MS Remote Connectivity Analyzer Exchange ActiveSynch test uses to old certificate

Posted on 2012-08-14
Last Modified: 2012-09-03
I recently migrated SBS 2003 (including Exchange 2008) to SBS 2011 using the Migration Wizard.  Almost everything went smoothly.  When I run the MS Remote Connectivity Analyzer to test Exchange ActiveSynch, it logs in and obtains the remote SSL certificate ok, but the certificate it obtains refers to the old SBS 2003 Server, not the new SBS 2011 server.

The error(s) ("Validating certificate name", "Validating SSL Certificate") all refer to the Remote Certificate as Subject:, CN=companyweb, CN=OldServer, CN=localhost, CN=OldServer.CorrectDomain.local, Issuer:, CN=companyweb, CN=OldServer, CN=localhost, CN=OldServer.CorrectDomain.local.

I have purchased and installed a new Exchange Certificate from GoDaddy, assuming that it would replace the incorrect one, but it didn't.  I can't find this old certificate to remove or replace it.  I can't figure out where it is getting this certificate. Any suggestions?

Question by:keyadvice
    LVL 52

    Expert Comment

    by:Manpreet SIngh Khatra
    Did you just import the OLD certs without modfying them ??

    Run the command
    Get-Exchangecertficates also check with IIS

    - Rancy
    LVL 76

    Expert Comment

    by:Alan Hardisty
    Did you redirect port 443 to your new server or is it still pointing to the old server?

    Author Comment

    Rancy:  Get-ExchangeCertificate refers to the correct certificate.  What do you mean 'check with IIS"?
    AlanHardesty:  Port 443 points to the new server and the old server is offline anyway.
    LVL 76

    Expert Comment

    by:Alan Hardisty
    To check the Cert - go to the Exchange Management Console and under Server Config you should see the certificate that is installed and active.

    Is that the right one?

    Accepted Solution

    I discovered after more investigation that the old certificate had been installed in the firewall device ( before my time). It was then an easy fix to remove the certificate from there, and then the new cert was visible. I guess the lesson is to not make your assumptions about where a problem lies too narrow.

    Author Closing Comment

    The problem was solved once the location of the old certificate was discovered.

    Featured Post

    Why spend so long doing email signature updates?

    Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

    Join & Write a Comment

    Set OWA language and time zone in Exchange for individuals, all users or per database.
    Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
    In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
    To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    25 Experts available now in Live!

    Get 1:1 Help Now