• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 890
  • Last Modified:

Excange re-check revocation

Hi experts,

today I found one of our certificates with revocation-Check failed.
Watched at the CA and found errors in log that CRL could not be published. So manually published the CRL what worked finde. CA-Status is Ok now.
Only in Exchange Management Console the revocation-Check for this Certificate fails.

How can I re-check the status?

Actualizing the view in EMC doesn`t work.
Or do I only have to wait?
How long will it take?

Thanks a lot!
1
Systemadministration
Asked:
Systemadministration
  • 4
  • 3
1 Solution
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
How did you do the revocation and where was it done ??

- Rancy
0
 
SystemadministrationAuthor Commented:
I think Exchange does this check on his own.
In EMC in server-configuration -> Exchnage certificates there is one certificate with the status

"The certificate status could not be determined because the revocation check failed"

I think the CRl is available now. So i think Exchange is only showing this message because it has not rechecked revocation yet.

Could this be?
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
I guess its more that the cache is not being release for this information so lets wait :) .... as you say you fixed the issue and everything looks good and working so its just an update issue.

- Rancy
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
How did you Publish the cert ?
Can you run the command and check cert status

Get-ExchangeCertificate |fl

- Rancy
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Check these articles without miss

The Certificate Status could not be determined because the revocation check failed
http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/299c8ebe-223c-43ab-8cbc-c8221991813a/

EMC - Certificate status could not be determined because revocation check failed
http://social.technet.microsoft.com/Forums/en/exchange2010/thread/dda2a983-a509-4d78-b231-8d822de8f1ee

Error message when you import a third-party certificate into Exchange Server 2010: "The certificate status could not be determined because the revocation check failed"
http://support.microsoft.com/kb/979694

- Rancy
0
 
SystemadministrationAuthor Commented:
I solved this problem.
It was as follows:
At the beginning of this year we moved the CA from an old server "server1" to a new server "server2". Those server have different server-names.
I tried to check validity of my certificates and found that during a revocation-check the whole certificate-chain  is checked. In our case we have following chain:
CA-certificate -> Webserver-certificate

The Webserver-certificate has correct paths for CRL distribution poining to "server2".
The CA-certificate as wrong paths for CRL distribution pointing to "server1".
Server1 is not running anymore so the CRL can not be downloaded.

My solution is to put an entry into exchange servers hosts-file:

123.123.123.123 server1.domain.de

Open in new window

where 123.123.123.123 is the IP of server2
After that revocation status is allright because requests for "server1" go to "server2".

Another solution could be a DNS-entry in DNS-server.

Maybe this can help somebody.
0
 
SystemadministrationAuthor Commented:
Own solution
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now