SBS 2011 SSL problems
Posted on 2013-01-10
About 1 month ago our SSL Certificate expired. It was purchased by our local IT Vendor from Godaddy.com. Since it was not purchased in our account, I had to get new ones from them and install. It was a bit of a pain, but I was able to get this to work. I was able to confirm this by checking the ssl certificate with a web tool (sslshopper) and also got errors to go away on phones and remote web access users.
Fast forward to yesterday.....Our server hung and needed to be rebooted, after the restart we began to have problems with Active Sync of Android phones (Iphones still work), the remote web access also failed to work. I logged into the server and found that the "Active Directory Certificate Services" which is set to auto, was not started. When I attempt to start it I get an error.
Here is a couple of the red circle errors from the event Viewer
1.Automatic certificate enrollment for local system failed (0x800706ba) The RPC server is unavailable.
2.Certificate enrollment for Local system failed to enroll for a DomainController certificate with request ID N/A from SACSVDC01.CMS.local\CMS-SACSVDC01-CA (The RPC server is unavailable. 0x800706ba (WIN32: 1722)).
3.Microsoft Exchange could not find a certificate that contains the domain name SACSVDC01.CMS.local in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Windows SBS Internet Connector with a FQDN parameter of SACSVDC01.CMS.local. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.
I think that all of these are related, but if additional info is needed let me know.