebServices.Data. ServiceReq uestExcept ion
Stack trace:
at Microsoft.Exchange.WebServices.Data. ServiceReq uestBase.G etEwsHttpW ebResponse (IEwsHttpW ebRequest request)
at Microsoft.Exchange.WebServices.Data. MultiRespo nseService Request`1. Execute()
at Microsoft.Exchange.WebServices.Data. ExchangeSe rvice.Bind ToFolder[T Folder](Fo lderId folderId, PropertySet propertySet)
at Microsoft.Exchange.Tools.ExRca.Tests .EnsureEmp tyFolderTe st.Perform TestReally ()
Exception details:
Message: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Type: System.Net.WebException
Stack trace:
at System.Net.HttpWebRequest.GetRespons e()
at Microsoft.Exchange.WebServices.Data. EwsHttpWeb Request.Mi crosoft.Ex change.Web Services.D ata.IEwsHt tpWebReque st.GetResp onse()
at Microsoft.Exchange.WebServices.Data. ServiceReq uestBase.G etEwsHttpW ebResponse (IEwsHttpW ebRequest request)
Exception details:
Message: The remote certificate is invalid according to the validation procedure.
Type: System.Security.Authentication.Authe nticationE xception
Stack trace:
at System.Net.TlsStream.EndWrite(IAsync Result asyncResult)
at System.Net.ConnectStream.WriteHeader sCallback( IAsyncResu lt ar)
I do have a valid certificate issue by RapidSSL, I have followed the instructions to install it to my exchange and to IIS, I have used the RapidSSl tester to verify the cert is installed. The cert is to mail.dixiedigital.com. All the pointers in exchange (that I can find, under Management Console > Server Configuration > Client Access > Right click each one, set external URL to https://mail.domain.com/[the thing that supposed to be here]) are set correctly I think.
Not sure what to do, I have googled it, but most issues revolve around the certificate being self-signed. I don't know where to go to find my issue from here.
**Text edited per users request** -JARmod101
your dns records must have just updated.. mail.dixiedigital.com now comes up with a iis 7 screen
i still got your certificate is self-signed.
assign your certificate
if exchange 2007 follows https://www.globalsign.com/support/install/ex_2007.php
if exchange 2010 follows http://technet.microsoft.com/en-us/library/dd351257
assign your certificate
if exchange 2007 follows https://www.globalsign.com/support/install/ex_2007.php
if exchange 2010 follows http://technet.microsoft.com/en-us/library/dd351257
ASKER
Hey guys, I had already assigned the certificate through EMC as stated in that article, but it still shows the Sonicwall certificate? I have completely deleted ALL certificates in EMC except for my 1 real RapidSSL signed cert. Could my certificate section be broken? I notice that none of my certs have a name beside them, I don't know if there is some corruption? Or maybe I should delete some certificate in the sonicwall?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
nslookup resolves to gmail.now??
ASKER
ve3ofa:
My nslookup doesn't resolve to GMail from the location I'm at, using 4.2.2.1 as DNS server.
Also, the Sonicwall login is unexpected and is probably the cause of my issue. Looks like the sonicwall is serving on https port 443 as well as my server, possibly causing the conflict in certificates. I will look into it today and update you.
My nslookup doesn't resolve to GMail from the location I'm at, using 4.2.2.1 as DNS server.
Also, the Sonicwall login is unexpected and is probably the cause of my issue. Looks like the sonicwall is serving on https port 443 as well as my server, possibly causing the conflict in certificates. I will look into it today and update you.
ASKER
OK, it's working now. I had remote administration on the sonicwall open on 443 (https), and it was conflicting with the exchange server serving on that port. It is now passing the connectivity test correctly.
One other issue, I'm getting an error in our INTERNAL outlook boxes when connecting to the server stating "The name on the security certificate is invalid or does not match the name of the site". This is true because internally, the server name is sheldon.ddi.local, while the cert is signed for mail.dixiedigital.com.
Any quick fix for that? I've attached the error.
One other issue, I'm getting an error in our INTERNAL outlook boxes when connecting to the server stating "The name on the security certificate is invalid or does not match the name of the site". This is true because internally, the server name is sheldon.ddi.local, while the cert is signed for mail.dixiedigital.com.
Any quick fix for that? I've attached the error.
ASKER
Nevermind I googled it and fixed it.
ASKER
Got me on the right track to finding my certificate issue.
The certificate is not trusted because it is self-signed.
The certificate is only valid for 192.xxx.xxx.x
which redirects to a sonicwall network security login
OK - 24.xx.xx.xx resolves to wsip-24-xx-xx-xx.ks.ks.cox
	Warning - Reverse DNS does not match SMTP Banner
	OK - Supports TLS.
	0 seconds - Good on Connection time
	OK - Not an open relay.
	5.242 seconds - Warning on Transaction Time
**Text edited per users request** -JARmod101