Solved

Cisco router grabbing cert request

Posted on 2013-01-29
8
540 Views
Last Modified: 2013-01-30
I'm trying to setup outlook anywhere.  I have done it successfully in 2 other places but here the cisco box seems to be grabbing the certificate request.  I have a legit certificate on the 2010 exchange box but from this test it appears to be grabbing it from the cisco firewall/router.  The mac address listed is from the internal lan interface of the router.  I have checked the settings against my similar router and they both seem to match up.  Any ideas?


      Attempting to resolve the host name in DNS.
       The host name resolved successfully.
       
      Additional Details
      Testing TCP port 443 on host mail.xxxx to ensure it's listening and open.
       The port was opened successfully.
      Testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
       
      Test Steps
       
      ExRCA is attempting to obtain the SSL certificate from remote server mail.xxxx on port 443.
       ExRCA successfully obtained the remote SSL certificate.
       
      Additional Details
       Remote Certificate Subject: SN=California, L=Irvine, C=US, O="Cisco-Linksys, LLC", OU=RV042, CN=68:ef:bd:b8:0f:78, Issuer: SN=California, L=Irvine, C=US, O="Cisco-Linksys, LLC", OU=RV042, CN=68:ef:bd:b8:0f:78.
      Validating the certificate name.
       Certificate name validation failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       Host name mail.xxxx doesn't match any name found on the server certificate SN=California, L=Irvine, C=US, O="Cisco-Linksys, LLC", OU=RV042, CN=68:ef:bd:b8:0f:78.
0
Comment
Question by:cacchip1
  • 4
  • 2
  • 2
8 Comments
 
LVL 36

Expert Comment

by:ArneLovius
ID: 38835666
I would guess that there is no port forward from port 443 on the Linksys router to the CAS server.
0
 

Author Comment

by:cacchip1
ID: 38836389
Yes there is a forward and I have also tried setting the mail server as a DMZ box and removing all the other forwards.
0
 
LVL 15

Assisted Solution

by:Frabble
Frabble earned 500 total points
ID: 38837433
Checking through the maual for the RV042, there is an https option in the general firewall configuration enabled by default if Remote Mangement is enabled. This will certainly intercept any TCP 443 connections to the WAN address. Try disabling the https feature.
0
 

Author Comment

by:cacchip1
ID: 38837537
Remote management is not enabled but turning off https management access fixed the certificate issue at least.  Now it is barking about http in general.  
Testing HTTP Authentication Methods for URL https://mail.xxxx/rpc/rpcproxy.dll?xxxx:6002.
       The HTTP authentication test failed.
       
      Additional Details
       A Web exception occurred because an HTTP 404 - NotFound response was received from IIS7.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 36

Expert Comment

by:ArneLovius
ID: 38837587
that would be on port 6002 which shouldn't be required

what are you testing with ?
0
 

Author Comment

by:cacchip1
ID: 38837637
Both results came from https://www.testexchangeconnectivity.com.  I am also testing with Outlook directly.   The certificate errors have stopped but now out it wont let me authenticate when I try with Outlook.
0
 
LVL 15

Accepted Solution

by:
Frabble earned 500 total points
ID: 38837717
The new error indicates a problem with RPC. Microsoft is a good starting point:
http://technet.microsoft.com/en-us/library/aa996644(v=exchg.65).aspx
0
 

Author Closing Comment

by:cacchip1
ID: 38837733
Thanks guys RPC issue was the final piece of this puzzle.
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

Suggested Solutions

This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now