Solved

Exchange/PowerShell SSL certicate error

Posted on 2013-05-23
4
2,016 Views
Last Modified: 2013-05-25
We are using MDM (Mobile device Management) solution (SaaS), which enables ActiveSync on users mailbox when user provision devices in MDM. The process had been working until last week. Now MDM solution console is generating below error message and PowerShell is not executed for any new devices provisioned in MDM:

Error message:
Exception Message: Connecting to remote server failed with the following error message : The server certificate on the destination computer (XXX.test.com:443) has the following errors:  The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable.

There was recently a change implemented on Exchange/CAS server. The IIS for client certificates was set to "Ignore" in SSL Settings for ActiveSync folder. This was implemented because existing ActiveSync users were getting 403 certificate error on devices. Implementing the change resolved the connectivity issue for existing MDM provisioned devices

Not sure if the above changes has impacted executing powershell. But the error is now generated for executing PowerShell for new devices enrolling in MDM solution.

We are using Exchange 2010

Any resolution or solution will be appreciated
0
Comment
Question by:lbeach94
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 12

Accepted Solution

by:
Julian123 earned 500 total points
ID: 39193252
This can be caused by failure to connect to the certificate revocation list. Here are a couple of causes and options: http://exchangeserverpro.com/exchange-2010-certificate-revocation-checks-and-proxy-settings/
0
 

Author Comment

by:lbeach94
ID: 39193273
Thanks for the quick response. Where are these settings applied , on Exchange/CAS server ?
0
 
LVL 12

Expert Comment

by:Julian123
ID: 39193286
For ActiveSync, should be the CAS. I'd check the mailbox too if the CAS doesn't do it as I'm not sure offhand what the MDM server is connecting to.
0
 

Author Comment

by:lbeach94
ID: 39193296
MDM server connect to CAS servers to run powershell for user mailbox. The error generated is on MDM connectivity server
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
The viewer will learn how to use the =DISCRINV command to create a discrete random variable, use this command to model a set of probabilities and outcomes in a Monte Carlo simulation, and learn how to find the standard deviation of a set of probabil…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question